Skip to content

update: DNS Query to External Service Interaction Domains - Add domains change modifier #5823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
darses wants to merge 3 commits into
base: master
Choose a base branch
from
Open

update: DNS Query to External Service Interaction Domains - Add domains change modifier #5823

darses wants to merge 3 commits into from

Conversation

@darses
Copy link
Contributor

@darses darses commented Jan 2, 2026

Summary of the Pull Request

Add new OAST domains and set modifier to endswith.

Changelog

update: DNS Query to External Service Interaction Domains - Add domains digimg.store, instances.httpworkbench.com, odiss.eu.
update: DNS Query to External Service Interaction Domains - Change modifier from contains to endswith

Example Log Event

Fixed Issues

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@github-actions github-actions bot added Rules Review Needed The PR requires review labels Jan 2, 2026
@darses darses changed the title Add new OAST domains update: DNS Query to External Service Interaction Domains - Add domains change modifier Jan 2, 2026
@swachchhanda000 swachchhanda000 added the Author Input Required changes the require information from original author of the rules label Jan 5, 2026
@swachchhanda000 swachchhanda000 removed the Author Input Required changes the require information from original author of the rules label Jan 5, 2026
Copilot AI reviewed Jan 5, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the DNS Query to External Service Interaction Domains detection rule by adding three new OAST (Out-of-Application Security Testing) domains and changing the matching modifier from contains to endswith for more precise domain matching.

Key Changes:

  • Changed the query modifier from contains to endswith to prevent false positives from substring matches
  • Added three new OAST domains: .digimg.store, .instances.httpworkbench.com, and .odiss.eu
  • Added clarifying comments to identify the service providers for various OAST domains

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@swachchhanda000 swachchhanda000 swachchhanda000 approved these changes

Copilot code review Copilot Copilot left review comments

@frack113 frack113 frack113 approved these changes

@nasbench nasbench Awaiting requested review from nasbench

@phantinuss phantinuss Awaiting requested review from phantinuss

Assignees

No one assigned

Labels

Review Needed The PR requires review Rules

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@darses @frack113 @swachchhanda000