Update rules/network/execution_potential_rce_via_toolshell.toml

Co-authored-by: Mika Ayenson, PhD <[email protected]>

Author: terrancedejesus

rules/network/execution_potential_rce_via_toolshell.toml

@@ -35,7 +35,7 @@ This rule requires network traffic logs to be collected from HTTP endpoints, foc
 severity = "high"
 tags = [
     "Domain: Network",
-    "Tactic: Initial Access",
+    "Tactic: Execution",
     "Use Case: Threat Detection",
     "Data Source: Network Traffic",
     "Data Source: Network Traffic HTTP Logs",