by Sublime Security
This repo contains open-source detection rules and queries for the Sublime Platform.
- HTML smuggling
- Encrypted zips
- High risk VBA macros
- Malicious LNK files
- VIP / Executive impersonation
- Sublime home page
- Sublime Platform overview
- Message Query Language (MQL) reference - Sublime's DSL purpose-built for email analysis
- Release log
Follow us on Twitter for updates on new rules and detection capabilities.