Merge PR #4476 from @nasbench - re-organize cloud folder and other things

fix: Azure Active Directory Hybrid Health AD FS New Server - Update Logsource to align with the rest of the azure rules
fix: Azure Active Directory Hybrid Health AD FS Service Delete - Update Logsource to align with the rest of the azure rules
fix: Number Of Resource Creation Or Deployment Activities - Update Logsource to align with the rest of the azure rules
fix: Granting Of Permissions To An Account - Update Logsource to align with the rest of the azure rules
fix: Rare Subscription-level Operations In Azure - Update Logsource to align with the rest of the azure rules
fix: Google Workspace Application Removed - Update logsource product field to `gcp`
fix: Google Workspace Granted Domain API Access - Update logsource product field to `gcp`
fix: Google Workspace MFA Disabled - Update logsource product field to `gcp`
fix: Google Workspace Role Modified or Deleted - Update logsource product field to `gcp`
fix: Google Workspace Role Privilege Deleted - Update logsource product field to `gcp`
fix: Google Workspace User Granted Admin Privileges - Update logsource product field to `gcp`

rules/cloud/azure/activity_logs/azure_aadhybridhealth_adfs_new_server.yml

@@ -9,13 +9,13 @@ references:
     - https://o365blog.com/post/hybridhealthagent/
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research), MSTIC
 date: 2021/08/26
-modified: 2022/10/09
+modified: 2023/10/11
 tags:
     - attack.defense_evasion
     - attack.t1578
 logsource:
     product: azure
-    service: azureactivity
+    service: activitylogs
 detection:
     selection:
         CategoryValue: 'Administrative'

rules/cloud/azure/activity_logs/azure_aadhybridhealth_adfs_service_delete.yml

@@ -9,13 +9,13 @@ references:
     - https://o365blog.com/post/hybridhealthagent/
 author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research), MSTIC
 date: 2021/08/26
-modified: 2022/10/09
+modified: 2023/10/11
 tags:
     - attack.defense_evasion
     - attack.t1578.003
 logsource:
     product: azure
-    service: azureactivity
+    service: activitylogs
 detection:
     selection:
         CategoryValue: 'Administrative'

rules/cloud/azure/activity_logs/azure_creating_number_of_resources_detection.yml

@@ -6,13 +6,13 @@ references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/Creating_Anomalous_Number_Of_Resources_detection.yaml
 author: sawwinnnaung
 date: 2020/05/07
-modified: 2021/11/27
+modified: 2023/10/11
 tags:
     - attack.persistence
     - attack.t1098
 logsource:
     product: azure
-    service: azureactivity
+    service: activitylogs
 detection:
     keywords:
         - Microsoft.Compute/virtualMachines/write

rules/cloud/azure/activity_logs/azure_granting_permission_detection.yml

@@ -6,13 +6,13 @@ references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/Granting_Permissions_To_Account_detection.yaml
 author: sawwinnnaung
 date: 2020/05/07
-modified: 2021/11/27
+modified: 2023/10/11
 tags:
     - attack.persistence
     - attack.t1098.003
 logsource:
     product: azure
-    service: azureactivity
+    service: activitylogs
 detection:
     keywords:
         - Microsoft.Authorization/roleAssignments/write

rules/cloud/azure/activity_logs/azure_rare_operations.yml

@@ -6,12 +6,12 @@ references:
     - https://github.com/Azure/Azure-Sentinel/blob/e534407884b1ec5371efc9f76ead282176c9e8bb/Detections/AzureActivity/RareOperations.yaml
 author: sawwinnnaung
 date: 2020/05/07
-modified: 2021/11/27
+modified: 2023/10/11
 tags:
     - attack.t1003
 logsource:
     product: azure
-    service: azureactivity
+    service: activitylogs
 detection:
     keywords:
         - Microsoft.DocumentDB/databaseAccounts/listKeys/action