Exclusions

An Exclusion is a set of MQL logic created to avoid alerting on phishing simulations and other benign messages.

Exclusions are evaluated before Detection Rules or Automations. If a message matches an Exclusion, no further analysis is conducted by Sublime and Detection Rules and Automations are not evaluated.

There's two kinds of Exclusions currently supported:

1. Global Exclusions: messages matching a Global Exclusion are not analyzed by any Detection Rules or Automations
2. Detection Rule Exclusions: messages matching a Detection Rule Exclusion are not analyzed by any Detection Rules (Automations will still process)

There are three out-of-the-box Exclusions for Cofense, KnowBe4, and Hoxhunt that are inactive by default.

Exclusions are visible on impacted messages on the message list table and details page. You can view the Exclusion MQL on the message details page or head to the Exclusion details page.