Austin Songer
89553d84a9
* Update impact_iam_deactivate_mfa_device.toml https://github.com/elastic/detection-rules/issues/1111 * Update impact_iam_deactivate_mfa_device.toml * Update discovery_post_exploitation_external_ip_lookup.toml "*ipapi.co", "*ip-lookup.net", "*ipstack.com" * Update rules/aws/impact_iam_deactivate_mfa_device.toml Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> * Revert "Update discovery_post_exploitation_external_ip_lookup.toml" This reverts commit b57fd60c9511e20a336d32a9c9b8d5cf9954c50e. * Update * New Rule: Okta User Attempted Unauthorized Access * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Update privilege_escalation_okta_user_attempted_unauthorized_access.toml * Delete privilege_escalation_okta_user_attempted_unauthorized_access.toml * Create persistence_new-or-modified-federation-domain.toml * Delete persistence_new-or-modified-federation-domain.toml * Create persistence_route_table_created.toml * Update persistence_route_table_created.toml * Update rules/persistence_route_table_created.toml Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com> * Update persistence_route_table_created.toml * Update .gitignore Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com> * Update persistence_route_table_created.toml * Update * Update Co-authored-by: Brent Murphy <56412096+bm11100@users.noreply.github.com> Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com> Co-authored-by: Jonhnathan <jonhnathancesar@gmail.com>