by Sublime Security
This repo contains open-source detection rules and queries for the Sublime Platform.
- CEO, executive, brand, vendor, and contact impersonation
- Lookalike and homoglyph attacks
- Suspicious HTML attachments
- Mass mailer abuse (eg Sendgrid, Constant Contact)
- Blocking IOCs (sender emails, domains, hashes)
- Sublime Platform overview
- Message Query Language (MQL) reference - Sublime's DSL purpose-built for email analysis
- Release log
Follow us on Twitter for updates on new rules and detection capabilities.
Sublime Platform is currently in early access, which means it's not publicly available yet. You can request early access here.