Sublime is a customizable email security platform that gives IT and security teams full control over their email environment, enabling them to enforce custom, tailored rules for phishing defense, DLP, and compliance.
At its core, Sublime is a rules engine that takes in arbitrary input (like an email message from Office 365 or a reported phish), evaluates it using a powerful query language, and then takes any number of actions. Below is an example of a simple rule:
name: "File sharing link with BEC subject" type: "rule" severity: "medium" source: | type.inbound and any(body.links, .href_url.domain.domain in $free_file_hosts) and iregex_search(subject.subject, '\bw2\b', 'w2s', 'immediately', 'urgent')
Rules can use data from a variety of sources such as:
- static information from the email message
- external data like whois or domain blacklists
- custom organizational information like Google or Office365 groups
- arbitrary NLP or other machine learning models
- historical data such as past correspondence with the sender or the sender's organization
- and more
Ready to dive in? Check out the Quickstart with the Sublime CLI. No signup or API keys required.
Today, Sublime is available via the free Analysis API.
Soon we'll be releasing the Sublime Platform, which includes a dashboard, advanced capabilities like historical graph properties, hunt, and backtesting, and easy integrations for G Suite and Office 365 environments.
Join us in the Sublime Community Slack to share rules with other organizations and researchers, get support, and stay up to date on upcoming developments. Check your API key approval email for your join link, or request a free API key here if you don't have one already.
Updated about a month ago