This detection rule monitors Okta applications for any updates or deletions that occur within a two-hour timeframe. Specifically, it queries the Okta event logs to track events related to application lifecycle management. The rule executes a SQL-like command to select all records from the Okta data source where the event time is within the last two hours, checking specifically for events with the types 'application.lifecycle.update' or 'application.lifecycle.delete'. This is crucial for organizations managing their applications through Okta, as unauthorized modifications or deletions can lead to security incidents or operational disruptions. This rule is particularly relevant for teams focusing on application security and integrity management, helping to detect potential impact on endpoints due to service disruptions caused by application modifications.