From c3bd2a155076c266aa0c899aa82cdf213e70883c Mon Sep 17 00:00:00 2001
From: Sam Scholten <sam@sublimesecurity.com>
Date: Thu, 28 Sep 2023 12:36:00 -0400
Subject: [PATCH] Update attachment_qr_code_suspicious_components.yml

---
 detection-rules/attachment_qr_code_suspicious_components.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/detection-rules/attachment_qr_code_suspicious_components.yml b/detection-rules/attachment_qr_code_suspicious_components.yml
index 64404fd0c1f..1d8edaa25b2 100644
--- a/detection-rules/attachment_qr_code_suspicious_components.yml
+++ b/detection-rules/attachment_qr_code_suspicious_components.yml
@@ -51,12 +51,14 @@ source: |
 attack_types:
   - "Credential Phishing"
 tactics_and_techniques:
-  - "Impersonation: Brand"
   - "QR code"
   - "Social engineering"
 detection_methods:
   - "Computer Vision"
   - "Header analysis"
+  - "Natural Language Understanding"
   - "QR code analysis"
   - "Sender analysis"
+  - "URL analysis"
+  - "URL screenshot"
 id: "ed0f772a-6543-5947-80d1-55a11ea63074"