Update credential_access_forced_authentication.toml

w0rk3r · w0rk3r · commit 62464ad001ba · 2024-07-22T15:07:17.000-03:00
diff --git a/rules/cross-platform/credential_access_forced_authentication.toml b/rules/cross-platform/credential_access_forced_authentication.toml
@@ -35,7 +35,9 @@ tags = [
     "OS: Linux",
     "Use Case: Threat Detection",
     "Tactic: Credential Access",
-    "Data Source: Elastic Defend"
+    "Data Source: Elastic Defend",
+    "Data Source: Active Directory",
+    "Use Case: Active Directory Monitoring",
 ]
 timestamp_override = "event.ingested"
 type = "eql"
