[PR #3081] changed rule: Suspicious content identified by fuzzy attack detection

Author: github-actions[bot]

detection-rules/3081_fuzzy_attack_spam.yml

@@ -0,0 +1,21 @@
+name: "Suspicious content identified by fuzzy attack detection"
+description: "Message has been analyzed and flagged as spam by the fuzzy attack detection system, indicating potentially malicious or unwanted content patterns."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and beta.fuzzy_attack_score().analyzed
+  and beta.fuzzy_attack_score().verdict == "spam"
+
+attack_types:
+  - "Spam"
+tactics_and_techniques:
+  - "Evasion"
+  - "Social engineering"
+detection_methods:
+  - "Content analysis"
+  - "Threat intelligence"
+id: "a3c34a5d-dedc-5911-ab58-0f327251f979"
+og_id: "e4a029a8-7a96-56fb-8f06-6e059807b785"
+testing_pr: 3081
+testing_sha: a5d3106dbd8593f7bf98d180c4c9f56d26335c2a