sublime-rules
by sublime-security
Sublime Rules offers open-source rules for detecting and preventing email attacks like phishing and malware.
Sublime rules for email attack detection, prevention, and threat hunting.
Primary Use Case
Sublime Rules is used by security professionals and organizations to enhance their email security by detecting and preventing various email threats such as BEC, malware, and credential phishing. It is particularly useful for threat hunting and intrusion detection in email communications.
- Detection of HTML smuggling attacks
- Identification of VIP/executive impersonation
- Detection of malicious OneNote files
- Detection of malicious LNK files
- Detection of encrypted zip files
- Repurposing: Beyond email security, Sublime Rules can be adapted to monitor internal communications for insider threats by detecting unusual patterns in message content and attachments.
- Chaining: Combine Sublime Rules with a SIEM tool like Splunk to correlate email threat data with network traffic anomalies, enhancing detection capabilities for lateral movement post-email compromise.
- Evasion/Detection: Attackers might use advanced obfuscation techniques or encrypted payloads to bypass detection. Implementing machine learning models to analyze email metadata and content patterns can enhance detection of such evasion tactics.
- Data Fusion: Integrate Sublime Rules output with threat intelligence platforms to enrich email threat data with global threat actor profiles, improving context for incident response teams.
- Automation: Use orchestration tools like SOAR to automate responses to detected threats by Sublime Rules, such as isolating affected accounts or blocking malicious IPs, streamlining SOC operations.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about sublime-rules. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
mailcow-dockerized
mailcow/mailcow-dockerized
mailcow: dockerized - 🐮 + 🐋 = 💕
espoofer
chenjj/espoofer
An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC and forge DKIM signatures.🍻
Spoofy
MattKeeley/Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
docker-postfix
bokysan/docker-postfix
Multi architecture simple SMTP server (postfix null relay) host for your Docker and Kubernetes containers. Based on Debian/Ubuntu/Alpine.
spamscope
SpamScope/spamscope
Fast Advanced Spam Analysis Tool
EmailAnalyzer
keraattin/EmailAnalyzer
With EmailAnalyzer you can analyze your suspicious emails. You can extract headers, links, and hashes from the .eml file and you can generate reports.