[Rule Tuning] Tuning Account Password Reset Remotely (#3478)

* tuning 'Account Password Reset Remotely'

* adjusted note

* fixing description

* Update rules/windows/persistence_remote_password_reset.toml

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

* updated note about performance; toml lint

* bumping min-stack to resolve version lock

* reverting query to main

---------

Co-authored-by: Samirbous <64742097+Samirbous@users.noreply.github.com>

rules/windows/persistence_remote_password_reset.toml

@@ -2,9 +2,9 @@
 creation_date = "2021/10/18"
 integration = ["system", "windows"]
 maturity = "production"
-min_stack_comments = "New fields added: required_fields, related_integrations, setup"
-min_stack_version = "8.3.0"
-updated_date = "2023/12/14"
+min_stack_comments = "Forking rule to resolve double bump version issue."
+min_stack_version = "8.13.0"
+updated_date = "2024/04/18"
 
 [rule]
 author = ["Elastic"]
@@ -18,7 +18,11 @@ index = ["winlogbeat-*", "logs-system.security*", "logs-windows.forwarded*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Account Password Reset Remotely"
-note = "This rule may cause medium to high performance impact due to logic scoping all remote Windows logon activity."
+note = """
+
+## Performance
+This rule may cause medium to high performance impact due to scoping all remote Windows logon activity within the first sequence. This rule by default will be noisy if not scoped to custom privileged accounts. If noisy, duplicate the rule and replace the `TargetUserName` or `TargetSid` filters with your own naming convention and accounts of interest.
+"""
 references = [
     "https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4724",
     "https://stealthbits.com/blog/manipulating-user-passwords-with-mimikatz/",