Skip to content

Commit

Permalink
Sync from PR#2107
Browse files Browse the repository at this point in the history
Create suspicious_sender_display_name_procedurally_generated_blob.yml by @morriscode
#2107
Source SHA fbe3a2e
Triggered by @morriscode
  • Loading branch information
Sublime Rule Testing Bot committed Nov 14, 2024
1 parent 310da83 commit 2fefb4e
Showing 1 changed file with 2 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ source: |
type.inbound
and regex.icontains(sender.display_name, '\b[\w\p{L}\p{N}]{35,}\b')
and not regex.icontains(sender.display_name, '_bot_[a-f0-9]{32}\)')
and not regex.match(sender.display_name, '\b[\w\p{L}\p{N}]{35,}\b')
// negate org domains unless they fail DMARC authentication
and (
Expand Down Expand Up @@ -33,4 +34,4 @@ detection_methods:
- "Sender analysis"
id: "2a40b043-52dc-59ca-8519-3793e8817d07"
testing_pr: 2107
testing_sha: 69f23d848747374b34470378c2298d7ff1f53237
testing_sha: fbe3a2e8f78dbf565909cfad968f4adee4ca7942

0 comments on commit 2fefb4e

Please sign in to comment.