Jump to Content
Sublime Security
DocumentationAPI Reference
Log InSublime Security
Log In
DocumentationAPI Reference

Getting Started

  • Introduction
  • Installation
  • Add a message source
    • Add a Microsoft 365 message source
    • Add a Google Workspace message source
    • Add an IMAP message source
  • User-reported phishing
    • Add your abuse mailbox
    • Gmail's "Report phishing" feature
  • MQL Rules
    • Detection Rules
    • Triage Rules
  • Actions
    • Webhook
    • Email Alert
    • Email Alert with EML Attached
    • Slack Alert
  • Rule Feeds
    • Private rule feed authentication
    • Rules file format (YAML)
  • Lists
    • Configure the org_vips list

Reference

  • Message Data Model (MDM)
  • Message Query Language (MQL)
    • Syntax
    • Functions
    • Strings functions
    • RegEx functions
    • Enrichment functions
    • Missing or null values
    • Common snippets
    • Using the MQL Editor
  • Message groups
  • Message types
  • Role-Based Access Control (RBAC)
  • Rule Severity

How-to Guides

  • How to set up a custom domain
  • How to set up Single sign-on (SSO)

How-to MQL Guides

  • How to detect executive or VIP impersonation
  • How to detect keywords or phrases in the body content of messages
  • How to detect lookalike domains
  • How to detect text in attachments
  • How to use message header values in a rule
Powered by 

Email Alert with EML Attached

Suggest Edits

Overview

This action extends the Email Alert action by additionally attaching the matched message to the email alert as a .eml file. It is especially useful for sending user reports from Sublime to another system for further investigation (for example, your SOAR).

See the Email Alert page for more information on the behavior and configuration of these alerts.

Updated 8 months ago


  • Table of Contents
    • Overview