diff --git a/rules/integrations/endpoint/elastic_endpoint_security.toml b/rules/integrations/endpoint/elastic_endpoint_security.toml
index d0e615fc9fd..e0fe44c9c19 100644
--- a/rules/integrations/endpoint/elastic_endpoint_security.toml
+++ b/rules/integrations/endpoint/elastic_endpoint_security.toml
@@ -5,7 +5,7 @@ maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
 promotion = true
-updated_date = "2025/01/15"
+updated_date = "2025/02/06"
 
 [rule]
 author = ["Elastic"]
@@ -14,8 +14,9 @@ Generates a detection alert each time an Elastic Defend alert is received. Enabl
 immediately begin investigating your Endpoint alerts.
 """
 enabled = true
-from = "now-10m"
+from = "now-2m"
 index = ["logs-endpoint.alerts-*"]
+interval = "1m"
 language = "kuery"
 license = "Elastic License v2"
 max_signals = 10000