From 6e4944e47559d2343e945bc161489ba8f11d7568 Mon Sep 17 00:00:00 2001 From: frack113 <62423083+frack113@users.noreply.github.com> Date: Sun, 14 Nov 2021 10:58:26 +0100 Subject: [PATCH] Add okta product --- rules/cloud/okta/okta_admin_role_assigned_to_user_or_group.yml | 1 + rules/cloud/okta/okta_api_token_created.yml | 1 + rules/cloud/okta/okta_api_token_revoked.yml | 1 + rules/cloud/okta/okta_application_modified_or_deleted.yml | 1 + .../okta/okta_application_sign_on_policy_modified_or_deleted.yml | 1 + rules/cloud/okta/okta_mfa_reset_or_deactivated.yml | 1 + rules/cloud/okta/okta_network_zone_deactivated_or_deleted.yml | 1 + rules/cloud/okta/okta_policy_modified_or_deleted.yml | 1 + rules/cloud/okta/okta_policy_rule_modified_or_deleted.yml | 1 + rules/cloud/okta/okta_security_threat_detected.yml | 1 + rules/cloud/okta/okta_unauthorized_access_to_app.yml | 1 + rules/cloud/okta/okta_user_account_locked_out.yml | 1 + 12 files changed, 12 insertions(+) diff --git a/rules/cloud/okta/okta_admin_role_assigned_to_user_or_group.yml b/rules/cloud/okta/okta_admin_role_assigned_to_user_or_group.yml index 7f3377013e5..32b496a7997 100644 --- a/rules/cloud/okta/okta_admin_role_assigned_to_user_or_group.yml +++ b/rules/cloud/okta/okta_admin_role_assigned_to_user_or_group.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_api_token_created.yml b/rules/cloud/okta/okta_api_token_created.yml index 4969a8468ed..a39c3ae70dd 100644 --- a/rules/cloud/okta/okta_api_token_created.yml +++ b/rules/cloud/okta/okta_api_token_created.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_api_token_revoked.yml b/rules/cloud/okta/okta_api_token_revoked.yml index ba2f81b9d92..644f1aea54d 100644 --- a/rules/cloud/okta/okta_api_token_revoked.yml +++ b/rules/cloud/okta/okta_api_token_revoked.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_application_modified_or_deleted.yml b/rules/cloud/okta/okta_application_modified_or_deleted.yml index 078c764be85..35cbd1b95e1 100644 --- a/rules/cloud/okta/okta_application_modified_or_deleted.yml +++ b/rules/cloud/okta/okta_application_modified_or_deleted.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_application_sign_on_policy_modified_or_deleted.yml b/rules/cloud/okta/okta_application_sign_on_policy_modified_or_deleted.yml index aaccaad3d90..0520ddd6bc7 100644 --- a/rules/cloud/okta/okta_application_sign_on_policy_modified_or_deleted.yml +++ b/rules/cloud/okta/okta_application_sign_on_policy_modified_or_deleted.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_mfa_reset_or_deactivated.yml b/rules/cloud/okta/okta_mfa_reset_or_deactivated.yml index acc04ac8c66..69185811f5d 100644 --- a/rules/cloud/okta/okta_mfa_reset_or_deactivated.yml +++ b/rules/cloud/okta/okta_mfa_reset_or_deactivated.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_network_zone_deactivated_or_deleted.yml b/rules/cloud/okta/okta_network_zone_deactivated_or_deleted.yml index 273d8713ad9..b4f6adf83ef 100644 --- a/rules/cloud/okta/okta_network_zone_deactivated_or_deleted.yml +++ b/rules/cloud/okta/okta_network_zone_deactivated_or_deleted.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_policy_modified_or_deleted.yml b/rules/cloud/okta/okta_policy_modified_or_deleted.yml index fb4aa5b2140..247901b9616 100644 --- a/rules/cloud/okta/okta_policy_modified_or_deleted.yml +++ b/rules/cloud/okta/okta_policy_modified_or_deleted.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_policy_rule_modified_or_deleted.yml b/rules/cloud/okta/okta_policy_rule_modified_or_deleted.yml index 278171ebb50..9a1ab4bf7e4 100644 --- a/rules/cloud/okta/okta_policy_rule_modified_or_deleted.yml +++ b/rules/cloud/okta/okta_policy_rule_modified_or_deleted.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_security_threat_detected.yml b/rules/cloud/okta/okta_security_threat_detected.yml index 8e754c450ca..eedd7976832 100644 --- a/rules/cloud/okta/okta_security_threat_detected.yml +++ b/rules/cloud/okta/okta_security_threat_detected.yml @@ -10,6 +10,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_unauthorized_access_to_app.yml b/rules/cloud/okta/okta_unauthorized_access_to_app.yml index 103050241fc..69480d462f1 100644 --- a/rules/cloud/okta/okta_unauthorized_access_to_app.yml +++ b/rules/cloud/okta/okta_unauthorized_access_to_app.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: diff --git a/rules/cloud/okta/okta_user_account_locked_out.yml b/rules/cloud/okta/okta_user_account_locked_out.yml index 7acd02c013b..21b4c7ed2c9 100644 --- a/rules/cloud/okta/okta_user_account_locked_out.yml +++ b/rules/cloud/okta/okta_user_account_locked_out.yml @@ -9,6 +9,7 @@ references: - https://developer.okta.com/docs/reference/api/system-log/ - https://developer.okta.com/docs/reference/api/event-types/ logsource: + product: okta service: okta detection: selection: