[Deprecate Rule] Suspicious Process from Conhost (#2222)

only FPs with no way to tune other than opening the rule for easy evasion by excluding by process.executable/args). Co-authored-by: Colson Wilhoit <48036388+DefSecSentinel@users.noreply.github.com>
2022-08-16 16:32:24 +02:00
parent 8e0ae64a04
commit d3420e3386
1 changed files with 3 additions and 2 deletions
@@ -1,7 +1,8 @@
 [metadata]
 creation_date = "2020/08/31"
-maturity = "production"
-updated_date = "2022/05/21"
+deprecation_date = "2022/08/03"
+maturity = "deprecated"
+updated_date = "2022/08/03"

 [rule]
 author = ["Elastic"]