[Security Content] Small tweaks on the setup guides (#3308)
* [Security Content] Small tweaks on the setup guides
* Additional Fixes
* Avoid touching deprecated rules
Removed changes from:
- rules/integrations/beaconing/command_and_control_beaconing.toml
- rules/integrations/beaconing/command_and_control_beaconing_high_confidence.toml
- rules/linux/discovery_process_capabilities.toml
- rules/linux/privilege_escalation_dac_permissions.toml
- rules/linux/privilege_escalation_enlightenment_window_manager.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_elevation.toml
- rules/linux/privilege_escalation_gdb_sys_ptrace_netcon.toml
- rules/linux/privilege_escalation_suspicious_chown_fowner_elevation.toml
- rules/linux/privilege_escalation_suspicious_uid_guid_elevation.toml
- rules_building_block/discovery_capnetraw_capability.toml
- rules_building_block/persistence_cap_sys_admin_added_to_new_binary.toml
(selectively cherry picked from commit 458e67918a)
This commit is contained in:
Jonhnathan
committed by
github-actions[bot]
github-actions[bot]
parent
5cec5b7f31
commit
b1989a921b
@@ -22,7 +22,7 @@ license = "Elastic License v2"
|
||||
name = "Potential Code Execution via Postgresql"
|
||||
risk_score = 47
|
||||
rule_id = "2a692072-d78d-42f3-a48a-775677d79c4e"
|
||||
setup = """
|
||||
setup = """## Setup
|
||||
|
||||
This rule requires data coming in from Elastic Defend.
|
||||
|
||||
@@ -46,7 +46,6 @@ For more details on Elastic Agent configuration settings, refer to the [helper g
|
||||
- Click "Save and Continue".
|
||||
- To complete the integration, select "Add Elastic Agent to your hosts" and continue to the next section to install the Elastic Agent on your hosts.
|
||||
For more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).
|
||||
|
||||
"""
|
||||
severity = "medium"
|
||||
tags = ["Domain: Endpoint",
|
||||
|
||||
Reference in New Issue
Block a user