Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create link_referer_anon_services.yml #2338

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Create link_referer_anon_services.yml #2338

wants to merge 15 commits into from

Conversation

zoomequipd
Copy link
Member

@zoomequipd zoomequipd commented Jan 26, 2025
edited
Loading

Description

Add coverage for links in messages where provide referer anonymization services

Associated samples

Associated hunts

@zoomequipd zoomequipd requested a review from a team as a code owner January 26, 2025 04:41
@zoomequipd
Copy link
Member Author

/update-test-rules

@zoomequipd zoomequipd added the in-test-rules PR is in our testing suite to collect telemetry label Jan 26, 2025
github-actions bot pushed a commit that referenced this pull request Jan 26, 2025
Sync from PR#2338
82e52f2 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA df6d009
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Jan 26, 2025
Sync from PR#2338
d2bf691 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA d357227
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

I'm going to move this over to a discovery rule. There are benign uses of these services which make it difficult to fit as a detection-rule. However, there is a high enough volume of malicious messages to not just throw this rule away.

@zoomequipd zoomequipd added the discovery-rule Includes a discovery rule, not a feed rule label Jan 28, 2025
@zoomequipd
Copy link
Member Author

/update-test-rules

@zoomequipd zoomequipd added review-needed Indicates that a PR is waiting for review and removed discovery-rule Includes a discovery rule, not a feed rule review-needed Indicates that a PR is waiting for review labels Jan 28, 2025
@zoomequipd
Copy link
Member Author

going to add some sender profile elements to this and see if we can get it in as a detection rule

@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Feb 3, 2025
Sync from PR#2338
eef264b 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA 9c89e56
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Feb 4, 2025
Sync from PR#2338
26ce83d 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA bb617cb
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Feb 10, 2025
Sync from PR#2338
2e2d4a0 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA 5baabf7
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Feb 23, 2025
Sync from PR#2338
08d8a99 
Create link_referer_anon_services.yml by @zoomequipd
#2338
Source SHA 0cbead2
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

latest revision looking good, will continue to monitor

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
in-test-rules PR is in our testing suite to collect telemetry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@zoomequipd