Update rules/okta_rules.yaml

Signed-off-by: darryk10 <stefano.chierici@sysdig.com> Co-authored-by: Thomas Labarussias <issif+github@gadz.org>
2025-09-25 12:19:56 +00:00 · 2022-03-23 17:03:11 +01:00
parent 6a1492a828
commit 48041a517b
1 changed files with 1 additions and 1 deletions
--- a/rules/okta_rules.yaml
+++ b/rules/okta_rules.yaml
@@ -26,7 +26,7 @@
 - rule: User accessing app via single sign on OKTA
  desc: Detect a user accessing an app via OKTA
  condition: okta.evt.type = "user.authentication.sso"
-  output: "A user has accessed and app using OKTA (user=%okta.actor.name, app=%okta.app)"
+  output: "A user has accessed an app using OKTA (user=%okta.actor.name, app=%okta.app)"
  priority: NOTICE
  source: okta
  tags: [okta]