From 57e0036eb5eddc26265ff69fd846ee14933d7344 Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Mon, 6 Nov 2023 16:56:32 -0500
Subject: [PATCH] Update qr_code_suspicious_indicators.yml (#925)

---
 detection-rules/qr_code_suspicious_indicators.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection-rules/qr_code_suspicious_indicators.yml b/detection-rules/qr_code_suspicious_indicators.yml
index 6858d8b7b23..0700db03c02 100644
--- a/detection-rules/qr_code_suspicious_indicators.yml
+++ b/detection-rules/qr_code_suspicious_indicators.yml
@@ -14,7 +14,7 @@ source: |
                   .scan.qr.type is not null
                   // exclude images taken with mobile cameras and screenshots from android
                   and not any(.scan.exiftool.fields,
-                              .key == "Model" or .key == "Megapixels"
+                              .key == "Model"
                               or .key == "Software" and strings.starts_with(.value, "Android")
                   )
           )