Documentation

ADÉ: Autonomous Detection Engineer

Suggest Edits

Overview

The Autonomous Detection Engineer (ADÉ) is an AI-powered detection generator that analyzes new and evolving attacks within your environment and automatically generates Detection Rules.

ADÉ operates like a well-trained detection engineer, completing detailed analysis of the missed attack, identifying attack patterns and techniques, and reviewing your existing Detection Rules in order to create new detection coverage.

No tickets, no vendor bottlenecks, and no rule writing.

Availability

ADÉ operates in our cloud environment (SaaS deployment) or your AWS cloud (self-hosted) at the moment. Data remains within the Sublime environment and is not shared with third parties, including model providers.

The following AWS regions are currently supported:

  • USA - Virginia
  • USA - Oregon
  • USA - Ohio
  • EU - Dublin

To get on the waitlist for additional region support, reach out to [email protected]!

Setup

For Sublime SaaS customers, you can enable ADÉ for your account in two ways:

  1. Enable the Automation directly, either from Agents > ADÉ or the list of Automations
  1. Enable while looking at any message that has no Rule matches and has been marked as malicious

For self-hosted AWS customers, reach out to your account team for more information on how to get access to ADÉ!

Using ADÉ

To kick off ADÉ, find an unflagged, malicious message. This includes user reports with an ASA verdict of malicious or any unflagged message that has been reviewed and classified as malicious.

Eligible messages will have an option to trigger ADÉ under the message review section:

After you've kicked off the ADÉ job, you can continue to work in the Dashboard while ADÉ analyzes the message, builds a Detection Rule, and retro Hunts in your environment to validate the Rule's efficacy. Head to Agents > ADÉ to find the list of ongoing and completed jobs.

To review the ADÉ job, check out the recommended Rule, validate its efficacy with the Hunt results, and accept or reject the recommendation.

ADÉ Rules are like any other custom Rule, so you can edit the Rule metadata or MQL if you ever want to make a change to the Rule in the future!

Updated 9 days ago