From 8dc803df956e9129286fc9cf0c3c46fc3c8fd985 Mon Sep 17 00:00:00 2001
From: Austin Songer <a.songer@protonmail.com>
Date: Mon, 8 May 2023 10:35:19 -0500
Subject: [PATCH] Update okta_fastpass_phishing_detection.yml

---
 rules/cloud/okta/okta_fastpass_phishing_detection.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/cloud/okta/okta_fastpass_phishing_detection.yml b/rules/cloud/okta/okta_fastpass_phishing_detection.yml
index cc810a1c1..212d69290 100644
--- a/rules/cloud/okta/okta_fastpass_phishing_detection.yml
+++ b/rules/cloud/okta/okta_fastpass_phishing_detection.yml
@@ -16,11 +16,11 @@ logsource:
     service: okta
 detection:
     selection:
-        displaymessage: FastPass declined phishing attempt
-        status: FAILURE
+        outcome.reason: 'FastPass declined phishing attempt'
+        outcome.result: FAILURE
         eventtype:
             - user.authentication.auth_via_mfa
     condition: selection
 falsepositives:
-    - Unknown
+    - Unlikely
 level: high