Back to Events

Security Onion Conference 2023

Augusta, GA
October 6, 2023
October 6, 2023

[Talk] Phish Fights and Not So Long Nights with Security Onion and Sublime Platform

Wes Lambert, Principal Engineer, Security Onion and Josh Kamdjou, CEO & Founder, Sublime Security


In this presentation, we will explore the integration of Security Onion and Sublime Platform, an innovative open email security platform designed to prevent email attacks such as BEC, malware, and credential phishing. Sublime Platform's unique domain-specific language (DSL) enables detection-as-code, allowing for highly customizable email security detection.

Throughout the presentation, we will cover how we can effectively triage Sublime email alerts within Security Onion, streamlining incident response and reducing the time needed to identify and remediate threats. We will also cover how we can pivot to Sublime for in-depth investigation and analysis of suspicious emails, extracting valuable context and indicators to inform security decisions.

Last, we will discuss how we can enrich and correlate Sublime alerts with the various data sources in Security Onion, such as Zeek HTTP/DNS/TLS records, Suricata alerts, and full PCAP to answer questions with network metadata such as: Did the user click on the link? Has anyone ever visited this domain or link before? And more. By combining Security Onion's robust capabilities with Sublime Platform's innovative approach to email security, participants will better understand how to create a comprehensive defense against email-based attacks.