From 273049d5c6178722cb1dbffa361652f83dc66455 Mon Sep 17 00:00:00 2001 From: Josh Kamdjou Date: Tue, 12 Sep 2023 18:27:21 -0700 Subject: [PATCH] Add known Venmo domain (#786) --- detection-rules/impersonation_venmo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/detection-rules/impersonation_venmo.yml b/detection-rules/impersonation_venmo.yml index e22d70de6cf..513a75b1ec3 100644 --- a/detection-rules/impersonation_venmo.yml +++ b/detection-rules/impersonation_venmo.yml @@ -12,7 +12,7 @@ source: | or strings.ilevenshtein(sender.display_name, 'venmo') <= 1 or strings.ilike(sender.email.domain.domain, '*venmo*') ) - and sender.email.domain.root_domain not in~ ('venmo.com', 'synchronybank.com', 'venmocreditsurvey.com') + and sender.email.domain.root_domain not in~ ('venmo.com', 'synchronybank.com', 'venmocreditsurvey.com', 'venmo-experience.com') and sender.email.email not in $recipient_emails // and not if the sender.display.name contains "via" and dmarc pass from venmo.com