bug fix

Author: Patrick Bareiss

detections/cloud/github_enterprise_disable_2FA_requirement.yml

@@ -20,7 +20,7 @@ search: '`github_enterprise` action=org.disable_two_factor_requirement OR action
   | stats count min(_time) as firstTime max(_time) as lastTime by actor, actor_id, actor_is_bot, actor_location.country_code, business, business_id, user_agent, action
   | eval user=actor
   | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` 
-  | `github_enterprise_disable_2FA_requirement_filter`'
+  | `github_enterprise_disable_2fa_requirement_filter`'
 how_to_implement: You must ingest GitHub Enterprise logs using Audit log streaming as described in this documentation https://docs.github.com/en/enterprise-cloud@latest/admin/monitoring-activity-in-your-enterprise/reviewing-audit-logs-for-your-enterprise/streaming-the-audit-log-for-your-enterprise#setting-up-streaming-to-splunk using a Splunk HTTP Event Collector.
 known_false_positives: unknown
 references:

detections/cloud/github_organizations_disable_2FA_requirement.yml

@@ -19,7 +19,7 @@ search: '`github_organizations` vendor_action=org.disable_two_factor_requirement
   | stats count min(_time) as firstTime max(_time) as lastTime by actor, actor_id, actor_ip, actor_is_bot, actor_location.country_code, business, business_id, org, org_id, user_agent, vendor_action
   | eval user=actor
   | `security_content_ctime(firstTime)` | `security_content_ctime(lastTime)` 
-  | `github_organizations_disable_2FA_requirement_filter`'
+  | `github_organizations_disable_2fa_requirement_filter`'
 how_to_implement: You must ingest GitHub Organizations logs using Splunk Add-on for Github using a Personal Access Token https://docs.splunk.com/Documentation/AddOns/released/GitHub/Configureinputs .
 known_false_positives: unknown
 references: