valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 09:25:17 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update onelogin_user_account_locked.yml

Browse Source
This commit is contained in:
Austin Songer 2021-10-13 07:02:01 -05:00 committed by GitHub
parent 9faca2f3dc
commit 756d5b5aa6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
rules/cloud/onelogin/onelogin_user_account_locked.yml
View File

@ -11,14 +11,14 @@ logsource:
service: onelogin.events
detection:
selection1: # Locked via API
eventtypeid: 532
event_type_id: 532
selection2: # Locked via API
eventtypeid: 553
event_type_id: 553
selection3: # Suspended via API
eventtypeid: 551
event_type_id: 551
condition: 1 of them
level: low
tags:
- attack.impact
falsepositives:
- System may lock or suspend user accounts.
- System may lock or suspend user accounts.