From 72443d47c2204852132eedc99883c56fe0a4fab8 Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Wed, 18 Dec 2024 15:28:58 +0000
Subject: [PATCH] Update
 rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
---
 .../endpoint/impact_elastic_ransomware_detected.toml            | 2 --
 1 file changed, 2 deletions(-)

diff --git a/rules/integrations/endpoint/impact_elastic_ransomware_detected.toml b/rules/integrations/endpoint/impact_elastic_ransomware_detected.toml
index 42007f122e3..6059dddb32e 100644
--- a/rules/integrations/endpoint/impact_elastic_ransomware_detected.toml
+++ b/rules/integrations/endpoint/impact_elastic_ransomware_detected.toml
@@ -44,8 +44,6 @@ Generally, our ransomware protection is tuned to have extremely low false positi
 
 - Installers and backup software, which can make a large number of modifications to documents (especially during a restore operation).
 - Encryption or system utilities which modify the system’s MBR may also trigger our MBR protection.
-
-
 ### Response and Remediation
 
 - Immediate Isolation and Containment: Quickly disconnect affected systems from the network, including both wired and wireless connections, to prevent the ransomware from spreading. This includes disabling network cards and removing network cables if necessary, while keeping the systems powered on for forensic purposes.