sublime-rules

sublime-rules copied to clipboard

# Description adding logic to flag `x-corp` link subdomains and sender local_part # Associated samples - https://platform.sublime.security/messages/4f8fb4f358390644502b7be643572af2aec62667ba29761eabab48e853aa2a33

peterdj45

# Description Noticed some FNs in a grey area in our detections and wanted to create a little defense in-depth. I want to let this sit in test rules for...

IndiaAce

# Description adding additional logic to account for variations with suspicious sender display names # Associated samples -https://platform.sublime.security/messages/4f9e422c33e572c3d63f5f24d8ab95054424fe79aee16b07c5b853808db8d18f -https://platform.sublime.security/messages/4f9e4a886732fd185b6b0017ec174c40fb6794785055e3bfc0f62f0cafe3731f ## Associated hunts - https://platform.sublime.security/messages/hunt?huntId=019a0935-e2a8-7039-9741-77444668c5ec

peterdj45

# Description This rule detects messages with links to office documents hosted on suspicious file sharing services, including Telegram Bot API and free hosts, while excluding SharePoint. # Associated samples...

morriscode

Update cred_theft_suspicious_invoice_w_missing_or_image_only_attachme…

3

…nts.yml # Description Adding additional keyword logic # Associated samples - https://platform.sublime.security/messages/a9d38f9c3be006f2d18557761956a9dd48acc4304aee0864c3c9306d22e6f54a ## Associated hunts - https://platform.sublime.security/messages/hunt?huntId=0196dae9-0306-763c-a02a-62545618dca9

peterdj45

Update spam_attendee_list_solicitation.yml

1

# Description Wrapped positive identifiers in an `X of` statement. Added two more positive identifiers to the `X of` statement; one for if the sender is using a free email...

chrome-penguin