The Sublime Platform is currently in early access. You can request early access here.
The Sublime Platform lets security and IT teams run custom detection rules on live email flow in Microsoft 365 and Google Workspace environments. IMAP and APIs for direct ingestion are also supported.
Use the Sublime Platform to:
- catch phishing attacks and automatically remediate before users report them
- catch and block attacks that you're receiving right now but can't do anything about
You can see more details about the Sublime Platform on the Versions page.
- Hunt and backtesting
- Custom actions
- Custom enrichments
- Custom attachment analysis
- Social graph
- Client-side controls (warning banners)
- Link analysis
At its core, Sublime is a rules engine that ingests email messages from arbitrary sources, evaluates it using a powerful query language, and then takes any number of actions like generating a webhook notification or inserting a warning banner. Below is an example of a simple rule:
name: "File sharing link with BEC subject" type: "rule" severity: "medium" source: | type.inbound and any(body.links, .href_url.domain.domain in $free_file_hosts) and iregex_search(subject.subject, '\bw2\b', 'w2s', 'immediately', 'urgent') actions: alert: smtp
Updated about 2 months ago