## Summary
Updates the External Alerts rule index to match default securitySolution:defaultIndex value
``` toml
index = ["apm-*-transaction*", "auditbeat-*", "endgame-*", "filebeat-*", "logs-*", "packetbeat-*", "winlogbeat-*"]
```
Note: extra spaces are from running `toml-lint`
## Contributor checklist
- Have you signed the [contributor license agreement](https://www.elastic.co/contributor-agreement)? Yes!
- Have you followed the [contributor guidelines](https://github.com/elastic/detection-rules/blob/main/CONTRIBUTING.md)? Yes!
* Create credential_access_okta_brute_force_or_password_spraying.toml
* Update maturity to production
* Update severity and risk score
* Aggregate by source.ip field
To ensure that investigate in timeline displays expected events
* Update false positive information
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Tweak false positive info
* Update rules/okta/credential_access_okta_brute_force_or_password_spraying.toml
Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
* Update rules/okta/credential_access_okta_brute_force_or_password_spraying.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
* Adds the Elastic Endpoint and External Alerts rules and required schema updates
* Optimizing queries to fix tests
* Apply PEP257 changes
* Apply suggestions from code review
* Update rules/cross-platform/external_alerts.toml
* Last fixes from review
* Fixing test for unrequired default
* Adding increased default max_signals to not interfere with testing
* Make promotions folder
* Refining Elastic Endpoint rule index
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Add okta rule for policy modification/delete
* Update rule name
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
* Update rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
* Add event.module value to query
* Update okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Add event.category and event.type values to query
* Update rules/okta/okta_attempt_to_modify_or_delete_application_sign_on_policy.toml
Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Co-authored-by: Justin Ibarra <brokensound77@users.noreply.github.com>
Brent Murphy