From cb9f890b5cf7dd2983f0e45082744e736d6aac0e Mon Sep 17 00:00:00 2001
From: praveenthepro <99244859+praveenthepro@users.noreply.github.com>
Date: Fri, 29 Dec 2023 17:36:58 +0530
Subject: [PATCH] Update User Session Impersonation(Okta).yaml

changed the mitre tech and id
---
 .../Analytic Rules/User Session Impersonation(Okta).yaml     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml
index 35c4bd169d..54b7d03c0d 100644
--- a/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml	
+++ b/Solutions/Okta Single Sign-On/Analytic Rules/User Session Impersonation(Okta).yaml	
@@ -16,10 +16,9 @@ queryPeriod: 6h
 triggerOperator: gt
 triggerThreshold: 0
 tactics:
-  - PrivilegeEscalation
+  - DefenseEvasion
 relevantTechniques:
-  - T1134
-  - T1134.003
+  - T1656
 query: |
   Okta_CL
   | where eventType_s == "user.session.impersonation.initiate" and outcome_result_s == "SUCCESS"