[PR #3080] changed rule: Fuzzy Attack Score: Malicious Content Detected

Author: github-actions[bot]

detection-rules/3080_fuzzy_attack_malicious.yml

@@ -0,0 +1,26 @@
+name: "Fuzzy Attack Score: Malicious Content Detected"
+description: "Message analyzed by fuzzy attack scoring algorithm and determined to contain malicious content with high confidence."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and beta.fuzzy_attack_score().analyzed
+  and beta.fuzzy_attack_score().verdict == "malicious"
+
+attack_types:
+  - "BEC/Fraud"
+  - "Callback Phishing"
+  - "Credential Phishing"
+  - "Extortion"
+  - "Malware/Ransomware"
+tactics_and_techniques:
+  - "Social engineering"
+  - "Evasion"
+detection_methods:
+  - "Content analysis"
+  - "Natural Language Understanding"
+  - "File analysis"
+id: "68a93248-8161-5452-a166-831d6a1633d2"
+og_id: "853a3e74-58a8-54c1-9367-79e27a73646b"
+testing_pr: 3080
+testing_sha: 65dbb68d367b1196b17c1452301263bba99e0405