Quickstart

Run your first rule in 5 minutes or less. No API key or signup required.

We've built a few wrappers for the alpha Analysis API to make things easy: the Sublime CLI and the Sublime Python module.

Getting started with Sublime CLI

Analyze messages right from your terminal on Windows, Linux, and Mac. For a more guided intro to Sublime, check out the Tutorial.

1: Install the CLI:

pip3 install sublime-cli

2: Clone the Sublime rules repo:

git clone https://github.com/sublime-security/sublime-rules.git

3: Run the Sublime rules on a reported phish:

sublime analyze -i sublime-rules/emls/reported_phish.eml -r sublime-rules/detection-rules/
╔═══════════════════════════╗
║          Results          ║
╚═══════════════════════════╝

File Name: reported_phish.eml
Directory: sublime-rules/emls

Total Rules: 48
Total Queries: 0
Flagged Rules: 2

FLAGGED RULES

  - Brand impersonation: Sublime Security
  - File sharing link from freemail sender

...

👍

Unlimited requests and Slack community

This step is completely optional and not required to use the alpha Analysis API. If you'd like unlimited requests and an invite to our Slack community, you can request a free API key. Then configure it:

sublime setup -k <api-key>

Getting started with Sublime Python module

Analyze messages programmatically. For a more guided intro to Sublime, check out the Tutorial.

1: Install the client

pip3 install sublime-cli

2: Clone the Sublime rules repo:

git clone https://github.com/sublime-security/sublime-rules.git

3: Load the Python module, EML, rules, and queries

import sublime

sublime_client = sublime.Sublime()

rules, queries = sublime.util.load_yml_path("sublime-rules/detection-rules/")
raw_message = sublime.util.load_eml("sublime-rules/emls/reported_phish.eml")

response = sublime_client.analyze_raw_message(raw_message, rules, queries)

The API response should look something like this (shortened for brevity):

{
 'message_id': '6c5aa82e-c352-4719-8bfa-68dbe3a242b2',
 'raw_message_id': 'e6665d0e-36d9-49af-b60d-5b4a651f2c7a',
 'query_results': [],
 'rule_results': [{
    'source': "type.inbound\nand headers.return_path.domain.domain == 'sendgrid.net'\nand ilike(subject.subject, '*voicemail*', '*voice message*')\n",
    'name': 'Sendgrid voicemail phish',
    'result': False,
    'success': True,
    'error': '',
    'execution_time': 0.000343902
  }]
}

👍

Unlimited requests and Slack community

This step is completely optional and not required to use the alpha Analysis API. If you'd like unlimited requests and an invite to our Slack community, you can request a free API key. Then configure it in your Python module:

import sublime

sublime_client = sublime.Sublime(api_key="API_KEY")