Skip to content

excludes false positives from outlign.co#4705

Open
hilt86 wants to merge 1 commit into
sublime-security:mainfrom
hilt86:patch-1
Open

excludes false positives from outlign.co#4705
hilt86 wants to merge 1 commit into
sublime-security:mainfrom
hilt86:patch-1

Conversation

@hilt86

@hilt86 hilt86 commented Jun 22, 2026

Copy link
Copy Markdown

Outlign sends messages that probably match on task assigned messages from Outlign.

Description

Associated samples

@hilt86
excludes false positives from outlign.co
b826a97 
Outlign sends messages that probably match on task assigned messages from Outlign.
@hilt86 hilt86 requested a review from a team June 22, 2026 05:29
@hilt86 hilt86 requested a review from a team as a code owner June 22, 2026 05:29
@github-actions github-actions Bot added review-needed Indicates that a PR is waiting for review test-rules:excluded:author_membership labels Jun 22, 2026
@github-actions

github-actions Bot commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

Test Rules Sync - Action Required

This PR was not automatically synced to test-rules because the author is not a member of the sublime-security organization.

To enable syncing, an organization member can comment /update-test-rules on this PR.

Once triggered, the rules will be synced on the next scheduled run (every 10 minutes).

@hilt86

hilt86 commented Jun 22, 2026

Copy link
Copy Markdown
Author

/update-test-rules

@zoomequipd zoomequipd self-assigned this Jun 22, 2026
@zoomequipd

zoomequipd commented Jun 22, 2026

Copy link
Copy Markdown
Member

Hello @hilt86 Thanks for this submission!

There are currently two different locations for handle FPs within this rule.

  1. by negating the .href_url.domain.root_domain of the link (which you've implemented)
  2. by negating on the sender root domain

Why did you select option 1 instead of 2?
Do you happen to have a sample that you can share (I'm on the Sublime Community slack if needed)?

Thanks again!

@zoomequipd zoomequipd self-requested a review June 22, 2026 15:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zoomequipd zoomequipd Awaiting requested review from zoomequipd

At least 1 approving review is required to merge this pull request.

Assignees

@zoomequipd zoomequipd

Labels

review-needed Indicates that a PR is waiting for review shared-samples:excluded:author_membership test-rules:excluded:author_membership

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hilt86 @zoomequipd