Update google_drive_abuse_credential_phishing.yml (#1090)

Co-authored-by: Josh Kamdjou <[email protected]> Co-authored-by: Ross Wolf <[email protected]>
sublime-security · Dec 6, 2023 · dfebf62 · dfebf62
1 parent f62ddf0
commit dfebf62
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/detection-rules/google_drive_abuse_credential_phishing.yml b/detection-rules/google_drive_abuse_credential_phishing.yml
@@ -26,8 +26,13 @@ source: |
                     )
                   )
                   and not beta.linkanalysis(..).effective_url.domain.domain == "accounts.google.com"
+                  // standard Google Docs error
+                  and not strings.contains(.scan.ocr.raw,
+                                           "encountered an error. Please try reloading this page"
+                  )
           )
   )
+
 attack_types:
   - "Credential Phishing"
 tactics_and_techniques: