MQL Rules
Sublime detects threats out of the box using AI and a library of built-in, community-driven detections. Most teams need no rule-writing to get that protection.
Rules and Message Query Language (MQL) are the optional advanced layer for teams who want fine-grained control on top of that automatic defense. Because every detection is readable MQL, a human analyst or an AI agent can write, validate, and deploy rules directly. Black-box architectures cannot offer that.
There are two types of MQL rules in Sublime:
- Detection Rules run on live email flow and are used for phishing detection, DLP, and policy enforcement.
- Automations run on flagged messages and/or user reported messages, and are used for automatic triage and remediation.