Update impersonation_sharepoint_fake_file_share.yml

test removing of sender profile logic
sublime-security · Jan 6, 2025 · a23280b · a23280b
1 parent 00287f1
commit a23280b
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/detection-rules/impersonation_sharepoint_fake_file_share.yml b/detection-rules/impersonation_sharepoint_fake_file_share.yml
@@ -273,15 +273,15 @@ source: |
     )
     or sender.email.domain.root_domain not in $high_trust_sender_root_domains
   )
-  and (
-    profile.by_sender().solicited == false
-    or profile.by_sender_email().prevalence == "new"
-    or (
-      profile.by_sender().any_messages_malicious_or_spam
-      and not profile.by_sender().any_false_positives
-    )
-  )
-  and not profile.by_sender().any_false_positives
+  // and (
+  //  profile.by_sender().solicited == false
+  //  or profile.by_sender_email().prevalence == "new"
+  //  or (
+  //    profile.by_sender().any_messages_malicious_or_spam
+  //    and not profile.by_sender().any_false_positives
+  //  )
+  // )
+  // and not profile.by_sender().any_false_positives
 attack_types:
   - "Credential Phishing"
   - "Malware/Ransomware"