[Tuning] DCSync Rules - 4662 event.action (#3410)

* Update credential_access_dcsync_newterm_subjectuser.toml

* Update credential_access_dcsync_replication_rights.toml

Removed changes from:
- rules/windows/credential_access_dcsync_newterm_subjectuser.toml

(selectively cherry picked from commit d7f4d79)

Author: Samirbous

rules/windows/credential_access_dcsync_replication_rights.toml

@@ -4,7 +4,7 @@ integration = ["system", "windows"]
 maturity = "production"
 min_stack_comments = "New fields added: required_fields, related_integrations, setup"
 min_stack_version = "8.3.0"
-updated_date = "2023/10/23"
+updated_date = "2024/01/29"
 
 [rule]
 author = ["Elastic"]
@@ -97,7 +97,7 @@ timestamp_override = "event.ingested"
 type = "eql"
 
 query = '''
-any where event.action == "Directory Service Access" and
+any where event.action : ("Directory Service Access", "object-operation-performed") and
   event.code == "4662" and winlog.event_data.Properties : (
 
     /* Control Access Rights/Permissions Symbol */