From a866ee7f57362c18f11b238ddd24b399cbdb2f13 Mon Sep 17 00:00:00 2001
From: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Date: Mon, 3 Feb 2025 23:03:20 +0530
Subject: [PATCH] Fix remaining Replace master doc URLs with current (#4441)

---
 .../aws/discovery_ec2_userdata_request_for_ec2_instance.toml  | 4 ++--
 .../aws/persistence_ec2_route_table_modified_or_deleted.toml  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/integrations/aws/discovery_ec2_userdata_request_for_ec2_instance.toml b/rules/integrations/aws/discovery_ec2_userdata_request_for_ec2_instance.toml
index 885ad2bc9..cce98b725 100644
--- a/rules/integrations/aws/discovery_ec2_userdata_request_for_ec2_instance.toml
+++ b/rules/integrations/aws/discovery_ec2_userdata_request_for_ec2_instance.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/04/14"
 integration = ["aws"]
 maturity = "production"
-updated_date = "2025/01/27"
+updated_date = "2025/02/03"
 
 [rule]
 author = ["Elastic"]
@@ -10,7 +10,7 @@ description = """
 Identifies discovery request `DescribeInstanceAttribute` with the attribute userData and instanceId in AWS CloudTrail
 logs. This may indicate an attempt to retrieve user data from an EC2 instance. Adversaries may use this information to
 gather sensitive data from the instance such as hardcoded credentials or to identify potential vulnerabilities. This is
-a [New Terms](https://www.elastic.co/guide/en/security/master/rules-ui-create.html#create-new-terms-rule) rule that
+a [New Terms](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-new-terms-rule) rule that
 identifies when `aws.cloudtrail.user_identity.arn` requests the user data for a specific
 `aws.cloudtrail.flattened.request_parameters.instanceId` from an EC2 instance in the last 14 days.
 """
diff --git a/rules/integrations/aws/persistence_ec2_route_table_modified_or_deleted.toml b/rules/integrations/aws/persistence_ec2_route_table_modified_or_deleted.toml
index fa1fada77..8eb0fd3ab 100644
--- a/rules/integrations/aws/persistence_ec2_route_table_modified_or_deleted.toml
+++ b/rules/integrations/aws/persistence_ec2_route_table_modified_or_deleted.toml
@@ -2,7 +2,7 @@
 creation_date = "2021/06/05"
 integration = ["aws"]
 maturity = "production"
-updated_date = "2025/01/27"
+updated_date = "2025/02/03"
 
 [rule]
 author = ["Elastic", "Austin Songer"]
@@ -10,7 +10,7 @@ description = """
 Identifies AWS CloudTrail events where an EC2 route table or association has been modified or deleted. Route table or
 association modifications can be used by attackers to disrupt network traffic, reroute communications, or maintain
 persistence in a compromised environment. This is a [New
-Terms](https://www.elastic.co/guide/en/security/master/rules-ui-create.html#create-new-terms-rule) rule that detects the
+Terms](https://www.elastic.co/guide/en/security/current/rules-ui-create.html#create-new-terms-rule) rule that detects the
 first instance of this behavior by the `aws.cloudtrail.user_identity.arn` field in the last 10 days.
 """
 false_positives = [