diff --git a/insights/sender/high_trust.yml b/insights/sender/high_trust.yml new file mode 100644 index 00000000000..7247de164e2 --- /dev/null +++ b/insights/sender/high_trust.yml @@ -0,0 +1,5 @@ +name: "High trust sender domain" +type: "query" +source: | + filter([sender.email.email], sender.email.domain.root_domain in $high_trust_sender_root_domains) +severity: "informational"