Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sender Profiles: Prevalence and Past behavior #815

Merged
merged 28 commits into from
Oct 4, 2023
Merged

Sender Profiles: Prevalence and Past behavior #815

merged 28 commits into from
Oct 4, 2023

Conversation

morriscode
Copy link
Member

No description provided.

@jkamdjou
Copy link
Member

@morriscode are there real regressions here?

@morriscode
Copy link
Member Author

morriscode commented Sep 25, 2023
edited
Loading

I'm guessing this might be caching at least in SharedEML testing... not sure why Mimic would run into caching issues.

notion.so/EML-37350 - Not a regression both original rules still fire? What is interesting is they didn't fire until I sent it to editor, the initial MLV showed no rules firing?

  • Body: Business Email Compromise (BEC) attempt from first-time sender (old)
  • Body: Business Email Compromise (BEC) attempt from first-time sender (new)

notion.so/EML-30853 - Similar issue as above, except the old rule fires at the MLV, but the new rule doesn't show matching until sending to editor where both rules show matching.

  • Attachment: DocuSign image lure with no DocuSign domains in links (old)
  • Attachment: DocuSign image lure with no DocuSign domains in links (new)

notion.so/EML-30303 - Similar issue - Attachment: Any HTML file (unsolicited) fired in the MLV. But 3 rules show firing after sending to editor. 2 of which are the version in this PR.

  • Attachment: Any HTML file (first-time sender) (new)
  • Attachment: Any HTML file (unsolicited) (new)
  • Attachment: Any HTML file (unsolicited) (old)

cc @jkamdjou @cameron-dunn-sublime before I go any further I suspect this will be true for the remaining though, we should probably figure out what's going on in the above scenarios?

notion.so/EML-34952
notion.so/EML-34832
notion.so/EML-35067
notion.so/EML-34489
notion.so/EML-34617
notion.so/EML-34189
notion.so/EML-35804

@jkamdjou
Copy link
Member

jkamdjou commented Sep 26, 2023
edited
Loading

I'm guessing this might be caching at least in SharedEML testing... not sure why Mimic would run into caching issues.

notion.so/EML-37350 - Not a regression both original rules still fire? What is interesting is they didn't fire until I sent it to editor, the initial MLV showed no rules firing?

  • Body: Business Email Compromise (BEC) attempt from first-time sender (old)
  • Body: Business Email Compromise (BEC) attempt from first-time sender (new)

notion.so/EML-30853 - Similar issue as above, except the old rule fires at the MLV, but the new rule doesn't show matching until sending to editor where both rules show matching.

  • Attachment: DocuSign image lure with no DocuSign domains in links (old)
  • Attachment: DocuSign image lure with no DocuSign domains in links (new)

notion.so/EML-30303 - Similar issue - Attachment: Any HTML file (unsolicited) fired in the MLV. But 3 rules show firing after sending to editor. 2 of which are the version in this PR.

  • Attachment: Any HTML file (first-time sender) (new)
  • Attachment: Any HTML file (unsolicited) (new)
  • Attachment: Any HTML file (unsolicited) (old)

cc @jkamdjou @cameron-dunn-sublime before I go any further I suspect this will be true for the remaining though, we should probably figure out what's going on in the above scenarios?

notion.so/EML-34952 notion.so/EML-34832 notion.so/EML-35067 notion.so/EML-34489 notion.so/EML-34617 notion.so/EML-34189 notion.so/EML-35804

+@rw-access in case you have any additional context

@morriscode
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Sep 26, 2023
Sync from PR#815
9cd96cd 
Sender Profiles: Prevalence and Past behavior  by @morriscode
#815
Source SHA aed114f
Triggered by @morriscode
@morriscode
Copy link
Member Author

/update-test-rules

1 similar comment
@morriscode
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Sep 27, 2023
Sync from PR#815
d607023 
Sender Profiles: Prevalence and Past behavior  by @morriscode
#815
Source SHA aed114f
Triggered by @morriscode
@morriscode
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Oct 2, 2023
Sync from PR#815
80925b7 
Sender Profiles: Prevalence and Past behavior  by @morriscode
#815
Source SHA aed114f
Triggered by @morriscode
@cameron-dunn-sublime
Copy link
Member

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Oct 2, 2023
Sync from PR#815
fff7f05 
Sender Profiles: Prevalence and Past behavior  by @morriscode
#815
Source SHA aed114f
Triggered by @cameron-dunn-sublime
@cameron-dunn-sublime cameron-dunn-sublime mentioned this pull request Oct 2, 2023
Merged
@cameron-dunn-sublime
Copy link
Member

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Oct 2, 2023
Sync from PR#815
6036dcc 
Sender Profiles: Prevalence and Past behavior  by @morriscode
#815
Source SHA aed114f
Triggered by @cameron-dunn-sublime
@morriscode morriscode requested a review from a team October 4, 2023 21:46
rw-access
rw-access approved these changes Oct 4, 2023
View reviewed changes
Copy link
Contributor

@rw-access rw-access left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
comments could be improved but no need to block on that IMO

morriscode and others added 16 commits October 4, 2023 18:07
@morriscode
Update attachment_eml_cred_theft.yml
512f088
@morriscode
Update attachment_eml_with_html_attachment.yml
f1d6b1f
@morriscode
Update attachment_microsoft_image_lure_qr_code.yml
e399c7b
@morriscode
Update attachment_office365_image.yml
e347c3f
@morriscode
Update attachment_pdf_link_to_dmg.yml
2795540
@morriscode
Update impersonation_barracuda.yml
a5bbd06
@morriscode
Update body_business_email_compromise_new_sender.yml
269217f
@morriscode
Update impersonation_dhl.yml
d8ae07d
@morriscode
Update headers_replyto_new_domain_nlu_request.yml
c0de6a3
@morriscode
Update impersonation_employee_urgent_request.yml
5a85c00
@morriscode
Update link_credential_phishing.yml
fa4c1d4
@morriscode
Update impersonation_fake_msg_thread_mismatched_from_freemail_replyto…
f43855b 
….yml
@morriscode
Update impersonation_microsoft.yml
c80d788
@morriscode
Update impersonation_recipient_domain.yml
f8cd0f0
@morriscode
Update impersonation_spotify.yml
2ab25e4
@morriscode
Removing FTS//Unsolicited Comments
db1cd08
@morriscode morriscode merged commit 9b20913 into main Oct 4, 2023
2 of 3 checks passed
@morriscode morriscode deleted the sender_profiles branch October 4, 2023 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rw-access rw-access rw-access approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@morriscode @jkamdjou @cameron-dunn-sublime @rw-access