Detection rules

Overview

Detection rules are used for identifying phishing attacks, data loss prevention (DLP), and policy enforcement.

You can view some of the open-source detection rules available for use today in the Sublime rules Github repo.

Here is a non-exhaustive list of some of the categories of phishing attacks and techniques that can be detected today:

  • Executive impersonation
  • Brand impersonation
  • Vendor impersonation
  • Sextortion
  • Homoglyph and lookalike domains
  • Gift card scams
  • Bitcoin scams
  • Free file hosting services
  • Free subdomains
  • Spoofed messages
  • URL shorteners
  • Suspicious Office 365 app authorization requests
  • COVID-19 scams