From eaff6101908b2dc169cc6729f01c0a3e1aae3d5b Mon Sep 17 00:00:00 2001
From: Aiden Mitchell <me@aidenmitchell.ca>
Date: Fri, 13 Dec 2024 08:43:51 -0800
Subject: [PATCH] Update impersonation_sharepoint_fake_file_share.yml (#2213)

---
 detection-rules/impersonation_sharepoint_fake_file_share.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection-rules/impersonation_sharepoint_fake_file_share.yml b/detection-rules/impersonation_sharepoint_fake_file_share.yml
index b24422a89ef..25d3ad383fc 100644
--- a/detection-rules/impersonation_sharepoint_fake_file_share.yml
+++ b/detection-rules/impersonation_sharepoint_fake_file_share.yml
@@ -264,7 +264,7 @@ source: |
     or sender.email.domain.root_domain not in $high_trust_sender_root_domains
   )
   and (
-    (not profile.by_sender().solicited)
+    not profile.by_sender_email().solicited
     or (
       profile.by_sender().any_messages_malicious_or_spam
       and not profile.by_sender().any_false_positives