Expand timestamp override tests (#1907)

* Expand timestamp_override tests
* removed timestamp_override from eql sequence rules
* add config entry for eql rules with beats index and t_o
* add timestamp_override to missing fields

rules/integrations/okta/credential_access_mfa_push_brute_force.toml

@@ -1,7 +1,7 @@
 [metadata]
 creation_date = "2022/01/05"
 maturity = "production"
-updated_date = "2022/02/28"
+updated_date = "2022/03/31"
 integration = "okta"
 
 [rule]
@@ -23,7 +23,6 @@ risk_score = 73
 rule_id = "97a8e584-fd3b-421f-9b9d-9c9d9e57e9d7"
 severity = "high"
 tags = ["Elastic", "Identity", "Okta", "Continuous Monitoring", "SecOps", "Identity and Access"]
-timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''