Push logtype update (#1240)

* created pack and updated event.deep_get

* update logtype

rules/push_security_rules/push_security_app_banner_acknowledged.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.App.Banner.Acknowledged"
 DisplayName: "Push Security App Banner Acknowledged"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Activity
+  - PushSecurity.Activity
 Severity: Low
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_mfa_method_changed.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.MFA.Method.Changed"
 DisplayName: "Push Security SaaS App MFA Method Changed"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Entities
+  - PushSecurity.Entities
 Severity: Info
 Description: MFA method on SaaS app changed
 DedupPeriodMinutes: 60

rules/push_security_rules/push_security_new_app_detected.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.New.App.Detected"
 DisplayName: "Push Security New App Detected"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Entities
+  - PushSecurity.Entities
 Severity: Info
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_new_saas_account_created.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.New.SaaS.Account.Created"
 DisplayName: "Push Security New SaaS Account Created"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Entities
+  - PushSecurity.Entities
 Severity: Info
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_open_security_finding.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.Open.Security.Finding"
 DisplayName: "Push Security Open Security Finding"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Entities
+  - PushSecurity.Entities
 Severity: Info
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_phishable_mfa_method.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.Phishable.MFA.Method"
 DisplayName: "Push Security Phishable MFA Method"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.Entities
+  - PushSecurity.Entities
 Severity: Info
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_phishing_attack.yml

@@ -4,7 +4,7 @@ RuleID: "Push.Security.Phishing.Attack"
 DisplayName: "Push Security Phishing Attack"
 Enabled: true
 LogTypes:
-  - Custom.PushSecurity.AttackDetection
+  - PushSecurity.AttackDetection
 Severity: High
 DedupPeriodMinutes: 60
 Threshold: 1

rules/push_security_rules/push_security_unauthorized_idp_login.yml

@@ -6,7 +6,7 @@ Enabled: false
 Tags:
   - Configuration Required
 LogTypes:
-  - Custom.PushSecurity.Activity
+  - PushSecurity.Activity
 Severity: High
 Description: Login to application with unauthorized identity provider which could indicate a SAMLjacking attack.
 Reference: https://github.com/pushsecurity/saas-attacks/blob/main/techniques/samljacking/description.md