Back-porting Version Trimming (#3704)

rules/linux/privilege_escalation_potential_bufferoverflow_attack.toml

@@ -1,9 +1,7 @@
 [metadata]
 creation_date = "2023/12/11"
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2024/05/17"
+updated_date = "2024/05/21"
 
 [rule]
 author = ["Elastic"]
@@ -30,41 +28,42 @@ As a higher-order rule (based on other detections), this rule also requires the
 """
 severity = "low"
 tags = [
-        "Domain: Endpoint",
-        "OS: Linux",
-        "Use Case: Threat Detection",
-        "Tactic: Privilege Escalation",
-        "Tactic: Initial Access",
-        "Use Case: Vulnerability",
-        "Rule Type: Higher-Order Rule"
-        ]
+    "Domain: Endpoint",
+    "OS: Linux",
+    "Use Case: Threat Detection",
+    "Tactic: Privilege Escalation",
+    "Tactic: Initial Access",
+    "Use Case: Vulnerability",
+    "Rule Type: Higher-Order Rule",
+]
 timestamp_override = "event.ingested"
 type = "threshold"
+
 query = '''
 kibana.alert.rule.rule_id:"5c81fc9d-1eae-437f-ba07-268472967013" and host.os.type:linux and event.kind:signal
 '''
 
+
 [[rule.threat]]
 framework = "MITRE ATT&CK"
-
 [[rule.threat.technique]]
 id = "T1068"
 name = "Exploitation for Privilege Escalation"
 reference = "https://attack.mitre.org/techniques/T1068/"
 
+
 [rule.threat.tactic]
 id = "TA0004"
 name = "Privilege Escalation"
 reference = "https://attack.mitre.org/tactics/TA0004/"
-
 [[rule.threat]]
 framework = "MITRE ATT&CK"
-
 [[rule.threat.technique]]
 id = "T1190"
 name = "Exploit Public-Facing Application"
 reference = "https://attack.mitre.org/techniques/T1190/"
 
+
 [rule.threat.tactic]
 id = "TA0001"
 name = "Initial Access"