security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating min-stack for Okta rule (#3318)

Browse Source 
(cherry picked from commit 631f8841ad)
This commit is contained in:
Terrance DeJesus
2023-12-12 12:27:18 -05:00
committed by github-actions[bot]
parent b70bbe0841
commit c7469afefe
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/integrations/okta/initial_access_okta_fastpass_phishing.toml
+3 -3
View File
@@ -2,8 +2,8 @@
creation_date = "2023/05/07"
integration = ["okta"]
maturity = "production"
min_stack_comments = "New fields added: required_fields, related_integrations, setup"
min_stack_version = "8.3.0"
min_stack_comments = "Breaking change in Okta integration bumping version to ^2.0.0"
min_stack_version = "8.10.0"
updated_date = "2023/11/07"
[rule]
@@ -38,7 +38,7 @@ timestamp_override = "event.ingested"
type = "query"
query = '''
event.dataset:okta.system and event.category:authentication and
event.dataset:okta.system and event.category:authentication and
okta.event_type:user.authentication.auth_via_mfa and event.outcome:failure and okta.outcome.reason:"FastPass declined phishing attempt"
'''