Consider adding the following filenames to this detection for SharpHound:

• *_ous.json
• *_containers.json

Reference: https://twitter.com/THIR_Sec/status/1572568476803563529?s=20&t=evT_SWwhCZZ1qQ5mzHkZBA

Fixed! Thank you for the help!