Jump to Content
Sublime Security
DocumentationAPI Reference
Log InSublime Security
Log In
DocumentationAPI Reference

Getting Started

  • Overview
  • Installation
  • Add a message source
    • Add a Microsoft 365 message source
    • Add a Google Workspace message source
    • Add an IMAP message source
  • User-reported phishing
    • Add your abuse mailbox
    • Gmail's "Report phishing" feature
  • Rules
    • Detection Rules
    • Triage Rules
  • Actions
    • Webhook
    • Email Alert
    • Email Alert with EML Attached
  • Rule Feeds
    • Private rule feed authentication

Reference

  • Message Data Model (MDM)
  • Message Query Language (MQL)
    • Syntax
    • Functions
    • Enrichment functions
    • Lists
    • Missing or null values
    • Common snippets
    • Using the MQL Editor
  • Message groups
  • Message types

How-to Guides

  • How to set up a custom domain
  • How to set up Single sign-on (SSO)
  • How to detect executive impersonation
  • How to detect lookalike domains
  • How to use message header values in a rule
  • How to detect keywords or phrases in the body content of messages
  • How to detect text in attachments

APIs

  • Platform API
    • Quickstart
    • API Reference
  • Analysis API
    • Quickstart
    • CLI
    • Use cases
    • Authentication
    • Handling errors
    • API Reference
    • YAML files
    • Python Module
  • EmailRep API
    • API Reference
    • GitHub
    • Client libraries
Powered by 

Email Alert with EML Attached

Suggest Edits

Overview

This action extends the Email Alert action by additionally attaching the matched message to the email alert as a .eml file. It is especially useful for sending user reports from Sublime to another system for further investigation (for example, your SOAR).

See the Email Alert page for more information on the behavior and configuration of these alerts.

Updated 24 days ago


  • Table of Contents
    • Overview