drilldown update- minor

patel-bhavin · web-flow · commit d5feba104218 · 2025-03-11T13:22:04.000-07:00
diff --git a/detections/cloud/o365_bec_email_hiding_rule_created.yml b/detections/cloud/o365_bec_email_hiding_rule_created.yml
@@ -22,8 +22,8 @@ known_false_positives: Short rule names may trigger false positives. Adjust
 references:
 - https://attack.mitre.org/techniques/T1564/008/
 drilldown_searches:
-- name: View the detection results
-  search: '%original_detection_search%'
+- name: View the detection results for - "$user$"
+  search: '%original_detection_search% | search  dest = "$user$"'
   earliest_offset: $info_min_time$
   latest_offset: $info_max_time$
 - name: View risk events for the last 7 days for $user$
