Skip to content

Create abuse_hellosign_unsolicited_sender.yml #2548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Apr 30, 2025
Merged

Create abuse_hellosign_unsolicited_sender.yml #2548

merged 7 commits into from
Apr 30, 2025

Conversation

zoomequipd
Copy link
Member

Description

ASR rule for HelloSign messages from newly observed sender

Associated hunts

@zoomequipd zoomequipd requested a review from a team as a code owner April 3, 2025 13:35
@zoomequipd
Copy link
Member Author

/update-test-rules

@zoomequipd zoomequipd added the in-test-rules PR is in our testing suite to collect telemetry label Apr 4, 2025
github-actions bot pushed a commit that referenced this pull request Apr 4, 2025
Sync from PR#2548
17fee02 
Create abuse_hellosign_unsolicited_sender.yml by @zoomequipd
#2548
Source SHA c698df8
Triggered by @zoomequipd
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Apr 11, 2025
Sync from PR#2548
da61b8e 
Create abuse_hellosign_unsolicited_sender.yml by @zoomequipd
#2548
Source SHA 8a5f819
Triggered by @zoomequipd
@zoomequipd zoomequipd added the pending-external-task Waiting on a feature/bug fix/release label Apr 15, 2025
@zoomequipd zoomequipd removed the pending-external-task Waiting on a feature/bug fix/release label Apr 15, 2025
@zoomequipd
Copy link
Member Author

/update-test-rules

github-actions bot pushed a commit that referenced this pull request Apr 15, 2025
Sync from PR#2548
d101120 
Create abuse_hellosign_unsolicited_sender.yml by @zoomequipd
#2548
Source SHA 1bb668c
Triggered by @zoomequipd
@zoomequipd zoomequipd added the review-needed Indicates that a PR is waiting for review label Apr 25, 2025
@zoomequipd
Copy link
Member Author

ASR rule, has several TP on malicious samples within telemetry data.

@zoomequipd zoomequipd added this pull request to the merge queue Apr 30, 2025
Merged via the queue into main with commit 01d08ad Apr 30, 2025
3 checks passed
@zoomequipd zoomequipd deleted the zoomequipd-patch-11 branch April 30, 2025 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@morriscode morriscode morriscode approved these changes

Assignees
No one assigned
Labels
in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zoomequipd @morriscode @aidenmitchell