Sublime Security

Sublime documentation

Welcome to the Sublime Security developer hub. You'll find comprehensive guides and documentation to help you start working with Sublime Security as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    


Welcome to Sublime


Sublime is a customizable email security platform that gives IT and security teams full control over their email environment, enabling them to enforce custom, tailored rules for phishing defense, DLP, and compliance.

At its core, Sublime is a rules engine that takes in arbitrary input (like an email message from Office 365 or a reported phish), evaluates it using a powerful query language, and then takes any number of actions. Below is an example of a simple rule:

name: "File sharing link with BEC subject"
type: "rule"
severity: "medium"
source: |
  and any(body.links, .href_url.domain.domain in $free_file_hosts)
  and iregex_search(subject.subject, '\bw2\b', 'w2s', 'immediately', 'urgent')

Rules can use data from a variety of sources such as:

  • static information from the email message
  • external data like whois or domain blacklists
  • custom organizational information like Google or Office365 groups
  • arbitrary NLP or other machine learning models
  • historical data such as past correspondence with the sender or the sender's organization
  • and more


Quick start

Ready to dive in? Check out the Quickstart with the Sublime CLI. No signup or API keys required.

Today, Sublime is available via the free Analysis API.

Soon we'll be releasing the Sublime Platform, which includes a dashboard, advanced capabilities like historical graph properties, hunt, and backtesting, and easy integrations for G Suite and Office 365 environments.


Community Slack

Join us in the Sublime Community Slack to share rules with other organizations and researchers, get support, and stay up to date on upcoming developments. Check your API key approval email for your join link, or request a free API key here if you don't have one already.

Updated about a month ago


Welcome to Sublime

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.