LWescott Update credential_phishing_esign_document_notification.yml

Open IndiaAce opened this issue 1 month ago • 1 comments

Description

From a runner expanding coverage to include any character within a bound of 4 between e and doc.

-Hunt 1 showing exclusive matches on the change. -Hunt 2 updated hunt showing all matches

Oct 28 '25 15:10 IndiaAce

Telemetry is awful on this, taking out of R4R

Oct 30 '25 18:10 IndiaAce

net-new telemetry on these look good, the customer hits with "likely_benign" were mostly pen tests... marking as ready for review.

Nov 20 '25 15:11 IndiaAce