add url toolbox requirement

Author: 0xC0FFEEEE

detections/cloud/o365_suspicious_mailbox_rule_created.yml

@@ -17,7 +17,8 @@ search: '`o365_management_activity` Workload=Exchange Operation="New-InboxRule"
   "^(RSS|Conversation History|Archive)"), 1, 0) | eval suspicious_score=entropy_score+len_score+read_score+folder_score
   | where suspicious_score>2 | `o365_suspicious_mailbox_rule_created_filter`'
 how_to_implement: You must install the Splunk Microsoft Office 365 Add-on and ingest
-  Office 365 management activity events.
+  Office 365 management activity events. You also need to have the Splunk TA URL 
+  Toolbox (https://splunkbase.splunk.com/app/2734/) installed.
 known_false_positives: Short rule names may trigger false positives. Adjust
   the entropy and length thresholds as needed.
 references: