diff --git a/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml b/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
index 975033fd8..cee870c91 100644
--- a/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
+++ b/rules/cross-platform/defense_evasion_agent_spoofing_mismatched_id.toml
@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2021/07/14"
 maturity = "production"
-updated_date = "2025/11/13"
+updated_date = "2026/01/12"
 
 [rule]
 author = ["Elastic"]
@@ -20,7 +20,7 @@ from = "now-9m"
 index = ["logs-*", "metrics-*", "traces-*"]
 language = "kuery"
 license = "Elastic License v2"
-name = "Agent Spoofing - Mismatched Agent ID"
+name = "Deprecated - Agent Spoofing - Mismatched Agent ID"
 risk_score = 73
 rule_id = "3115bd2c-0baa-4df0-80ea-45e474b5ef93"
 severity = "high"
@@ -36,7 +36,7 @@ note = """## Triage and analysis
 > **Disclaimer**:
 > This investigation guide was created using generative AI technology and has been reviewed to improve its accuracy and relevance. While every effort has been made to ensure its quality, we recommend validating the content and adapting it to suit your specific environment and operational needs.
 
-### Investigating Agent Spoofing - Mismatched Agent ID
+### Investigating Deprecated - Agent Spoofing - Mismatched Agent ID
 
 In security environments, agent IDs uniquely identify software agents that report events. Adversaries may spoof these IDs to disguise unauthorized activities, evading detection systems. The detection rule identifies discrepancies between expected and actual agent IDs, flagging potential spoofing attempts. By monitoring for mismatches, it helps uncover efforts to masquerade malicious actions as legitimate.