From ea32258737bf07745b07324437af255c1049f604 Mon Sep 17 00:00:00 2001
From: Aiden Mitchell <me@aidenmitchell.ca>
Date: Thu, 26 Oct 2023 10:11:56 -0700
Subject: [PATCH] Update qr_code_suspicious_indicators.yml (#886)

---
 detection-rules/qr_code_suspicious_indicators.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/detection-rules/qr_code_suspicious_indicators.yml b/detection-rules/qr_code_suspicious_indicators.yml
index b929c268a99..f040f97c35c 100644
--- a/detection-rules/qr_code_suspicious_indicators.yml
+++ b/detection-rules/qr_code_suspicious_indicators.yml
@@ -19,7 +19,6 @@ source: |
     and not sender.email.domain.root_domain in $org_display_names
     and (
       any(recipients.to, strings.icontains(sender.display_name, .email.domain.sld))
-      or any(recipients.to, strings.icontains(body.current_thread.text, .email.local_part))
       or length(body.current_thread.text) is null
       or body.current_thread.text == ""
       or regex.contains(subject.subject,