From f07c72254df7ac5cef377145b5d5badc149487de Mon Sep 17 00:00:00 2001
From: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Date: Fri, 22 Jul 2022 17:12:41 -0400
Subject: [PATCH] update description (#2149)

---
 rules/macos/lateral_movement_vpn_connection_attempt.toml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/rules/macos/lateral_movement_vpn_connection_attempt.toml b/rules/macos/lateral_movement_vpn_connection_attempt.toml
index d2c689562..69f97ef01 100644
--- a/rules/macos/lateral_movement_vpn_connection_attempt.toml
+++ b/rules/macos/lateral_movement_vpn_connection_attempt.toml
@@ -1,11 +1,14 @@
 [metadata]
 creation_date = "2020/01/25"
 maturity = "production"
-updated_date = "2022/03/31"
+updated_date = "2022/07/22"
 
 [rule]
 author = ["Elastic"]
-description = "Identifies the execution of macOS built-in commands to connect to an existing Virtual Private Network (VPN)."
+description = """
+Identifies the execution of macOS built-in commands to connect to an existing Virtual Private Network (VPN).
+Adversaries may use VPN connections to laterally move and control remote systems on a network.
+"""
 from = "now-9m"
 index = ["auditbeat-*", "logs-endpoint.events.*"]
 language = "eql"