Update body_microsoft_logo_bing_redirect.yml

Updating logic to handle bing_open_redirect encoder

detection-rules/body_microsoft_logo_bing_redirect.yml

@@ -5,7 +5,7 @@ type: "rule"
 severity: "high"
 source: |
   type.inbound
-
+  
   // Microsoft logo
   and (
     any(attachments,
@@ -42,9 +42,9 @@ source: |
            )
     )
   )
-
+  
   // Bing redirect
-  and any(body.links, .href_url.domain.root_domain == 'bing.com' and .href_url.path =~ '/ck/a')
+  and any(body.links, any(.href_url.rewrite.encoders, strings.contains(., "bing_open_redirect")))
   and sender.email.domain.root_domain not in $org_domains
   and sender.email.domain.root_domain not in (
     "bing.com",
@@ -57,6 +57,7 @@ source: |
     "sharepointonline.com",
     "yammer.com"
   )
+
 attack_types:
   - "BEC/Fraud"
 tactics_and_techniques: