From 737d14d34ab3c118117578682ba795f33d655939 Mon Sep 17 00:00:00 2001
From: Hina <44663281+nutshoekey@users.noreply.github.com>
Date: Thu, 30 Apr 2026 01:57:29 +0800
Subject: [PATCH 1/2] Update google_workspace_application_added.yaral

Update rule to follow MITRE ATT&CK mapping in contribution guide/ enable mapping in SecOps
---
 .../workspace/google_workspace_application_added.yaral    | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/rules/community/workspace/google_workspace_application_added.yaral b/rules/community/workspace/google_workspace_application_added.yaral
index dee15713..f385fdc0 100644
--- a/rules/community/workspace/google_workspace_application_added.yaral
+++ b/rules/community/workspace/google_workspace_application_added.yaral
@@ -22,9 +22,11 @@ rule google_workspace_application_added {
     rule_id = "mr_bb4f5ff0-76b8-4b08-8b1b-fcb81e5a10cc"
     rule_name = "Google Workspace Application Added"
     mitre_attack_tactic = "Persistence"
-    mitre_attack_technique = ""
-    mitre_attack_url = ""
-    mitre_attack_version = "v13.1"
+    mitre_attack_technique = "Cloud Application Integration"
+    mitre_attack_url = "https://attack.mitre.org/versions/v17/techniques/T1671/"
+    mitre_attack_version = "v17.1"
+    tactic = "TA0003"
+    technique = "T1671"
     type = "Alert"
     data_source = "Workspace Activity"
     severity = "High"

From 42841858ee074bb8fc32c8aa3d9ab0a8a1018fa3 Mon Sep 17 00:00:00 2001
From: Hina <44663281+nutshoekey@users.noreply.github.com>
Date: Thu, 30 Apr 2026 01:57:43 +0800
Subject: [PATCH 2/2] Update google_workspace_application_added.yaral

update year
---
 .../workspace/google_workspace_application_added.yaral          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rules/community/workspace/google_workspace_application_added.yaral b/rules/community/workspace/google_workspace_application_added.yaral
index f385fdc0..6f62496a 100644
--- a/rules/community/workspace/google_workspace_application_added.yaral
+++ b/rules/community/workspace/google_workspace_application_added.yaral
@@ -1,5 +1,5 @@
 /*
- * Copyright 2023 Google LLC
+ * Copyright 2026 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.