From 7b501ac590cd7137b56e3e3278be40fd091b73d9 Mon Sep 17 00:00:00 2001
From: mvelazco <mauricio.velazco@gmail.com>
Date: Wed, 1 Nov 2023 17:37:56 -0400
Subject: [PATCH] Update azure_ad_multiple_failed_mfa_requests_for_user.yml

---
 .../cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detections/cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml b/detections/cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml
index 1558973630..cabe8fbb50 100644
--- a/detections/cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml
+++ b/detections/cloud/azure_ad_multiple_failed_mfa_requests_for_user.yml
@@ -17,7 +17,7 @@ description: The following analytic identifies multiple failed multi-factor auth
   messages, and phone calls potentially resulting in the user finally accepting the
   authentication request. Threat actors like the Lapsus team and APT29 have leveraged
   this technique to bypass multi-factor authentication controls as reported by Mandiant
-  and others.
+  and others. 
 data_source: []
 search: ' `azure_monitor_aad` category=SignInLogs operationName="Sign-in activity" properties.status.errorCode=500121 properties.status.additionalDetails!="MFA denied; user declined the authentication"
   | rename properties.* as *