@@ -5,49 +5,17 @@ severity: "medium"
55source : |
66 type.inbound
77 and length(body.previous_threads) >= 3
8- and (
9- (
10- (
11- strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
12- "wife and i"
13- )
14- or strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
15- "husband and i"
16- )
17- )
18- and strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
19- "call"
20- )
21- and (
22- strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
23- "zoom"
24- )
25- or strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
26- "google meet"
27- )
28- )
29- )
30- or (
31- (
32- strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
33- "wife and i"
34- )
35- or strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
36- "husband and i"
37- )
38- )
39- and strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
40- "call"
41- )
42- and (
43- strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
44- "zoom"
45- )
46- or strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
47- "google meet"
48- )
49- )
50- )
8+ and any(body.previous_threads,
9+ strings.icontains(.text, "call")
10+ and (
11+ strings.icontains(.text, "wife and i")
12+ or strings.icontains(.text, "husband and i")
13+ )
14+ and (
15+ (strings.icontains(.text, "zoom"))
16+ or (strings.icontains(.text, "google meet"))
17+ )
18+ and length(.text) < 1400
5119 )
5220
5321attack_types :
@@ -60,4 +28,4 @@ detection_methods:
6028id : " 5b7a2e34-fda0-5aa7-ac6a-2bdd2c91dc05"
6129og_id : " bd23f3b2-a1e5-5a7c-ab0c-c15d4c4458f5"
6230testing_pr : 4317
63- testing_sha : dccd3dd546dd29fdfef00327f9ac88100df1b887
31+ testing_sha : 5f37e408d1dfe0e2dc6cee3c98e63d7596725942
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments