From 483588ad6776e9e230ede9b5473e16d33f0a04bf Mon Sep 17 00:00:00 2001
From: Brandon Murphy <4827852+zoomequipd@users.noreply.github.com>
Date: Fri, 27 Dec 2024 13:44:08 -0600
Subject: [PATCH] Update link_hidden_dir.yml

---
 detection-rules/link_hidden_dir.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/detection-rules/link_hidden_dir.yml b/detection-rules/link_hidden_dir.yml
index 1a60b99f5b5..a9756f9d71b 100644
--- a/detection-rules/link_hidden_dir.yml
+++ b/detection-rules/link_hidden_dir.yml
@@ -8,7 +8,8 @@ source: |
   and any(body.links,
           (
             strings.icontains(.href_url.path, "/.well-known/")
-            and not strings.icontains(.href_url.path, '/.well-known/security.txt')
+            and not strings.ends_with(.href_url.path, '/.well-known/security.txt')
+            and not strings.ends_with(.href_url.path, '/.well-known/jwks.json')
           )
           or strings.icontains(.href_url.path, "/.js/")
           or strings.icontains(.href_url.path, "/.env/")