From 48041a517b3b163bb4eeaa989656c5d1273a4a49 Mon Sep 17 00:00:00 2001
From: schie <77834235+darryk10@users.noreply.github.com>
Date: Wed, 23 Mar 2022 17:03:11 +0100
Subject: [PATCH] Update rules/okta_rules.yaml Signed-off-by: darryk10
 <stefano.chierici@sysdig.com> Co-authored-by: Thomas Labarussias
 <issif+github@gadz.org>

---
 rules/okta_rules.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/okta_rules.yaml b/rules/okta_rules.yaml
index ccc57e62..c636202a 100644
--- a/rules/okta_rules.yaml
+++ b/rules/okta_rules.yaml
@@ -26,7 +26,7 @@
 - rule: User accessing app via single sign on OKTA
   desc: Detect a user accessing an app via OKTA
   condition: okta.evt.type = "user.authentication.sso"
-  output: "A user has accessed and app using OKTA (user=%okta.actor.name, app=%okta.app)"
+  output: "A user has accessed an app using OKTA (user=%okta.actor.name, app=%okta.app)"
   priority: NOTICE
   source: okta
   tags: [okta]