From b0acdaf403c1bc5350ab18039f9fb63016c64c3f Mon Sep 17 00:00:00 2001
From: Aiden Mitchell <me@aidenmitchell.ca>
Date: Tue, 17 Oct 2023 11:44:17 -0700
Subject: [PATCH] Update link_fake_thread_nlu_financial_request.yml

---
 detection-rules/link_fake_thread_nlu_financial_request.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/detection-rules/link_fake_thread_nlu_financial_request.yml b/detection-rules/link_fake_thread_nlu_financial_request.yml
index 6531d54e6b2..621035b06db 100644
--- a/detection-rules/link_fake_thread_nlu_financial_request.yml
+++ b/detection-rules/link_fake_thread_nlu_financial_request.yml
@@ -5,11 +5,6 @@ severity: "medium"
 source: |
   type.inbound
   and length(body.links) < 10
-  // suspicious link
-  and any(body.links,
-          .href_url.domain.root_domain not in $tranco_1m
-          and .href_url.domain.domain not in $umbrella_1m
-  )
   
   // fake thread check
   and (strings.istarts_with(subject.subject, "RE:") or strings.istarts_with(subject.subject, "FWD:"))