Update link_credential_phishing_secure_message.yml (#879)

sublime-security · Oct 25, 2023 · 99274fa · 99274fa
1 parent 9df8723
commit 99274fa
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/detection-rules/link_credential_phishing_secure_message.yml b/detection-rules/link_credential_phishing_secure_message.yml
@@ -27,7 +27,7 @@ source: |
             .href_url.domain.root_domain != sender.email.domain.root_domain
     )
     // Negate known secure mailer(s)
-    and not all(body.links, .href_url.domain.root_domain in ("mimecast.com"))
+    and not all(body.links, .href_url.domain.root_domain in ("mimecast.com", "cisco.com"))
   )
   and (
     profile.by_sender().prevalence in ("new", "outlier")
@@ -36,6 +36,7 @@ source: |
       and not profile.by_sender().any_false_positives
     )
   )
+
 attack_types:
   - "Credential Phishing"
 tactics_and_techniques: