[Shared Samples] [PR #4513] modified rule: PR# 4513 - VIP impersonation with urgent request (strict match, untrusted sender)

Author: github-actions[bot]

detection-rules/4513_impersonation_vip_urgent_request.yml

@@ -9,12 +9,8 @@ source: |
   type.inbound
   and any($org_vips,
           .display_name =~ sender.display_name
+          or strings.concat(.first_name, " ", .last_name) =~ sender.display_name
           or strings.concat(.last_name, ", ", .first_name) =~ sender.display_name
-          or any(regex.extract(.display_name,
-                               '\A(?P<name>.+?)\s*[\(（][^)）]*[)）]\s*\z'
-                 ),
-                 .named_groups["name"] =~ sender.display_name
-          )
   )
   and (
     any(ml.nlu_classifier(body.current_thread.text).intents,