Latest Attack Simulator domains from MS Docs

[jeremiah-RENISAC]

Updated the list based on the Microsoft list https://learn.microsoft.com/en-us/defender-office-365/attack-simulation-training-get-started#simulations

Additionally updated the matching attributes to match the list.

Linked to source documentation in description.

Incremented version to current date.

[adulau]

Thanks a lot.

Why did you remove the old entries? Those could be still useful for older attributes even if those are not used anymore.

[jeremiah-RENISAC]

Thanks a lot.

Why did you remove the old entries? Those could be still useful for older attributes even if those are not used anymore.

My initial thought was to follow the Microsoft documentation exactly to make it easier to understand why something is on the list and help ensure no true positives end up in a warning list. Additionally, though all of those share the same domains with the current list, it's possible an old entry in the future could end up not being retained by Microsoft, and if so, would be an excellent target for an attack to obtain and use in their campaign.

That said, you raise an excellent point and you know the user community far better - if you think it would be beneficial to keep the old portal. subdomains on the list, happy to add them back in! (Though I'd advocate for still dropping the single IP address and cloudapp.net domain that are no longer on their list).

[jeremiah-RENISAC]

Thanks a lot.
Why did you remove the old entries? Those could be still useful for older attributes even if those are not used anymore.

My initial thought was to follow the Microsoft documentation exactly to make it easier to understand why something is on the list and help ensure no true positives end up in a warning list. Additionally, though all of those share the same domains with the current list, it's possible an old entry in the future could end up not being retained by Microsoft, and if so, would be an excellent target for an attack to obtain and use in their campaign.

That said, you raise an excellent point and you know the user community far better - if you think it would be beneficial to keep the old portal. subdomains on the list, happy to add them back in! (Though I'd advocate for still dropping the single IP address and cloudapp.net domain that are no longer on their list).

Hey @adulau Wanted to bump this up and see how you'd like me to proceed on this.

[adulau]

If you just merge back the old ones in your current PR, I'll merge it. Thanks a lot!

[adulau]

Thanks a lot for the contribution. I merged both!