Move Setup information into setup filed (#3206)

rules/linux/execution_shell_via_java_revshell_linux.toml

@@ -17,7 +17,12 @@ index = ["logs-endpoint.events.*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Potential Reverse Shell via Java"
-note = """## Setup
+references = [
+    "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md"
+]
+risk_score = 47
+rule_id = "5a3d5447-31c9-409a-aed1-72f9921594fd"
+setup = """
 
 This rule requires data coming in from Elastic Defend.
 
@@ -44,11 +49,6 @@ For more details on Elastic Agent configuration settings, refer to the [helper g
 For more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).
 
 """
-references = [
-    "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md"
-]
-risk_score = 47
-rule_id = "5a3d5447-31c9-409a-aed1-72f9921594fd"
 severity = "medium"
 tags = ["Domain: Endpoint", "OS: Linux", "Use Case: Threat Detection", "Tactic: Execution", "Data Source: Elastic Defend"]
 type = "eql"