[Rule Tuning] Suspicious Network Connection via systemd - unified-monitoring-agent

### Link to Rule

https://github.com/elastic/detection-rules/blob/main/rules/linux/persistence_systemd_netcon.toml

### Rule Tuning Type

False Positives - Reducing benign events mistakenly identified as threats.

### Description

Rule "Suspicious Network Connection via systemd" alerts about `/opt/unified-monitoring-agent/embedded/bin/ruby`.
This is an [Oracle OCI component](https://docs.oracle.com/en-us/iaas/Content/Logging/Concepts/agent_management.htm).

Potentially useful fields:
process.executable	/opt/unified-monitoring-agent/embedded/bin/ruby

### Example Data

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Rule Tuning] Suspicious Network Connection via systemd - unified-monitoring-agent #5273

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Rule Tuning] Suspicious Network Connection via systemd - unified-monitoring-agent #5273

Description

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions