Global Exclusions

A Global Exclusion is a set of MQL logic created to avoid alerting on phishing simulations and other benign messages.

Global Exclusions are evaluated before any Detection or Triage Rules. If a message matches a Global Exclusion, no further analysis is conducted by Sublime and Detection and Triage Rules are not evaluated.

There are three out-of-the-box Exclusions for Cofense, KnowBe4, and Hoxhunt that are inactive by default.

Exclusions are visible on impacted messages on the message list table and details page. You can view the Exclusion MQL on the message details page or head to the Exclusion details page.

For now, all Exclusions are Global Exclusions. Soon, you’ll be able to add Exclusions to specific Rules.