From 779a368e54da93bb7625d163243f2d5d0c100308 Mon Sep 17 00:00:00 2001 From: Sam Scholten Date: Tue, 7 Nov 2023 13:28:30 -0500 Subject: [PATCH] TEST - Update headers_russia_return_path.yml Testing removal of prevalence --- detection-rules/headers_russia_return_path.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/detection-rules/headers_russia_return_path.yml b/detection-rules/headers_russia_return_path.yml index 2daabd83ce5..1831c9414c7 100644 --- a/detection-rules/headers_russia_return_path.yml +++ b/detection-rules/headers_russia_return_path.yml @@ -7,13 +7,6 @@ source: | type.inbound and headers.return_path.domain.tld == "ru" and sender.email.email not in $recipient_emails - and ( - profile.by_sender().prevalence in ("new", "outlier") - or ( - profile.by_sender().any_messages_malicious_or_spam - and not profile.by_sender().any_false_positives - ) - ) attack_types: - "BEC/Fraud" - "Credential Phishing"