[PR #3083] changed rule: Fuzzy Attack Score: Graymail Content Detected

github-actions[bot] · github-actions[bot] · commit b15db81d60a8 · 2025-08-14T15:18:59.000Z
diff --git a/detection-rules/3083_fuzzy_attack_graymail.yml b/detection-rules/3083_fuzzy_attack_graymail.yml
@@ -0,0 +1,20 @@
+name: "Fuzzy Attack Score: Graymail Content Detected"
+description: "Message analyzed by fuzzy attack detection system and classified as graymail, indicating potentially unwanted or suspicious content that falls between legitimate and malicious."
+type: "rule"
+severity: "medium"
+source: |
+  type.inbound
+  and beta.fuzzy_attack_score().analyzed
+  and beta.fuzzy_attack_score().verdict == "graymail"
+
+attack_types:
+  - "Spam"
+tactics_and_techniques:
+  - "Evasion"
+detection_methods:
+  - "Content analysis"
+  - "Threat intelligence"
+id: "eab9aeaf-264d-594d-92c1-61697021d380"
+og_id: "4fbeb8bd-2253-55ba-bfbb-cf7998be8822"
+testing_pr: 3083
+testing_sha: 92bc1db75de0f083bb5cc6d2a6f5832d9d268ce7
