From fbaac66f9f31bbe91591f0f843e641ce487537bc Mon Sep 17 00:00:00 2001
From: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
Date: Sat, 3 Aug 2024 20:15:06 -0300
Subject: [PATCH] [Rule Tuning] Accepted Default Telnet Port Connection (#3954)

Co-authored-by: Mika Ayenson <Mikaayenson@users.noreply.github.com>
---
 ...d_and_control_accepted_default_telnet_port_connection.toml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/network/command_and_control_accepted_default_telnet_port_connection.toml b/rules/network/command_and_control_accepted_default_telnet_port_connection.toml
index 832e6fb03..dbfd44870 100644
--- a/rules/network/command_and_control_accepted_default_telnet_port_connection.toml
+++ b/rules/network/command_and_control_accepted_default_telnet_port_connection.toml
@@ -2,7 +2,7 @@
 creation_date = "2020/02/18"
 integration = ["network_traffic"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/08/02"
 
 [rule]
 author = ["Elastic"]
@@ -44,7 +44,7 @@ type = "query"
 query = '''
 (event.dataset:network_traffic.flow or event.category:(network or network_traffic))
     and event.type:connection and not event.action:(
-        flow_dropped or denied or deny or
+        flow_dropped or flow_denied or denied or deny or
         flow_terminated or timeout or Reject or network_flow)
     and destination.port:23
 '''