@@ -5,49 +5,17 @@ severity: "medium"
55source : |
66 type.inbound
77 and length(body.previous_threads) >= 3
8- and (
9- (
10- (
11- strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
12- "wife and i"
13- )
14- or strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
15- "husband and i"
16- )
17- )
18- and strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
19- "call"
20- )
21- and (
22- strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
23- "zoom"
24- )
25- or strings.icontains(body.previous_threads[length(body.previous_threads) - 2].text,
26- "google meet"
27- )
28- )
29- )
30- or (
31- (
32- strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
33- "wife and i"
34- )
35- or strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
36- "husband and i"
37- )
38- )
39- and strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
40- "call"
41- )
42- and (
43- strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
44- "zoom"
45- )
46- or strings.icontains(body.previous_threads[length(body.previous_threads) - 3].text,
47- "google meet"
48- )
49- )
50- )
8+ and any(body.previous_threads,
9+ strings.icontains(.text, "call")
10+ and (
11+ strings.icontains(.text, "wife and i")
12+ or strings.icontains(.text, "husband and i")
13+ )
14+ and (
15+ (strings.icontains(.text, "zoom"))
16+ or (strings.icontains(.text, "google meet"))
17+ )
18+ and length(.text) < 1400
5119 )
5220
5321attack_types :
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments