From a424067453aef18327f91238918438c8603e63eb Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Wed, 18 Dec 2024 15:26:41 +0000
Subject: [PATCH] Update
 rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
---
 .../endpoint/execution_elastic_malicious_file_detected.toml    | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml b/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
index 9b32e8d9ec1..6be12fafe03 100644
--- a/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
+++ b/rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml
@@ -44,9 +44,6 @@ Files are scanned on write or deletion, process executables are scanned on execu
 - Assess whether this file is prevalent in the environment by looking for similar occurrences across hosts by `file.hash.sha256` or by `file.name` patterns.
 - Verify the activity of the `user.name` associated with Malware alert (local or remote actity, privileged or standard user).
 - Verify if there are any other Alert types (Behavior or Memory Threat) associated with the same host or user or process within the same time.
-
-
-
 ### False positive analysis
 
 - Other endpoint security vendors especially with their quarantine folders.