Skip to content

Commit 37e6cf8

Browse files
[PR #3068] modified rule: Brand impersonation: Charter Spectrum
1 parent 63b9b8c commit 37e6cf8

File tree

1 file changed

+4
-2
lines changed

1 file changed

+4
-2
lines changed

detection-rules/3068_impersonation_charter_spectrum.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,9 @@ source: |
1111
sender.email.domain.root_domain in (
1212
"spectrumemails.com", // primary communication domain
1313
"spectrum.com", // see some sales prospecting from various spectrum.com subdomains
14-
"beagleinsight.com" // survey vendor
14+
"beagleinsight.com", // survey vendor
15+
"ccsend.com", // Constant Contact, 3rd party marketing/mailer
16+
"tbjobalerts.com" // Job listing -- looks like vendor
1517
)
1618
and headers.auth_summary.dmarc.pass
1719
)
@@ -29,4 +31,4 @@ detection_methods:
2931
id: "26162949-d936-5dd7-a626-6f1b3ca41dff"
3032
og_id: "f1cd01e0-3f2b-52c3-9e99-66a9726763ce"
3133
testing_pr: 3068
32-
testing_sha: c9f7632e83fd300b8e9b52d9121e1f2e0124ab92
34+
testing_sha: fc420e0a0b8c9ae828a8c5643e1e866a31f0aa96

0 commit comments

Comments
 (0)