[PR #3556] modified rule: Impersonation: Social Security Administration (SSA)

Author: github-actions[bot]

detection-rules/3556_impersonation_social_security_admin.yml

@@ -35,20 +35,6 @@ source: |
              )
            )
     )
-    // display name or subject references a statement
-    or (
-      any([sender.display_name, subject.subject],
-          regex.icontains(strings.replace_confusables(.),
-                          '(Digital|(e[[:punct:]]?))\s?Statements?.{0,10}(Generated|Created|Issued|Ready)'
-          )
-          // or the Login.gov SSO service
-          or strings.icontains(strings.replace_confusables(.), "login.gov")
-      )
-      // with SSA impersonation in the body
-      and strings.icontains(body.current_thread.text,
-                            'Social Security Administration'
-      )
-    )
   )
   // Contains a link
   and length(body.links) >= 1
@@ -113,4 +99,4 @@ detection_methods:
 id: "cec70a4b-bb82-55ff-8542-22e92fc38afb"
 og_id: "6196767e-6264-5833-96f3-d1e34424d7b5"
 testing_pr: 3556
-testing_sha: 74b9a1290b1da0be13f05b6fd89468c44642a52d
+testing_sha: c8c16cbf4c42c6d164bb581e1339ab6e502a2656