[Rule Tuning] Q2 Linux DR Tuning - Part 3 (#4164)

* [Rule Tuning] Q2 Linux DR Tuning - Part 3

* Update execution_suspicious_executable_running_system_commands.toml

rules/linux/execution_shell_openssl_client_or_server.toml

@@ -2,7 +2,7 @@
 creation_date = "2024/07/30"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/07/30"
+updated_date = "2024/10/17"
 
 [rule]
 author = ["Elastic"]
@@ -60,7 +60,8 @@ process where host.os.type == "linux" and event.type == "start" and event.action
 process.name == "openssl" and (
   (process.args == "s_client" and process.args : ("-connect", "*:*") and not process.args == "-showcerts") or
   (process.args == "s_server" and process.args == "-port")
-)
+) and
+not process.parent.executable in ("/pro/xymon/client/ext/awsXymonCheck.sh", "/opt/antidot-svc/nrpe/plugins/check_cert")
 '''
 
 [[rule.threat]]