diff --git a/rules/macos/lateral_movement_vpn_connection_attempt.toml b/rules/macos/lateral_movement_vpn_connection_attempt.toml
index d2c689562..69f97ef01 100644
--- a/rules/macos/lateral_movement_vpn_connection_attempt.toml
+++ b/rules/macos/lateral_movement_vpn_connection_attempt.toml
@@ -1,11 +1,14 @@
 [metadata]
 creation_date = "2020/01/25"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/22"
 
 [rule]
 author = ["Elastic"]
-description = "Identifies the execution of macOS built-in commands to connect to an existing Virtual Private Network (VPN)."
+description = """
+Identifies the execution of macOS built-in commands to connect to an existing Virtual Private Network (VPN).
+Adversaries may use VPN connections to laterally move and control remote systems on a network.
+"""
 from = "now-9m"
 index = ["auditbeat-*", "logs-endpoint.events.*"]
 language = "eql"