From a8de4d7a7db05faaef97737933193639fb4f00ce Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Wed, 18 Oct 2023 14:11:36 -0400
Subject: [PATCH 1/3] Update link_google_translate.yml

Updating to use the google_translate_open_redirect encoder.
---
 detection-rules/link_google_translate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection-rules/link_google_translate.yml b/detection-rules/link_google_translate.yml
index 06a07041f60..8359cc8c2e8 100644
--- a/detection-rules/link_google_translate.yml
+++ b/detection-rules/link_google_translate.yml
@@ -10,7 +10,7 @@ authors:
 severity: "low"
 source: |
   type.inbound
-  and any(body.links, .href_url.domain.root_domain == "translate.goog")
+  and any(body.links, any(.href_url.rewrite.encoders, strings.contains(., "google_translate_open_redirect")))
   and (
     not profile.by_sender().solicited
     or (

From fc41bdfc1a533ab0ac930da83a05614e5c4e890c Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Wed, 18 Oct 2023 18:32:20 -0400
Subject: [PATCH 2/3] Update detection-rules/link_google_translate.yml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
---
 detection-rules/link_google_translate.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/detection-rules/link_google_translate.yml b/detection-rules/link_google_translate.yml
index 8359cc8c2e8..9b1076b13b7 100644
--- a/detection-rules/link_google_translate.yml
+++ b/detection-rules/link_google_translate.yml
@@ -10,7 +10,10 @@ authors:
 severity: "low"
 source: |
   type.inbound
-  and any(body.links, any(.href_url.rewrite.encoders, strings.contains(., "google_translate_open_redirect")))
+  and any(body.links,
+      .href_url.domain.root_domain == "translate.goog"
+      or "google_translate_open_redirect" in .href_url.rewrite.encoders
+  )
   and (
     not profile.by_sender().solicited
     or (

From d09da3057ecae9e3d4acd405b66dcacd246da65e Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Wed, 18 Oct 2023 18:41:44 -0400
Subject: [PATCH 3/3] Update detection-rules/link_google_translate.yml

Co-authored-by: Ross Wolf <31489089+rw-access@users.noreply.github.com>
---
 detection-rules/link_google_translate.yml | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/detection-rules/link_google_translate.yml b/detection-rules/link_google_translate.yml
index 9b1076b13b7..4f34f45938d 100644
--- a/detection-rules/link_google_translate.yml
+++ b/detection-rules/link_google_translate.yml
@@ -10,10 +10,7 @@ authors:
 severity: "low"
 source: |
   type.inbound
-  and any(body.links,
-      .href_url.domain.root_domain == "translate.goog"
-      or "google_translate_open_redirect" in .href_url.rewrite.encoders
-  )
+  and any(body.links, "google_translate_open_redirect" in .href_url.rewrite.encoders)
   and (
     not profile.by_sender().solicited
     or (