Update PasswordSpray.yaml

Detections/OktaSSO/PasswordSpray.yaml

@@ -22,7 +22,7 @@ query: |
   let FailedEvents = Okta_CL
   | where TimeGenerated > timeframe
   | where eventType_s =~ "user.session.start"and outcome_reason_s in ("VERIFICATION_ERROR","INVALID_CREDENTIALS")
-  | summarizedcount(actor_alternateId_s) by client_ipAddress_s, bin(TimeGenerated, 5m)
+  | summarize dcount(actor_alternateId_s) by client_ipAddress_s, bin(TimeGenerated, 5m)
   | where dcount_actor_alternateId_s > FailureThreshold
   | project client_ipAddress_s, TimeGenerated;
   Okta_CL