From 98e0777b3430e486e115bd496e8d5fa9f5d3faca Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Sat, 18 May 2024 05:30:16 +0100
Subject: [PATCH] Update
 credential_access_suspicious_web_browser_sensitive_file_access.toml (#3691)

(cherry picked from commit ec27bf8545d5801a2d2bd9ec9ff9835c0ee31534)
---
 ...l_access_suspicious_web_browser_sensitive_file_access.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml b/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
index 56fd176c0..cea88c1ab 100644
--- a/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
+++ b/rules/macos/credential_access_suspicious_web_browser_sensitive_file_access.toml
@@ -4,7 +4,7 @@ integration = ["endpoint"]
 maturity = "production"
 min_stack_comments = "New fields added: file_access_events, process.Ext.effective_parent"
 min_stack_version = "8.11.0"
-updated_date = "2024/02/06"
+updated_date = "2024/05/17"
 
 [rule]
 author = ["Elastic"]
@@ -13,7 +13,7 @@ Identifies the access or file open of web browser sensitive files by an untruste
 Adversaries may acquire credentials from web browsers by reading files specific to the target browser.
 """
 from = "now-9m"
-index = ["logs-endpoint.events.file.*"]
+index = ["logs-endpoint.events.file-*"]
 language = "eql"
 license = "Elastic License v2"
 name = "Suspicious Web Browser Sensitive File Access"