1
Sublime Security Sublime Rules
Open-source detection rules for email attacks like BEC, phishing, and malware
Sublime Security Sublime Rules
Open-source detection rules for email attacks like BEC, phishing, and malware
Data verified Jun 2026
ADYour product here. Reach security decision-makers.Launch a campaignSublime Security Sublime Rules Description
Sublime Rules is an open-source repository containing detection rules for the Sublime Security platform. The repository provides rules designed to identify and prevent various email-based attacks including business email compromise (BEC), credential phishing, and malware delivery. The repository is organized into multiple categories including detection rules, discovery rules, DLP discovery rules, automations, insights, and YARA rules. It includes specific detection capabilities for HTML smuggling, VIP and executive impersonation, malicious OneNote files, malicious LNK files, and encrypted zip attachments. The rules are written using Message Query Language (MQL), a query language specific to the Sublime platform for analyzing email messages. The repository contains over 3,000 commits and has contributions from 71 contributors, indicating active development and community involvement. The project is released under the MIT license, making it freely available for use and modification. The repository includes sample email files (EMLs), tutorial files, and scripts to support rule development and testing. Community members have also created additional rule feeds that complement the main repository.
Sublime Security Sublime Rules FAQ
Common questions about Sublime Security Sublime Rules including features, pricing, alternatives, and user reviews.
Sublime Security Sublime Rules is Open-source detection rules for email attacks like BEC, phishing, and malware, developed by Sublime Security. It is a Security Operations solution designed to help security teams with Detection Rules, Open Source, YARA.
Sublime Security Sublime Rules offers the following core capabilities:
1.Detection rules for email attacks
2.Business email compromise (BEC) detection
3.Credential phishing detection
4.HTML smuggling detection
5.VIP and executive impersonation detection
6.Malicious file attachment detection (OneNote, LNK, encrypted zips)
7.Message Query Language (MQL) based rules
8.YARA rules for email analysis
9.DLP discovery rules
10.Automation rules
Sublime Security Sublime Rules is built for security teams handling Detection Rules, Open Source, YARA. It supports workflows including detection rules for email attacks, business email compromise (bec) detection, credential phishing detection. Teams typically adopt Sublime Security Sublime Rules when they need to security operations capabilities integrated into their existing stack. Explore similar tools at https://cybersectools.com/alternatives/sublime-security-sublime-rules
Sublime Security Sublime Rules is a free Security Operations tool. This makes it accessible for organizations of all sizes, from startups to enterprises. Visit https://github.com/sublime-security/sublime-rules/ for download and installation instructions.
Popular alternatives to Sublime Security Sublime Rules include:
1.Sigma Query - Searchable repository of Sigma detection rules for threat hunting and SIEM (Free)
2.Factual Rules Generator - An open source tool that generates YARA rules from installed software on running operating systems for efficient software identification in digital forensic investigations. (Free)
3.YaraDbg - A free web-based Yara debugger for security analysts to write hunting or detection rules with ease. (Free)
4.lw-yara - A Yara ruleset designed to detect PHP shells and other webserver malware for malware analysis and threat detection. (Free)
5.The Threat Hunter Playbook - A community-driven open source project providing interactive notebooks with detection logic, adversary tradecraft, and resources organized according to MITRE ATT&CK framework for threat hunting and detection development. (Free)
Compare all Sublime Security Sublime Rules alternatives at https://cybersectools.com/alternatives/sublime-security-sublime-rules
Sublime Security Sublime Rules is for security teams and organizations that need Detection Rules, Open Source, YARA. It's particularly suitable for small to medium-sized teams looking for cost-effective solutions. Other Security Operations tools can be found at https://cybersectools.com/categories/security-operations
Have more questions? Browse our categories or search for specific tools.
