Skip to content

Update abuse_hellosign_sus_names.yml #2651

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Update abuse_hellosign_sus_names.yml #2651

wants to merge 15 commits into from

Conversation

zoomequipd
Copy link
Member

@zoomequipd zoomequipd commented Apr 25, 2025
edited
Loading

Description

  1. match on reminder message in addition to the existing logic for the initial message
  2. reduce number of function calls
  3. add minor keywords
  4. remove problematic keywords
  5. add second condition for org_domain detection
  6. use regex extract to optimize $org_domain check.

Associated samples

@zoomequipd zoomequipd requested a review from a team as a code owner April 25, 2025 17:49
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Apr 25, 2025
Sync from PR#2651
7f4f1f4 
Update abuse_hellosign_sus_names.yml by @zoomequipd
#2651
Source SHA 4642c23
Triggered by @zoomequipd
@zoomequipd zoomequipd added the in-test-rules PR is in our testing suite to collect telemetry label Apr 25, 2025
morriscode
morriscode previously approved these changes Apr 28, 2025
View reviewed changes
Copy link
Member

@morriscode morriscode left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is 🔥

@morriscode morriscode dismissed their stale review April 28, 2025 14:13

Mistaken hit

@zoomequipd
Copy link
Member Author

revised and removed problematic conditions, ran hunt, see no loss in TP matches.

@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Apr 29, 2025
Sync from PR#2651
5ce7743 
Update abuse_hellosign_sus_names.yml by @zoomequipd
#2651
Source SHA a3e84fd
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request May 1, 2025
Sync from PR#2651
0ee1482 
Update abuse_hellosign_sus_names.yml by @zoomequipd
#2651
Source SHA a993bc6
Triggered by @zoomequipd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morriscode morriscode morriscode left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
in-test-rules PR is in our testing suite to collect telemetry
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zoomequipd @morriscode