Add exceptions to brute force threshold rule. (#3712)

High volume, machine generated failures or MFA interruptions have been added to the rule.

Co-authored-by: shashank-elastic <91139415+shashank-elastic@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>

rules/integrations/o365/credential_access_microsoft_365_brute_force_user_account_attempt.toml

@@ -2,7 +2,7 @@
 creation_date = "2020/11/30"
 integration = ["o365"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/05/24"
 
 [rule]
 author = ["Elastic", "Willem D'Haese", "Austin Songer"]
@@ -41,7 +41,9 @@ query = '''
 event.dataset:o365.audit and event.provider:(AzureActiveDirectory or Exchange) and
   event.category:authentication and event.action:(UserLoginFailed or PasswordLogonInitialAuthUsingPassword) and
   not o365.audit.LogonError:(UserAccountNotFound or EntitlementGrantsNotFound or UserStrongAuthEnrollmentRequired or
-                             UserStrongAuthClientAuthNRequired or InvalidReplyTo)
+                             UserStrongAuthClientAuthNRequired or InvalidReplyTo or SsoArtifactExpiredDueToConditionalAccess or
+                             PasswordResetRegistrationRequiredInterrupt or SsoUserAccountNotFoundInResourceTenant or
+                             UserStrongAuthExpired)
 '''