diff --git a/rules/linux/process_creation/proc_creation_lnx_kill_process.yml b/rules-threat-hunting/linux/process_creation/proc_creation_lnx_susp_process_termination_via_kill.yml
similarity index 78%
rename from rules/linux/process_creation/proc_creation_lnx_kill_process.yml
rename to rules-threat-hunting/linux/process_creation/proc_creation_lnx_susp_process_termination_via_kill.yml
index 0dd9466797b..78192617d31 100644
--- a/rules/linux/process_creation/proc_creation_lnx_kill_process.yml
+++ b/rules-threat-hunting/linux/process_creation/proc_creation_lnx_susp_process_termination_via_kill.yml
@@ -5,11 +5,14 @@ description: Detects usage of command line tools such as "kill", "pkill" or "kil
 references:
     - https://www.trendmicro.com/en_us/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
     - https://www.cyberciti.biz/faq/how-force-kill-process-linux/
+    - https://www.geeksforgeeks.org/how-to-kill-processes-on-the-linux-desktop-with-xkill/
 author: Tuan Le (NCSGroup)
 date: 2023-03-16
+modified: 2024-12-12
 tags:
     - attack.defense-evasion
     - attack.t1562
+    - detection.threat-hunting
 logsource:
     product: linux
     category: process_creation
@@ -17,9 +20,10 @@ detection:
     selection:
         Image|endswith:
             - '/kill'
-            - '/pkill'
             - '/killall'
+            - '/pkill'
+            - '/xkill'
     condition: selection
 falsepositives:
-    - Likely
-level: low
+    - Unknown
+level: medium