diff --git a/rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml b/rules/_deprecated/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
similarity index 94%
rename from rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
rename to rules/_deprecated/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
index 9b0638931..3aebe10f7 100644
--- a/rules/linux/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
+++ b/rules/_deprecated/defense_evasion_attempt_to_disable_iptables_or_firewall.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/04/24"
-maturity = "production"
-updated_date = "2021/03/03"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/execution_linux_process_started_in_temp_directory.toml b/rules/_deprecated/execution_linux_process_started_in_temp_directory.toml
similarity index 90%
rename from rules/linux/execution_linux_process_started_in_temp_directory.toml
rename to rules/_deprecated/execution_linux_process_started_in_temp_directory.toml
index 051322e00..0bb7de55c 100644
--- a/rules/linux/execution_linux_process_started_in_temp_directory.toml
+++ b/rules/_deprecated/execution_linux_process_started_in_temp_directory.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/02/18"
-maturity = "production"
-updated_date = "2022/07/18"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]
@@ -36,9 +37,12 @@ event.category:process and event.type:(start or process_started) and process.wor
                     /var/lib/command-not-found/)
 '''
 
+
 [[rule.threat]]
 framework = "MITRE ATT&CK"
+
 [rule.threat.tactic]
 id = "TA0002"
 name = "Execution"
-reference = "https://attack.mitre.org/tactics/TA0002/"
\ No newline at end of file
+reference = "https://attack.mitre.org/tactics/TA0002/"
+
diff --git a/rules/linux/initial_access_login_failures.toml b/rules/_deprecated/initial_access_login_failures.toml
similarity index 93%
rename from rules/linux/initial_access_login_failures.toml
rename to rules/_deprecated/initial_access_login_failures.toml
index 6f1f569b9..886b01706 100644
--- a/rules/linux/initial_access_login_failures.toml
+++ b/rules/_deprecated/initial_access_login_failures.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/07/08"
-maturity = "production"
-updated_date = "2021/03/03"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/initial_access_login_location.toml b/rules/_deprecated/initial_access_login_location.toml
similarity index 93%
rename from rules/linux/initial_access_login_location.toml
rename to rules/_deprecated/initial_access_login_location.toml
index a617d4719..ef086fa67 100644
--- a/rules/linux/initial_access_login_location.toml
+++ b/rules/_deprecated/initial_access_login_location.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/07/08"
-maturity = "production"
-updated_date = "2021/03/03"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/initial_access_login_sessions.toml b/rules/_deprecated/initial_access_login_sessions.toml
similarity index 93%
rename from rules/linux/initial_access_login_sessions.toml
rename to rules/_deprecated/initial_access_login_sessions.toml
index 4016c276d..74b0b1cf8 100644
--- a/rules/linux/initial_access_login_sessions.toml
+++ b/rules/_deprecated/initial_access_login_sessions.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/07/08"
-maturity = "production"
-updated_date = "2021/03/03"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/initial_access_login_time.toml b/rules/_deprecated/initial_access_login_time.toml
similarity index 93%
rename from rules/linux/initial_access_login_time.toml
rename to rules/_deprecated/initial_access_login_time.toml
index 7e2696c93..2bedf3a4c 100644
--- a/rules/linux/initial_access_login_time.toml
+++ b/rules/_deprecated/initial_access_login_time.toml
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/07/08"
-maturity = "production"
-updated_date = "2021/03/03"
+deprecation_date = "2022/07/25"
+maturity = "deprecated"
+updated_date = "2022/07/25"
 
 [rule]
 author = ["Elastic"]