testing changed detections

Author: patel-bhavin

detections/application/okta_multiple_accounts_locked_out.yml

@@ -6,7 +6,7 @@ author: Michael Haag, Mauricio Velazco, Splunk
 data_source: []
 type: Anomaly
 status: production
-description: The following analytic detects multiple Okta accounts being locked out
+description: The  following analytic detects multiple Okta accounts being locked out
   within a short period. It uses the user.account.lock event from Okta logs, aggregated
   over a 5-minute window, to identify this behavior. This activity is significant
   as it may indicate a brute force or password spraying attack, where an adversary

detections/application/okta_multiple_failed_mfa_requests_for_user.yml

@@ -6,7 +6,7 @@ author: Mauricio Velazco, Splunk
 data_source: []
 type: Anomaly
 status: production
-description: The following analytic identifies multiple failed multi-factor authentication
+description: The  following analytic identifies multiple failed multi-factor authentication
   (MFA) requests for a single user within an Okta tenant. It triggers when more than
   10 MFA attempts fail within 5 minutes, using Okta event logs to detect this pattern.
   This activity is significant as it may indicate an adversary attempting to bypass

detections/application/okta_multiple_failed_requests_to_access_applications.yml

@@ -6,7 +6,7 @@ author: John Murphy, Okta, Michael Haag, Splunk
 type: Hunting
 status: experimental
 data_source: []
-description: 'The following analytic detects multiple failed attempts to access applications
+description: 'The  following analytic detects multiple failed attempts to access applications
   in Okta, potentially indicating the reuse of a stolen web session cookie. It leverages
   Okta logs to evaluate policy and SSO events, aggregating data by user, session,
   and IP. The detection triggers when more than half of the app sign-on attempts are