Introduction
Sublime is a programmable, AI-powered, cloud email security platform for Microsoft 365 and Google Workspace environments. IMAP and APIs for direct ingestion are also supported.
Use the Sublime Platform to:
- block email attacks such as phishing, BEC, and malware
- threat hunt
- auto-triage user reports
At its core, Sublime is a rules engine that ingests email messages from arbitrary sources, evaluates them using a powerful query language, and then takes any number of actions like quarantining a message, generating a webhook notification, or inserting a warning banner. Below is an example of a simple rule:
name: HTML smuggling via attachment
severity: high
source: |
type.inbound
and any(attachments, .file_extension in~ ('html', 'htm')
and any(file.explode(.),
any(.scan.javascript.identifiers, . == "unescape")
)
)
tags:
- "HTML smuggling"
Updated 4 months ago
What’s Next