Skip to content

Commit

Permalink
Sync from PR#668
Browse files Browse the repository at this point in the history
New rule: Microsoft SCL very high and message not in spam folder by @morriscode
#668
Source SHA ca483e4
Triggered by @morriscode
  • Loading branch information
Sublime Rule Testing Bot committed Oct 19, 2023
1 parent e17229a commit 893311e
Showing 1 changed file with 4 additions and 7 deletions.
11 changes: 4 additions & 7 deletions detection-rules/spam_high_microsoft_scl_not_in_spam_folder.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,10 @@ source: |
)
and external.spam is null
and (
(
sender.email.domain.root_domain in $free_email_providers
and sender.email.email not in $sender_emails
)
profile.by_sender().prevalence in ("new", "outlier")
or (
sender.email.domain.root_domain not in $free_email_providers
and sender.email.domain.domain not in $sender_domains
profile.by_sender().any_messages_malicious_or_spam
and not profile.by_sender().any_false_positives
)
)
attack_types:
Expand All @@ -29,4 +26,4 @@ detection_methods:
- "Sender analysis"
id: "801a5470-0498-55ba-a590-4cb105038e95"
testing_pr: 668
testing_sha: f715f1823ea70bb122765225d74d001fc406357c
testing_sha: ca483e4ba7cadd9dea3b5be7636d9e8ab14fa026

0 comments on commit 893311e

Please sign in to comment.