++

Author: Aegrah

rules/linux/defense_evasion_potential_kubectl_impersonation.toml

@@ -25,7 +25,7 @@ index = [
 language = "eql"
 license = "Elastic License v2"
 name = "Potential Impersonation Attempt via Kubectl"
-risk_score = 47
+risk_score = 21
 rule_id = "3c6685eb-9eaa-43a4-be1b-a7f9f1f5e63d"
 setup = """## Setup
 
@@ -52,7 +52,7 @@ For more details on Elastic Agent configuration settings, refer to the [helper g
 - To complete the integration, select "Add Elastic Agent to your hosts" and continue to the next section to install the Elastic Agent on your hosts.
 For more details on Elastic Defend refer to the [helper guide](https://www.elastic.co/guide/en/security/current/install-endpoint.html).
 """
-severity = "medium"
+severity = "low"
 tags = [
     "Domain: Endpoint",
     "Domain: Container",