Update detection-rules/body_microsoft_logo_bing_redirect.yml

Co-authored-by: Ross Wolf <[email protected]>
sublime-security · Oct 18, 2023 · daadfc7 · daadfc7
1 parent ce37817
commit daadfc7
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/detection-rules/body_microsoft_logo_bing_redirect.yml b/detection-rules/body_microsoft_logo_bing_redirect.yml
@@ -44,7 +44,10 @@ source: |
   )
   
   // Bing redirect
-  and any(body.links, any(.href_url.rewrite.encoders, strings.contains(., "bing_open_redirect")))
+  and any(body.links,
+      (.href_url.domain.root_domain == 'bing.com' and .href_url.path =~ '/ck/a')
+      or "bing_open_redirect" in .href_url.rewrite.encoders
+  )
   and sender.email.domain.root_domain not in $org_domains
   and sender.email.domain.root_domain not in (
     "bing.com",