Solutions
Platform
Community
Back to homepage
About Us
Blog
Get Started
Back to homepage
Solutions
Platform
Community
Back to homepage
About Us
Blog
Get Started

Better Together.

Sublime enables security teams and researchers to share rules publicly or privately to detect email attacks and hunt for threats.

Community-contributed detection rules

Detection rules contributed to the public Sublime Rules Feed are available to all users. Submissions are vetted by the Sublime team.

I love sharing rules to give back to the community. I think the safer we all are, the harder it is for the bad guys, and that’s alright by me.”

Alfie Champion
Adversary Emulation Manager
FTSE 250 financial institution
Company name hidden due to contractural agreements.

Stay ahead of attacker adaptation

Collaborate peer-to-peer or run rules vetted by Sublime

Share detections publicly or privately via Git

Receive new rules and updates automatically

Stay ahead of attacker adaptation

Filename w/ Right-to-Left Override Unicode

Submitted by:
@vector_sec

View Rule

Link to download encrypted zip with ISO

Submitted by:
@ajpc500

View Rule

Malicious OneNote attachment

Submitted by:
@Kyle_Parrish_

View Rule

Subscribe to rules created by industry experts

Share
Collaborate
Protect

Share detections publicly or privately via Git

Receive new rules and updates automatically

Stay ahead of attacker adaptation

Share publicly, privately, or peer-to-peer

Sublime Feeds are Git-backed, and subscriptions are kept automatically up to date.

Create

Write and run custom rules. You control if, when, and how they’re shared.

Share

Submit your rules to the public Sublime Rules Feed or share privately with anyone.

Collaborate

Your rules will block phishing attacks for Sublime users around the world.

You’re in good company

Detection rules have been contributed both publicly and privately by Global 2000 security teams and independent researchers.

Get Started. Today.

Deploy and integrate a free Sublime instance in minutes.

Managed Instance

Create account in minutes

For organizations of any size. First 100 mailboxes free.

Create Free Account
Request Demo

Get a live demo

Learn how Sublime verifiably closes email attack surface.

Request Demo
Deploy and self host

Docker for smaller orgs

Limited to 600 active mailboxes. View Docker Guide.

curl -sL https://sublime.security/install.sh | sh

AWS Cloud for enterprise

Scales to any number of mailboxes. View AWS Quickstart

Launch Stack
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Azure, GCP, K8s & Terraform

Coming Soon!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.