Jump to Content
Sublime Security
DocumentationAPI Reference
Log InSublime Security
Log In
DocumentationAPI Reference

Getting Started

  • Introduction
  • Installation
    • Docker
    • AWS Cloudformation
  • Add a message source
    • Add a Microsoft 365 message source
    • Add a Google Workspace message source
    • Add an IMAP message source
  • User-reported phishing
    • Add your abuse mailbox
    • Gmail's "Report phishing" feature
  • MQL Rules
    • Detection Rules
    • Triage Rules
  • Actions
    • Webhook
    • Email Alert
    • Email Alert with EML Attached
    • Slack Alert
  • Rule Feeds
    • Private rule feed authentication
    • Rules file format (YAML)
  • Lists
    • Configure the org_vips list
  • YARA

Reference

  • Message Data Model (MDM)
  • Message Query Language (MQL)
    • Syntax
    • Functions
    • Strings functions
    • RegEx functions
    • Enrichment functions
    • Missing or null values
    • Common snippets
    • Using the MQL Editor
  • Message groups
  • Message types
  • Role-Based Access Control (RBAC)
  • Message Access Controls
  • Rule Severity

How-to Guides

  • How to set up a custom domain
  • How to set up Single sign-on (SSO)

How-to MQL Guides

  • How to detect keywords or phrases in the body content of messages
  • How to detect lookalike domains
  • How to detect text in attachments
  • How to use message header values in a rule
Powered by 

User-reported phishing

Suggest Edits

Sublime can automatically track the messages your users report as phishing through multiple reporting mechanisms.

Updated about 1 year ago

What’s Next
  • Add your abuse mailbox
  • Gmail's "Report phishing" feature