Jump to Content
Sublime Security
DocumentationAPI Reference
Log InSublime Security
Log In
DocumentationAPI Reference

Getting Started

  • Introduction
  • Installation
    • Docker
    • AWS CloudFormation
  • Add a message source
    • Add a Microsoft 365 message source
    • Add a Google Workspace message source
    • Add an IMAP message source
  • User-reported phishing
    • Add your abuse mailbox
    • Gmail's "Report phishing" feature
  • MQL Rules
    • Detection Rules
    • Triage Rules
  • Actions
    • Webhook
    • Email Alert
    • Email Alert with EML Attached
    • Slack Alert
    • Auto-trash
    • Quarantine
    • Warning Banners
    • Track Link Clicks
  • Rule Feeds
    • Private rule feed authentication
    • Rules file format (YAML)
  • Lists
    • Configure the org_vips list
  • Global Exclusions
  • YARA

Reference

  • Message Data Model (MDM)
  • Message Query Language (MQL)
    • Syntax
    • Functions
    • Strings functions
    • RegEx functions
    • Enrichment functions
    • Missing or null values
    • Common snippets
    • Using the MQL Editor
  • Message groups
  • Message types
  • Role-Based Access Control (RBAC)
  • Message Access Controls
  • Rule Severity

How-to Guides

  • How to set up a custom domain
  • How to set up Single sign-on (SSO)

How-to MQL Guides

  • How to detect keywords or phrases in the body content of messages
  • How to detect lookalike domains
  • How to detect text in attachments
  • How to use message header values in a rule
Powered by 

Installation

Suggest Edits

Managed: For organizations of any size. First 100 mailboxes free.
Self-Managed: Docker: Up to 600 active mailboxes.
Self-Managed: AWS Cloud-native: Scales to any number of mailboxes.

EML Analyzer: Rapid phishing investigations, no setup required.

Updated 27 days ago