From 05f65ad03a3a7bd6339c701c9797ed5f06dcce41 Mon Sep 17 00:00:00 2001 From: Josh Kamdjou Date: Tue, 12 Sep 2023 21:18:45 -0400 Subject: [PATCH] Add known Venmo domain --- detection-rules/impersonation_venmo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection-rules/impersonation_venmo.yml b/detection-rules/impersonation_venmo.yml index e22d70de6cf..513a75b1ec3 100644 --- a/detection-rules/impersonation_venmo.yml +++ b/detection-rules/impersonation_venmo.yml @@ -12,7 +12,7 @@ source: | or strings.ilevenshtein(sender.display_name, 'venmo') <= 1 or strings.ilike(sender.email.domain.domain, '*venmo*') ) - and sender.email.domain.root_domain not in~ ('venmo.com', 'synchronybank.com', 'venmocreditsurvey.com') + and sender.email.domain.root_domain not in~ ('venmo.com', 'synchronybank.com', 'venmocreditsurvey.com', 'venmo-experience.com') and sender.email.email not in $recipient_emails // and not if the sender.display.name contains "via" and dmarc pass from venmo.com