From 7585d6264d66ff0a6e553e13eb3a78da371a1cf3 Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Tue, 2 Aug 2022 18:30:57 +0200
Subject: [PATCH] [Deprecate rule] Whitespace Padding in Process Command Line
 (#2218)

very noisy and will require frequent tuning with very low TP rate.

(cherry picked from commit a046dc0d29cee8607968ad7af04d63b0dc96139a)
---
 .../defense_evasion_whitespace_padding_in_command_line.toml  | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 rename rules/{windows => _deprecated}/defense_evasion_whitespace_padding_in_command_line.toml (96%)

diff --git a/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml b/rules/_deprecated/defense_evasion_whitespace_padding_in_command_line.toml
similarity index 96%
rename from rules/windows/defense_evasion_whitespace_padding_in_command_line.toml
rename to rules/_deprecated/defense_evasion_whitespace_padding_in_command_line.toml
index b36b45027..165df691e 100644
--- a/rules/windows/defense_evasion_whitespace_padding_in_command_line.toml
+++ b/rules/_deprecated/defense_evasion_whitespace_padding_in_command_line.toml
@@ -1,9 +1,10 @@
 [metadata]
 creation_date = "2021/07/30"
-maturity = "production"
+deprecation_date = "2022/08/02"
+maturity = "deprecated"
 min_stack_comments = "EQL regex had a bug when dealing with wildcard fields that was fixed in 7.16 (elastic/elasticsearch/issues/78391)"
 min_stack_version = "7.16.0"
-updated_date = "2022/05/13"
+updated_date = "2022/08/02"
 
 [rule]
 author = ["Elastic"]