[Rule Tuning] Attempts to Brute Force an Okta User Account (#1216)

* update rule.threshold field value

* add rule authors

* bump updated_date

Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>

rules/okta/credential_access_attempts_to_brute_force_okta_user_account.toml

@@ -1,10 +1,10 @@
 [metadata]
 creation_date = "2020/08/19"
 maturity = "production"
-updated_date = "2021/05/10"
+updated_date = "2021/05/18"
 
 [rule]
-author = ["Elastic"]
+author = ["Elastic", "@BenB196", "Austin Songer"]
 description = """
 Identifies when an Okta user account is locked out 3 times within a 3 hour window. An adversary may attempt a brute
 force or password spraying attack to obtain unauthorized access to user accounts. The default Okta authentication policy
@@ -47,6 +47,6 @@ name = "Credential Access"
 reference = "https://attack.mitre.org/tactics/TA0006/"
 
 [rule.threshold]
-field = ["okta.actor.id"]
+field = ["okta.actor.alternate_id"]
 value = 3