From 6ac278df0c8fb752673e24754e2f8d1371cbc4cc Mon Sep 17 00:00:00 2001
From: Samirbous <64742097+Samirbous@users.noreply.github.com>
Date: Thu, 18 Jul 2024 13:59:53 +0100
Subject: [PATCH] [tuning] Connection to Commonly Abused Web Services (#3901)

* Update command_and_control_common_webservices.toml

* Update command_and_control_common_webservices.toml

---------

Co-authored-by: Jonhnathan <26856693+w0rk3r@users.noreply.github.com>
---
 rules/windows/command_and_control_common_webservices.toml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/rules/windows/command_and_control_common_webservices.toml b/rules/windows/command_and_control_common_webservices.toml
index f294ae465..f6703c421 100644
--- a/rules/windows/command_and_control_common_webservices.toml
+++ b/rules/windows/command_and_control_common_webservices.toml
@@ -2,7 +2,7 @@
 creation_date = "2020/11/04"
 integration = ["endpoint"]
 maturity = "production"
-updated_date = "2024/05/21"
+updated_date = "2024/07/16"
 
 [transform]
 [[transform.osquery]]
@@ -217,7 +217,9 @@ network where host.os.type == "windows" and network.protocol == "dns" and
         "*.zulipchat.com",
         "webhook.site",
         "run.mocky.io",
-        "mockbin.org") and
+        "mockbin.org", 
+        "www.googleapis.com", 
+        "googleapis.com") and
         
     /* Insert noisy false positives here */
     not (