From 92ed682a51623ae57ffc94e2c91ecb3e41751d76 Mon Sep 17 00:00:00 2001
From: Isai <59296946+imays11@users.noreply.github.com>
Date: Fri, 5 Jan 2024 18:42:42 -0500
Subject: [PATCH] [Tuning] Update min_stack for container rules new ecs field 
 (#3370)

* Update privilege_escalation_mount_launched_inside_a_privileged_container.toml

update min_stack and comments

* Update privilege_escalation_debugfs_launched_inside_a_privileged_container.toml

update min_stack and comments

(cherry picked from commit a0f82c3f12cd90fa6a9782dc88329ed3b42d74d4)
---
 ...tion_debugfs_launched_inside_a_privileged_container.toml | 6 +++---
 ...lation_mount_launched_inside_a_privileged_container.toml | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/rules/integrations/cloud_defend/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml b/rules/integrations/cloud_defend/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml
index e0896e5cc..4cf8e6fd7 100644
--- a/rules/integrations/cloud_defend/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml
+++ b/rules/integrations/cloud_defend/privilege_escalation_debugfs_launched_inside_a_privileged_container.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
 maturity = "production"
-min_stack_comments = "New Integration: Cloud Defend"
-min_stack_version = "8.8.0"
-updated_date = "2023/12/18"
+min_stack_comments = "New field added to ecs : container.security_context.privileged"
+min_stack_version = "8.10.0"
+updated_date = "2024/01/05"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/integrations/cloud_defend/privilege_escalation_mount_launched_inside_a_privileged_container.toml b/rules/integrations/cloud_defend/privilege_escalation_mount_launched_inside_a_privileged_container.toml
index 114ec85de..b31bbb7fb 100644
--- a/rules/integrations/cloud_defend/privilege_escalation_mount_launched_inside_a_privileged_container.toml
+++ b/rules/integrations/cloud_defend/privilege_escalation_mount_launched_inside_a_privileged_container.toml
@@ -2,9 +2,9 @@
 creation_date = "2023/10/26"
 integration = ["cloud_defend"]
 maturity = "production"
-min_stack_comments = "New Integration: Cloud Defend"
-min_stack_version = "8.8.0"
-updated_date = "2023/12/18"
+min_stack_comments = "New field added to ecs : container.security_context.privileged"
+min_stack_version = "8.10.0"
+updated_date = "2024/01/05"
 
 [rule]
 author = ["Elastic"]