Skip to content

Commit

Permalink
Bump severities to high (#775)
Browse files Browse the repository at this point in the history
  • Loading branch information
jkamdjou authored Sep 5, 2023
1 parent ef1a7aa commit 2948963
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: "Attachment: DocuSign image lure with no DocuSign domains in links"
description: "Detects DocuSign phishing emails with no DocuSign links, a DocuSign logo attached, from a first-time sender."
type: "rule"
severity: "medium"
severity: "high"
source: |
type.inbound
and length(filter(attachments, .file_type not in $file_types_images)) == 0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: "Brand impersonation: Microsoft (QR code)"
description: |
Detects messages using Microsoft image based lures, referencing or including a QR code from an Unsolicited sender. These messages often lead users to phishing sites or initiate unwanted downloads.
type: "rule"
severity: "medium"
severity: "high"
source: |
type.inbound
and (
Expand Down
2 changes: 1 addition & 1 deletion detection-rules/attachment_office365_image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ name: "Attachment: Office365 image (unsolicited)"
description: |
Looks for messages with an image attachment that contains words related to Microsoft, Office365, and passwords.
type: "rule"
severity: "medium"
severity: "high"
source: |
type.inbound
and length(filter(attachments, .file_type not in $file_types_images)) == 0
Expand Down

0 comments on commit 2948963

Please sign in to comment.