From d12f45c6baf1c22b6aca5682d6af5dfc7eaed693 Mon Sep 17 00:00:00 2001
From: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
Date: Tue, 17 May 2022 17:41:05 -0500
Subject: [PATCH] [Rule Tuning] Update Rule Name: Suspicious Network Connection
 Attempt Sequence by Root (#1983)

* [Rule Tuning] Update Rule Name

* Update rules/linux/command_and_control_connection_attempt_by_non_ssh_root_session.toml
---
 ..._and_control_connection_attempt_by_non_ssh_root_session.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/linux/command_and_control_connection_attempt_by_non_ssh_root_session.toml b/rules/linux/command_and_control_connection_attempt_by_non_ssh_root_session.toml
index 0003bfc0a..e67c2cf3e 100644
--- a/rules/linux/command_and_control_connection_attempt_by_non_ssh_root_session.toml
+++ b/rules/linux/command_and_control_connection_attempt_by_non_ssh_root_session.toml
@@ -20,7 +20,7 @@ from = "now-9m"
 index = ["logs-endpoint.events.*"]
 language = "eql"
 license = "Elastic License v2"
-name = "Suspicious Outbound Network Connection Sequence by Root"
+name = "Suspicious Network Connection Attempt by Root"
 note = """## Triage and analysis
 ### Investigating Connection Attempt by Non-SSH Root Session
 Detection alerts from this rule indicate a strange or abnormal outbound connection attempt by a privileged process.  Here are some possible avenues of investigation: