Update rules/integrations/okta/credential_access_multiple_user_agent_os_authentication.toml

terrancedejesus · imays11 · web-flow · commit 081fba0487cf · 2025-11-24T10:02:10.000-05:00
Co-authored-by: Isai &lt;59296946+imays11@users.noreply.github.com&gt;
diff --git a/rules/integrations/okta/credential_access_multiple_user_agent_os_authentication.toml b/rules/integrations/okta/credential_access_multiple_user_agent_os_authentication.toml
@@ -26,7 +26,7 @@ note = """## Triage and analysis
 
 ### Investigating Okta Multiple OS Names Detected for a Single DT Hash
 
-This rule detects when a single Okta device token hash (dt_hash) is associated with multiple operating system types. This is highly anomalous because a device token token is tied to a specific device and its operating system. This alert strongly indicates that an attacker has stolen a device token token and is using it to impersonate a legitimate user from a different machine.
+This rule detects when a single Okta device token hash (dt_hash) is associated with multiple operating system types. This is highly anomalous because a device token is tied to a specific device and its operating system. This alert strongly indicates that an attacker has stolen a device token token and is using it to impersonate a legitimate user from a different machine.
 
 ### Possible investigation steps
 - Review the `okta.debug_context.debug_data.dt_hash` field to identify the specific device
