[Security Content] Small tweaks on the setup guides (#3308)
* [Security Content] Small tweaks on the setup guides
* Additional Fixes
* Avoid touching deprecated rules
Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml
(selectively cherry picked from commit 458e67918a)
This commit is contained in:
Jonhnathan
committed by
github-actions[bot]
github-actions[bot]
parent
5cec5b7f31
commit
b1989a921b
@@ -19,7 +19,7 @@ license = "Elastic License v2"
|
||||
name = "Interactive Terminal Spawned via Python"
|
||||
risk_score = 73
|
||||
rule_id = "d76b02ef-fc95-4001-9297-01cb7412232f"
|
||||
setup = """
|
||||
setup = """## Setup
|
||||
|
||||
This rule requires data coming in from Elastic Defend.
|
||||
|
||||
@@ -43,7 +43,6 @@ For more details on Elastic Agent configuration settings, refer to the [helper g
|
||||
- Click "Save and Continue".
|
||||
- To complete the integration, select "Add Elastic Agent to your hosts" and continue to the next section to install the Elastic Agent on your hosts.
|
||||
For more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).
|
||||
|
||||
"""
|
||||
severity = "high"
|
||||
timestamp_override = "event.ingested"
|
||||
|
||||
Reference in New Issue
Block a user