Overview

Detection rules are used for identifying phishing attacks, data loss prevention (DLP), and policy enforcement.

You can view some of the open-source detection rules available for use today in the Sublime rules Github repo.

Here is a non-exhaustive list of some of the categories of phishing attacks and techniques that can be detected today:

• Executive impersonation
• Brand impersonation
• Vendor impersonation
• Sextortion
• Homoglyph and lookalike domains
• Gift card scams
• Bitcoin scams
• Free file hosting services
• Free subdomains
• Spoofed messages
• URL shorteners
• Suspicious Office 365 app authorization requests
• COVID-19 scams

Get started

Create your first detection rule by visiting Rules > Detection Rules and clicking "New rule".

You can also create and share detection rules in the MQL Playground.