From de8c38262ed8cda7c55a087c9d0e802f7d462458 Mon Sep 17 00:00:00 2001
From: Cameron Dunn <cameron@sublimesecurity.com>
Date: Wed, 27 Dec 2023 11:24:50 -0800
Subject: [PATCH] and change rule

---
 detection-rules/attachment_adobe_image_lure_qr_code.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detection-rules/attachment_adobe_image_lure_qr_code.yml b/detection-rules/attachment_adobe_image_lure_qr_code.yml
index a8240b5f819..51ae12b063b 100644
--- a/detection-rules/attachment_adobe_image_lure_qr_code.yml
+++ b/detection-rules/attachment_adobe_image_lure_qr_code.yml
@@ -27,6 +27,7 @@ source: |
                 regex.icontains(.scan.ocr.raw, 'scan|camera')
                 and regex.icontains(.scan.ocr.raw, '\bQR\b|Q\.R\.|barcode')
             )
+  
             or (
               any(file.explode(.),
                   .scan.qr.type == "url"