diff --git a/rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml b/rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml
index bffea1c2a..c5e85063f 100644
--- a/rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml
+++ b/rules/linux/privilege_escalation_potential_suid_sgid_exploitation.toml
@@ -2,7 +2,9 @@
 creation_date = "2024/06/17"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/10/17"
+min_stack_version = "8.16.0"
+min_stack_comments = "Breaking change at 8.16.0 for the Endpoint Integration with respect to ecs field process.group.id"
+updated_date = "2024/12/10"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/privilege_escalation_sudo_token_via_process_injection.toml b/rules/linux/privilege_escalation_sudo_token_via_process_injection.toml
index 83436532a..ce6f74cdf 100644
--- a/rules/linux/privilege_escalation_sudo_token_via_process_injection.toml
+++ b/rules/linux/privilege_escalation_sudo_token_via_process_injection.toml
@@ -2,7 +2,9 @@
 creation_date = "2023/07/31"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/05/21"
+min_stack_version = "8.16.0"
+min_stack_comments = "Breaking change at 8.16.0 for the Endpoint Integration with respect to ecs field process.group.id"
+updated_date = "2024/12/10"
 
 [rule]
 author = ["Elastic"]