diff --git a/rules/linux/defense_evasion_env_binary.toml b/rules/linux/defense_evasion_env_binary.toml
index cca34f51d..547458b36 100644
--- a/rules/linux/defense_evasion_env_binary.toml
+++ b/rules/linux/defense_evasion_env_binary.toml
@@ -1,11 +1,15 @@
 [metadata]
 creation_date = "2022/02/24"
 maturity = "production"
-updated_date = "2022/02/24"
+updated_date = "2022/03/04"
 
 [rule]
 author = ["Elastic"]
-description = "Identifies Linux binary env abuse to break out from restricted environments by spawning an interactive system shell"
+description = """
+Identifies Linux binary env abuse to break out from restricted environments by spawning an interactive system shell.This
+activity is not standard use with this binary for a user or system administrator. It indicates a potentially malicious
+actor attempting to improve the capabilities or stability of their access
+"""
 from = "now-9m"
 index = ["logs-endpoint.events.*"]
 language = "eql"