Jump to Content
Sublime Security
DocumentationAPI Reference
Log InSublime Security
Documentation
Log In
DocumentationAPI Reference

Overview

  • Introduction

Set up Sublime

  • Deploy Sublime
    • Sublime Managed
    • Docker
    • AWS CloudFormation
    • AWS GovCloud
    • Azure via ARM
  • Add a message source
    • Add a Microsoft 365 message source
      • Sublime Cloud (Fully Managed) - Microsoft 365
      • Self Managed - Microsoft 365
    • Add a Google Workspace message source
      • Sublime Cloud (Fully Managed) - Google Workspace
      • Self Managed - Google Workspace
    • Add an IMAP message source
  • Enable user-reported phishing
    • Add your abuse mailbox
    • Microsoft 365's Native “Report phishing” feature
    • Gmail's "Report phishing" feature

Usage Guide

  • Message types
  • Message groups
  • MQL Detection Rules
    • Attack Surface Reduction
    • Rule Severity
    • Rule Feeds
      • Private rule feed authentication
      • Rules file format (YAML)
    • YARA
  • Automations
    • Auto-respond to User Reports
  • Actions
    • Quarantine
    • Trash
    • Warning Banners
    • Move to Spam
    • Auto-review
    • Track Link Clicks (beta)
    • Webhook
    • Email Alert
    • Email Alert with EML Attached
    • Slack Alert
  • Lists
    • Configure the org_vips list
  • Exclusions
  • Attack Score
  • Role-Based Access Control (RBAC)
  • Message Access Controls
  • Export to S3
    • Export Message MDMs
    • Export Audit Logs and Message Events
  • ASA: Autonomous Security Analyst

Reference

  • Message Data Model (MDM)
  • Message Query Language (MQL)
    • Syntax
    • Missing or null values
    • Functions
    • Strings functions
    • RegEx functions
    • Enrichment functions
    • Common snippets
    • Using the MQL Editor

How-to Guides

  • How to set up a custom domain
  • How to set up single sign-on (SSO)
  • How to manage users with SCIM
  • How to Integrate Email Threat Intel with a TIP
  • Recommended Automations

How-to MQL Guides

  • How to detect keywords or phrases in the body content of messages
  • How to detect lookalike domains
  • How to detect text in attachments
  • How to use message header values in a rule
  • How to detect manual outbound forwards

Enable user-reported phishing

Suggest Edits

Sublime can automatically track the messages your users report as phishing through multiple reporting mechanisms.

Updated 2 months ago


What’s Next
  • Add your abuse mailbox
  • Gmail's "Report phishing" feature
  • Microsoft 365's Native “Report phishing” feature