[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System

### Link to Rule

https://github.com/elastic/detection-rules/blob/main/rules/windows/impact_high_freq_file_renames_by_kernel.toml

### Rule Tuning Type

Performance - Optimizing resource consumption and execution time of detection rules.

### Description

Investigate ways to enhance performance in this rule, maybe using ESQL new text functions.

Context:

* https://elastic.slack.com/archives/C011H2BCRRN/p1745414577822389

### Example Data

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System #4653

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Rule Tuning] Potential Ransomware Behavior - High count of Readme files by System #4653

Description

Link to Rule

Rule Tuning Type

Description

Example Data

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions