Detection Rules
Overview
Detection rules are used for identifying phishing attacks, data loss prevention (DLP), and policy enforcement.
You can view some of the open-source detection rules available for use today in the Sublime rules Github repo.
Here is a non-exhaustive list of some of the categories of phishing attacks and techniques that can be detected today:
- Executive impersonation
- Brand impersonation
- Vendor impersonation
- Sextortion
- Homoglyph and lookalike domains
- Gift card scams
- Bitcoin scams
- Free file hosting services
- Free subdomains
- Spoofed messages
- URL shorteners
- Suspicious Office 365 app authorization requests
- COVID-19 scams
Get started
Create your first detection rule by visiting Rules > Detection Rules and clicking "New rule".
You can also create and share detection rules in the MQL Playground.
Updated over 2 years ago