Run your first rule in 5 minutes or less. No API key or signup required.
We've built a few wrappers for the EML Analyzer API to make things easy: the Sublime CLI and the Sublime Python module.
Getting started with Sublime CLI
Analyze messages right from your terminal on Windows, Linux, and Mac. For a more guided intro to Sublime, check out the Tutorial.
1: Install the CLI:
pip3 install sublime-cli
2: Clone the Sublime rules repo:
git clone https://github.com/sublime-security/sublime-rules.git
3: Run the Sublime rules on a reported phish:
sublime analyze -i sublime-rules/emls/reported_phish.eml -r sublime-rules/detection-rules/
╔═══════════════════════════╗
║ Results ║
╚═══════════════════════════╝
File Name: reported_phish.eml
Directory: sublime-rules/emls
Total Rules: 48
Total Queries: 0
Flagged Rules: 2
FLAGGED RULES
- Brand impersonation: Sublime Security
- File sharing link from freemail sender
...
Getting started with Sublime Python module
Analyze messages programmatically. For a more guided intro to Sublime, check out the Tutorial.
1: Install the client
pip3 install sublime-cli
2: Clone the Sublime rules repo:
git clone https://github.com/sublime-security/sublime-rules.git
3: Load the Python module, EML, rules, and queries
import sublime
sublime_client = sublime.Sublime()
rules, queries = sublime.util.load_yml_path("sublime-rules/detection-rules/")
raw_message = sublime.util.load_eml("sublime-rules/emls/reported_phish.eml")
response = sublime_client.analyze_raw_message(raw_message, rules, queries)
The API response should look something like this (shortened for brevity):
{
'message_id': '6c5aa82e-c352-4719-8bfa-68dbe3a242b2',
'raw_message_id': 'e6665d0e-36d9-49af-b60d-5b4a651f2c7a',
'query_results': [],
'rule_results': [{
'source': "type.inbound\nand headers.return_path.domain.domain == 'sendgrid.net'\nand ilike(subject.subject, '*voicemail*', '*voice message*')\n",
'name': 'Sendgrid voicemail phish',
'result': False,
'success': True,
'error': '',
'execution_time': 0.000343902
}]
}