[PR #2729] modified rule: Service abuse: Monday.com infrastructure with phishing intent

github-actions[bot] · github-actions[bot] · commit a2a67d6559ac · 2025-11-04T02:12:19.000Z
diff --git a/detection-rules/2729_monday_infra_abuse.yml b/detection-rules/2729_monday_infra_abuse.yml
@@ -1,4 +1,4 @@
-name: "Monday.com link infrastructure abuse"
+name: "Service abuse: Monday.com infrastructure with phishing intent"
 description: "Detects unauthorized use of Monday.com tracking links in messages, attachments, or QR codes from unusual senders who lack proper authentication. Excludes legitimate replies and messages from trusted domains with valid DMARC."
 type: "rule"
 severity: "high"
@@ -144,4 +144,4 @@ detection_methods:
 id: "c778ee1a-92b4-5971-ac77-5514627ce5c0"
 og_id: "a346e3b1-603e-5ef0-8547-d40ba4282352"
 testing_pr: 2729
-testing_sha: 3cc173163551cfdc6548886d4380adf9ffc0c010
+testing_sha: c7f250e64c1fb87075edf8ed83650db618d0d4ce
