[Rule Tuning] Unusual Process Spawned from Web Server Parent, missing fields

### Link to Rule

https://github.com/elastic/detection-rules/blob/b28338c680164ef5373115c610cde9d9467a69a9/rules/linux/persistence_web_server_sus_child_spawned.toml

### Rule Tuning Type

Data Quality - Ensuring integrity and quality of data used by detection rules.

### Description

The "Unusual Process Spawned from Web Server Parent" detection rule is missing some fields that does not allow to complete the investigation.

Fields to be added
\- host.name
\- process.command_line
\- user.name

Fields to be added (optional)
\- process.name
\- process.pid
\- process.args
\- parent.process.pid
\- parent.process.name

### Example Data

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Rule Tuning] Unusual Process Spawned from Web Server Parent, missing fields #5004

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Rule Tuning] Unusual Process Spawned from Web Server Parent, missing fields #5004

Description

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions