From 888954bcca73e2328c355da24325ee5dc032618c Mon Sep 17 00:00:00 2001 From: Aiden Mitchell Date: Wed, 29 Nov 2023 14:04:52 -0800 Subject: [PATCH] Update recipient_address_in_link.yml (#1061) Co-authored-by: Sam Scholten --- insights/links/recipient_address_in_link.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/insights/links/recipient_address_in_link.yml b/insights/links/recipient_address_in_link.yml index b81fd2924d7..7794c535904 100644 --- a/insights/links/recipient_address_in_link.yml +++ b/insights/links/recipient_address_in_link.yml @@ -1,7 +1,7 @@ name: "Recipient email in link" type: "query" source: | - distinct(map(filter(body.links, any(recipients.to, strings.icontains(..href_url.url, .email.email))), .href_url.url), .) + distinct(map(filter(body.links, any(recipients.to, strings.icontains(..href_url.url, .email.email) and any(recipients.to, .email.domain.valid))), .href_url.url), .) severity: "low" tags: - "Suspicious links"