Fix pipe characters in rule descriptions (#4893)

rules/linux/persistence_web_server_sus_command_execution.toml

@@ -2,7 +2,7 @@
 creation_date = "2025/03/04"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2025/04/07"
+updated_date = "2025/07/10"
 
 [rule]
 author = ["Elastic"]
@@ -11,7 +11,7 @@ This rule detects potential command execution from a web server parent process o
 to execute commands from a web server parent process to blend in with normal web server activity and evade detection.
 This behavior is commonly observed in web shell attacks where adversaries exploit web server vulnerabilities to execute
 arbitrary commands on the host. The detection rule identifies unusual command execution from web server parent
-processes, which may indicate a compromised host or an ongoing attack. ES|QL rules have limited fields available in its
+processes, which may indicate a compromised host or an ongoing attack. ESQL rules have limited fields available in its
 alert documents. Make sure to review the original documents to aid in the investigation of this alert.
 """
 from = "now-61m"