Documentation

Overview

Sublime is an AI-powered cloud email security platform for Microsoft 365 and Google Workspace environments. IMAP and APIs for direct ingestion are also supported.

Out of the box, Sublime:

  • blocks email attacks such as phishing, BEC, and malware
  • auto-triages user-reported suspicious email
  • threat hunts across your environment

Value lands in days. Every detection is readable and auditable, so your team knows what fired and why.

For advanced control: under the hood, Sublime is a fully programmable rules engine that ingests messages from arbitrary sources, evaluates them using a powerful query language, and then takes any number of actions like quarantining a message, generating a webhook notification, or inserting a warning banner. Teams that want fine-grained customization can write, validate, and deploy their own detections in minutes. Sublime's AI agents can do this work for you. ADÉ, the Autonomous Detection Engineer, writes new detections in MQL, backtests them against your email, and can deploy them automatically once they clear the precision bar you set. ASA, the Autonomous Security Analyst, triages reported and flagged messages and hands confirmed misses to ADÉ. Below is an example of a simple rule:

name: HTML smuggling via attachment
severity: high
source: |
  type.inbound
  and any(attachments, .file_extension in~ ('html', 'htm') 
          and any(file.explode(.),
                  any(.scan.javascript.identifiers, . == "unescape")
          )
  )
tags:
  - "HTML smuggling"