Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create impersonation_capitalone.yml #2151

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Prev Previous commit
Next Next commit
Update impersonation_capitalone.yml
  • Loading branch information
zoomequipd authored Nov 25, 2024
commit 1cbbea7d84875c4efa25d9c6990625ee143b48ff
3 changes: 1 addition & 2 deletions detection-rules/impersonation_capitalone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ source: |
"gcs-web.com", // investor relations run by capital one
"capitalonearena.com", // the arena
"monumentalsports.com", // the company that owns a bunch of teams that play at the arena?
"ticketmaster.com", // sell and advertises tickets at Capital One Arena
)
and headers.auth_summary.dmarc.pass
)
Expand All @@ -57,8 +58,6 @@ source: |
)
or sender.email.domain.root_domain not in $high_trust_sender_root_domains
)


attack_types:
- "Credential Phishing"
tactics_and_techniques:
Expand Down
Loading