elastic
diff --git a/‎detection_rules/etc/integration-manifests.json.gz‎
0 Bytes b/‎detection_rules/etc/integration-manifests.json.gz‎
0 Bytes
diff --git a/‎detection_rules/etc/integration-schemas.json.gz‎
0 Bytes b/‎detection_rules/etc/integration-schemas.json.gz‎
0 Bytes
diff --git a/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion b/‎pyproject.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml‎
Lines changed: 11 additions & 5 deletions b/‎rules/integrations/github/initial_access_github_actions_workflow_injection_blocked.toml‎
Lines changed: 11 additions & 5 deletions
@@ -1,6 +1,6 @@
 [project]
 name = "detection_rules"
-version = "1.5.22"
+version = "1.5.23"
 description = "Detection Rules is the home for rules used by Elastic Security. This repository is used for the development, maintenance, testing, validation, and release of rules for Elastic Security’s Detection Engine."
 readme = "README.md"
 requires-python = ">=3.12"
 
@@ -63,7 +63,7 @@ severity = "medium"
 tags = [
     "Domain: Cloud",
     "Use Case: Threat Detection",
-    "Tractic: Initial Access",
+    "Tactic: Initial Access",
     "Tactic: Persistence",
     "Tactic: Execution",
     "Data Source: Github",
@@ -108,14 +108,20 @@ id = "T1059"
 name = "Command and Scripting Interpreter"
 reference = "https://attack.mitre.org/techniques/T1059/"
 
+[rule.threat.tactic]
+id = "TA0002"
+name = "Execution"
+reference = "https://attack.mitre.org/tactics/TA0002/"
+
+[[rule.threat]]
+framework = "MITRE ATT&CK"
 [[rule.threat.technique]]
 id = "T1546"
 name = "Event Triggered Execution"
 reference = "https://attack.mitre.org/techniques/T1546/"
 
 
 [rule.threat.tactic]
-id = "TA0002"
-name = "Execution"
-reference = "https://attack.mitre.org/tactics/TA0002/"
-
+id = "TA0003"
+name = "Persistence"
+reference = "https://attack.mitre.org/tactics/TA0003/"