Minstack versions for Okta and Github Integration #4273

shashank-elastic · 2024-11-27T13:00:41Z

Pull Request

Issue link(s): Double Bumps in version seen in lock versions PR #4272

Summary - What I changed

For Github Integration the integration version on

main, 8,16, 8.15,8.14,8.13

 "related_integrations": [
   {
     "package": "github",
     "version": "^2.0.0"
   }
 ]

and there is a change in version at 8.12

  "related_integrations": [
    {
      "package": "github",
      "version": "^1.0.0"
    }
  ],

We are min stacking all GitHub rules to version 8.12

For Okta Integration the integration version on

main,8.16,8.15

  "related_integrations": [
    {
      "package": "okta",
      "version": "^3.0.0"
    }
  ],

and there is a change in version at 8.14

  "related_integrations": [
    {
      "package": "okta",
      "version": "^2.0.0"
    }
  ],

We are min stacking all GitHub rules to version 8.14

How To Test

Unit test should pass

Checklist

Added a label for the type of pr: bug, enhancement, schema, maintenance, Rule: New, Rule: Deprecation, Rule: Tuning, Hunt: New, or Hunt: Tuning so guidelines can be generated
Added the meta:rapid-merge label if planning to merge within 24 hours
Secret and sensitive material has been managed correctly
Automated testing was updated or added to match the most common scenarios
Documentation and comments were added for features that require explanation

Contributor checklist

Have you signed the contributor license agreement?
Have you followed the contributor guidelines?

protectionsmachine · 2024-11-27T13:01:35Z

Removed changes from: - rules/integrations/okta/credential_access_attempted_bypass_of_okta_mfa.toml - rules/integrations/okta/credential_access_attempts_to_brute_force_okta_user_account.toml - rules/integrations/okta/credential_access_multiple_auth_events_from_single_device_behind_proxy.toml - rules/integrations/okta/credential_access_multiple_device_token_hashes_for_single_okta_session.toml - rules/integrations/okta/credential_access_okta_authentication_for_multiple_users_from_single_source.toml - rules/integrations/okta/credential_access_okta_authentication_for_multiple_users_with_the_same_device_token_hash.toml - rules/integrations/okta/credential_access_okta_brute_force_or_password_spraying.toml - rules/integrations/okta/credential_access_okta_mfa_bombing_via_push_notifications.toml - rules/integrations/okta/credential_access_okta_multiple_device_token_hashes_for_single_user.toml - rules/integrations/okta/credential_access_okta_potentially_successful_okta_bombing_via_push_notifications.toml - rules/integrations/okta/credential_access_user_impersonation_access.toml - rules/integrations/okta/defense_evasion_attempt_to_deactivate_okta_network_zone.toml - rules/integrations/okta/defense_evasion_attempt_to_delete_okta_network_zone.toml - rules/integrations/okta/defense_evasion_first_occurence_public_app_client_credential_token_exchange.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_deactivate_okta_policy_rule.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_delete_okta_policy_rule.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_network_zone.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy.toml - rules/integrations/okta/defense_evasion_okta_attempt_to_modify_okta_policy_rule.toml - rules/integrations/okta/defense_evasion_suspicious_okta_user_password_reset_or_unlock_attempts.toml - rules/integrations/okta/impact_attempt_to_revoke_okta_api_token.toml - rules/integrations/okta/impact_okta_attempt_to_deactivate_okta_application.toml - rules/integrations/okta/impact_okta_attempt_to_delete_okta_application.toml - rules/integrations/okta/impact_okta_attempt_to_modify_okta_application.toml - rules/integrations/okta/impact_possible_okta_dos_attack.toml - rules/integrations/okta/initial_access_first_occurrence_user_session_started_via_proxy.toml - rules/integrations/okta/initial_access_new_authentication_behavior_detection.toml - rules/integrations/okta/initial_access_okta_fastpass_phishing.toml - rules/integrations/okta/initial_access_okta_user_attempted_unauthorized_access.toml - rules/integrations/okta/initial_access_okta_user_sessions_started_from_different_geolocations.toml - rules/integrations/okta/initial_access_sign_in_events_via_third_party_idp.toml - rules/integrations/okta/initial_access_successful_application_sso_from_unknown_client_device.toml - rules/integrations/okta/initial_access_suspicious_activity_reported_by_okta_user.toml - rules/integrations/okta/lateral_movement_multiple_sessions_for_single_user.toml - rules/integrations/okta/okta_threatinsight_threat_suspected_promotion.toml - rules/integrations/okta/persistence_administrator_privileges_assigned_to_okta_group.toml - rules/integrations/okta/persistence_administrator_role_assigned_to_okta_user.toml - rules/integrations/okta/persistence_attempt_to_create_okta_api_token.toml - rules/integrations/okta/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.toml - rules/integrations/okta/persistence_mfa_deactivation_with_no_reactivation.toml - rules/integrations/okta/persistence_new_idp_successfully_added_by_admin.toml - rules/integrations/okta/persistence_okta_attempt_to_modify_or_delete_application_sign_on_policy.toml - rules/integrations/okta/persistence_stolen_credentials_used_to_login_to_okta_account_after_mfa_reset.toml (selectively cherry picked from commit 5ab7565)

(cherry picked from commit 5ab7565)

Minstack versions for Okta and Github Integration

fe2055f

shashank-elastic requested review from Mikaayenson, w0rk3r, DefSecSentinel, imays11, Samirbous, Aegrah, terrancedejesus and eric-forte-elastic November 27, 2024 13:00

shashank-elastic self-assigned this Nov 27, 2024

botelastic bot added bbr Building Block Rules Domain: Cloud Integration: Okta okta related rules labels Nov 27, 2024

github-actions bot added the backport: auto label Nov 27, 2024

shashank-elastic added Rule: Tuning tweaking or tuning an existing rule meta:rapid-merge labels Nov 27, 2024

Aegrah approved these changes Nov 27, 2024

View reviewed changes

terrancedejesus approved these changes Nov 27, 2024

View reviewed changes

shashank-elastic merged commit 5ab7565 into main Nov 27, 2024
30 of 34 checks passed

shashank-elastic deleted the fix_version_bump_27 branch November 27, 2024 13:09

protectionsmachine pushed a commit that referenced this pull request Nov 27, 2024

Minstack versions for Okta and Github Integration (#4273)

5d12392

(cherry picked from commit 5ab7565)

protectionsmachine pushed a commit that referenced this pull request Nov 27, 2024

Minstack versions for Okta and Github Integration (#4273)

7e6fa57

(cherry picked from commit 5ab7565)

protectionsmachine pushed a commit that referenced this pull request Nov 27, 2024

Minstack versions for Okta and Github Integration (#4273)

3e47c90

(cherry picked from commit 5ab7565)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Minstack versions for Okta and Github Integration #4273

Minstack versions for Okta and Github Integration #4273

shashank-elastic commented Nov 27, 2024

protectionsmachine commented Nov 27, 2024

Minstack versions for Okta and Github Integration #4273

Minstack versions for Okta and Github Integration #4273

Conversation

shashank-elastic commented Nov 27, 2024

Pull Request

Summary - What I changed

How To Test

Checklist

Contributor checklist

protectionsmachine commented Nov 27, 2024

Rule: Tuning - Guidelines

Documentation and Context

Rule Metadata Checks

Testing and Validation