Brent Murphy 627610401c [Rule Tuning] Update rules for new Fleet integrations (#729) ...

* update azure indicies

* remove . in index to match prior cloud rules

* update o365 indicies

* add event.dataset:google_workspace.admin to existing google workspace rules

* gcp syntax

* add gcp index

* update gcp index

* update index patterns for google workspace rules

* update gcp index2

* update updated_date

* update event outcome for azure

Co-authored-by: David French <56409778+threat-punter@users.noreply.github.com>

2020-12-18 12:23:12 -05:00

..

application_added_to_google_workspace_domain.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

domain_added_to_google_workspace_trusted_domains.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

google_workspace_admin_role_deletion.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

google_workspace_mfa_enforcement_disabled.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

google_workspace_policy_modified.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

mfa_disabled_for_google_workspace_organization.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

persistence_google_workspace_admin_role_assigned_to_user.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

persistence_google_workspace_api_access_granted_via_domain_wide_delegation_of_authority.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

persistence_google_workspace_custom_admin_role_created.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00

persistence_google_workspace_role_modified.toml

[Rule Tuning] Update rules for new Fleet integrations (#729)

2020-12-18 12:23:12 -05:00