From 880bd8dc9b7a96e0e4ce7fa956e7bf59cabd6473 Mon Sep 17 00:00:00 2001
From: Mika Ayenson <Mikaayenson@users.noreply.github.com>
Date: Wed, 22 Jan 2025 14:43:30 -0600
Subject: [PATCH] [FR] Add Remaining Guides (#4412)

---
 ...lection_s3_unauthenticated_bucket_access_by_rare_source.toml | 2 +-
 rules/linux/execution_executable_stack_execution.toml           | 2 +-
 rules/linux/execution_unusual_pkexec_execution.toml             | 2 +-
 rules/linux/persistence_dbus_service_creation.toml              | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/rules/integrations/aws/collection_s3_unauthenticated_bucket_access_by_rare_source.toml b/rules/integrations/aws/collection_s3_unauthenticated_bucket_access_by_rare_source.toml
index a518a907db3..ba92d830c75 100644
--- a/rules/integrations/aws/collection_s3_unauthenticated_bucket_access_by_rare_source.toml
+++ b/rules/integrations/aws/collection_s3_unauthenticated_bucket_access_by_rare_source.toml
@@ -2,7 +2,7 @@
 creation_date = "2024/12/17"
 integration = ["aws"]
 maturity = "production"
-updated_date = "2025/01/15"
+updated_date = "2025/01/22"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/execution_executable_stack_execution.toml b/rules/linux/execution_executable_stack_execution.toml
index 9239169c43c..db15ac7e5ad 100644
--- a/rules/linux/execution_executable_stack_execution.toml
+++ b/rules/linux/execution_executable_stack_execution.toml
@@ -2,7 +2,7 @@
 creation_date = "2025/01/07"
 integration = ["system"]
 maturity = "production"
-updated_date = "2025/01/15"
+updated_date = "2025/01/22"
 
 [rule]
 author = ["Elastic"]
diff --git a/rules/linux/execution_unusual_pkexec_execution.toml b/rules/linux/execution_unusual_pkexec_execution.toml
index 329ac225931..5eb52fac3e2 100644
--- a/rules/linux/execution_unusual_pkexec_execution.toml
+++ b/rules/linux/execution_unusual_pkexec_execution.toml
@@ -8,7 +8,7 @@ updated_date = "2025/01/22"
 author = ["Elastic"]
 description = """
 This rule detects the execution of the `pkexec` command by a shell process. The `pkexec` command is used to
-execute programs as another user, typically as the superuser. Through the `new_terms` rule type, unusual
+execute programs as another user, typically as the superuser. Through the `new_terms` rule type, unusual 
 executions of `pkexec` are identified, and may indicate an attempt to escalate privileges or perform
 unauthorized actions on the system.
 """
diff --git a/rules/linux/persistence_dbus_service_creation.toml b/rules/linux/persistence_dbus_service_creation.toml
index e6fb305a7fc..cf7b3a78f60 100644
--- a/rules/linux/persistence_dbus_service_creation.toml
+++ b/rules/linux/persistence_dbus_service_creation.toml
@@ -93,7 +93,7 @@ file.extension in ("service", "conf") and file.path like~ (
     "install", "crio", "apt-get", "package-cleanup", "dcservice", "dcregister", "jumpcloud-agent", "executor"
   ) or
   (process.name == "sed" and file.name : "sed*") or
-  (process.name == "perl" and file.name : "e2scrub_all.tmp*")
+  (process.name == "perl" and file.name : "e2scrub_all.tmp*") 
 )
 '''
 note = """## Triage and analysis