From a586d8333fbb64fc37c15324da455ba018daafc3 Mon Sep 17 00:00:00 2001
From: Ross Wolf <31489089+rw-access@users.noreply.github.com>
Date: Tue, 24 Oct 2023 10:47:39 -0600
Subject: [PATCH] Add PDF to QR code attachment detection (#870)

---
 detection-rules/attachment_qr_code_suspicious_components.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/detection-rules/attachment_qr_code_suspicious_components.yml b/detection-rules/attachment_qr_code_suspicious_components.yml
index c081611dfd6..4a940e2ef3a 100644
--- a/detection-rules/attachment_qr_code_suspicious_components.yml
+++ b/detection-rules/attachment_qr_code_suspicious_components.yml
@@ -9,7 +9,7 @@ source: |
   
   // Inspects image attachments for QR codes
   and any(attachments,
-          .file_type in $file_types_images
+          (.file_type in $file_types_images or .file_type == "pdf")
           and (
             any(file.explode(.),
                 .scan.qr.type == "url"