From 2ef59e918f5fb707e5be88d05e732fcb1189cf6c Mon Sep 17 00:00:00 2001
From: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Date: Fri, 3 Sep 2021 08:07:20 -0600
Subject: [PATCH] Revert #1440 new endpoint promotion rule (#1470)

* Revert #1440 new endpoint promotion rule
* Set the updated_at date

Removed changes from:
- rules/integrations/endpoint/elastic_endpoint_security_behavior_protection.toml

(selectively cherry picked from commit c9d6527280183ef6eed44e6046603c0824dd64a2)
---
 rules/integrations/endpoint/elastic_endpoint_security.toml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/rules/integrations/endpoint/elastic_endpoint_security.toml b/rules/integrations/endpoint/elastic_endpoint_security.toml
index 5042a0d65..bc12e3253 100644
--- a/rules/integrations/endpoint/elastic_endpoint_security.toml
+++ b/rules/integrations/endpoint/elastic_endpoint_security.toml
@@ -1,8 +1,7 @@
 [metadata]
 creation_date = "2020/07/08"
 maturity = "production"
-updated_date = "2021/08/25"
-integration = "endpoint"
+updated_date = "2021/09/03"
 
 [rule]
 author = ["Elastic"]
@@ -26,7 +25,7 @@ timestamp_override = "event.ingested"
 type = "query"
 
 query = '''
-event.kind:alert and event.module:(endpoint and not endgame) and not event.code: behavior
+event.kind:alert and event.module:(endpoint and not endgame)
 '''