Fix spacing in Setup information (#4470)
This commit is contained in:
shashank-elastic
+2
-1
@@ -2,7 +2,7 @@
|
||||
creation_date = "2023/03/30"
|
||||
integration = ["google_workspace"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/01/15"
|
||||
updated_date = "2025/02/19"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
@@ -59,6 +59,7 @@ OAuth is a protocol that allows third-party applications to access user data wit
|
||||
- Review and update OAuth application permissions and policies to ensure that only trusted applications have access to sensitive data and services.
|
||||
|
||||
## Setup
|
||||
|
||||
The Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.
|
||||
### Important Information Regarding Google Workspace Event Lag Times
|
||||
- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.
|
||||
|
||||
+2
-1
@@ -2,7 +2,7 @@
|
||||
creation_date = "2023/03/07"
|
||||
integration = ["google_workspace"]
|
||||
maturity = "production"
|
||||
updated_date = "2024/09/23"
|
||||
updated_date = "2025/02/19"
|
||||
|
||||
[rule]
|
||||
author = ["Elastic"]
|
||||
@@ -71,6 +71,7 @@ This rule aims to detect when a user copies an external Drive object to their Dr
|
||||
- Using the incident response data, update logging and audit policies to improve the mean time to detect (MTTD) and the mean time to respond (MTTR).
|
||||
|
||||
## Setup
|
||||
|
||||
The Google Workspace Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.
|
||||
### Important Information Regarding Google Workspace Event Lag Times
|
||||
- As per Google's documentation, Google Workspace administrators may observe lag times ranging from minutes up to 3 days between the time of an event's occurrence and the event being visible in the Google Workspace admin/audit logs.
|
||||
|
||||
+2
-1
@@ -2,7 +2,7 @@
|
||||
creation_date = "2023/11/07"
|
||||
integration = ["okta"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/01/15"
|
||||
updated_date = "2025/02/19"
|
||||
min_stack_version = "8.15.0"
|
||||
min_stack_comments = "Breaking change at 8.15.0 for the Okta Integration."
|
||||
|
||||
@@ -39,6 +39,7 @@ This rule detects the first occurrence of an Okta user session started via a pro
|
||||
- Conduct a review of Okta policies and ensure they are in accordance with security best practices.
|
||||
|
||||
## Setup
|
||||
|
||||
The Okta Fleet integration, Filebeat module, or similarly structured data is required to be compatible with this rule.
|
||||
"""
|
||||
references = [
|
||||
|
||||
+2
-1
@@ -2,7 +2,7 @@
|
||||
creation_date = "2023/11/09"
|
||||
integration = ["endpoint", "okta"]
|
||||
maturity = "production"
|
||||
updated_date = "2025/01/15"
|
||||
updated_date = "2025/02/19"
|
||||
min_stack_version = "8.15.0"
|
||||
min_stack_comments = "Breaking change at 8.15.0 for the Okta Integration."
|
||||
|
||||
@@ -53,6 +53,7 @@ Typically, adversaries initially extract credentials from targeted endpoints thr
|
||||
- With the device ID captured from the MFA factor reset, search across all Okta logs for any other activity associated with the device ID.
|
||||
|
||||
## Setup
|
||||
|
||||
The Okta and Elastic Defend fleet integration structured data is required to be compatible with this rule. Directory services integration in Okta with AD synced is also required for this rule to be effective as it relies on triaging `user.name` from Okta and Elastic Defend events.
|
||||
"""
|
||||
references = [
|
||||
|
||||
Reference in New Issue
Block a user