Sublime Rules
by Sublime Security
This repo contains open-source detection rules and queries for the Sublime Platform.
Examples
- HTML smuggling
- Encrypted zips
- High risk VBA macros
- Malicious LNK files
- VIP / Executive impersonation
Community Rule Feeds
Learn more
- Sublime home page
- Sublime Platform overview
- Message Query Language (MQL) reference - Sublime's DSL purpose-built for email analysis
- Release log
Follow us on Twitter for updates on new rules and detection capabilities, and star/watch this repo for updates and general availability.