[PR #3457] modified rule: Brand impersonation: Paperless Post

Author: github-actions[bot]

detection-rules/3457_brand_impersonation_paperlesspost.yml

@@ -20,8 +20,10 @@ source: |
   ) < 2
   and not (
     (subject.is_forward or subject.is_reply)
-    and (length(headers.references) != 0 or headers.in_reply_to is not null)
-    and length(body.previous_threads) > 0
+    and (
+      (length(headers.references) != 0 or headers.in_reply_to is not null)
+      or length(body.previous_threads) > 0
+    )
   )
   and not (
     sender.email.domain.root_domain == "paperlesspost.com"
@@ -41,4 +43,4 @@ detection_methods:
 id: "bc42e605-e209-565f-aa99-de14bf398910"
 og_id: "e9ec5e09-e50f-5d02-ad14-35a1a1442960"
 testing_pr: 3457
-testing_sha: 781e64c32d8a4795ef65255b70858f7b5e817af9
+testing_sha: 5c998d9cd2864b47845d0149fcb99e46c5c57824