diff --git a/detection-rules/headers_russia_return_path.yml b/detection-rules/headers_russia_return_path.yml index 2daabd83ce5..1831c9414c7 100644 --- a/detection-rules/headers_russia_return_path.yml +++ b/detection-rules/headers_russia_return_path.yml @@ -7,13 +7,6 @@ source: | type.inbound and headers.return_path.domain.tld == "ru" and sender.email.email not in $recipient_emails - and ( - profile.by_sender().prevalence in ("new", "outlier") - or ( - profile.by_sender().any_messages_malicious_or_spam - and not profile.by_sender().any_false_positives - ) - ) attack_types: - "BEC/Fraud" - "Credential Phishing"