From c393954a12ccded847476f2c744c0ea8d64f8010 Mon Sep 17 00:00:00 2001
From: akozlovets098 <95437895+akozlovets098@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:07:29 +0200
Subject: [PATCH] Add references to rules (onelogin_rules) (#1024)

---
 rules/onelogin_rules/onelogin_admin_role_assigned.yml | 1 +
 rules/onelogin_rules/onelogin_unusual_login.yml       | 1 +
 2 files changed, 2 insertions(+)

diff --git a/rules/onelogin_rules/onelogin_admin_role_assigned.yml b/rules/onelogin_rules/onelogin_admin_role_assigned.yml
index cac026bee..d8bcaef05 100644
--- a/rules/onelogin_rules/onelogin_admin_role_assigned.yml
+++ b/rules/onelogin_rules/onelogin_admin_role_assigned.yml
@@ -7,6 +7,7 @@ LogTypes:
   - OneLogin.Events
 Tags:
   - Identity & Access Management
+Reference: https://onelogin.service-now.com/kb_view_customer.do?sysparm_article=KB0010391
 Severity: Low
 SummaryAttributes:
   - account_id
diff --git a/rules/onelogin_rules/onelogin_unusual_login.yml b/rules/onelogin_rules/onelogin_unusual_login.yml
index 1e982554d..d614e0344 100644
--- a/rules/onelogin_rules/onelogin_unusual_login.yml
+++ b/rules/onelogin_rules/onelogin_unusual_login.yml
@@ -9,6 +9,7 @@ LogTypes:
   - OneLogin.Events
 Tags:
   - Identity & Access Management
+Reference: https://actzero.ai/resources/blog/a-smarter-way-to-detect-suspicious-cloud-logins
 Severity: Medium
 Description: Deprecated. Please see Standard.UnusualLogin instead.
 SummaryAttributes: