Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jul 17th, 2025
Feed Source
Detection Method is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Link: QuickBooks image lure with suspicious link | Sublime Security | 1y ago May 2nd, 2024 | /feeds/core/detection-rules/link-quickbooks-image-lure-with-suspicious-link-3826a923 | |
Link to auto-downloaded file with Adobe branding | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-adobe-branding-e826c2cf | |
Link to auto-downloaded file with Google Drive branding | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/link-to-auto-downloaded-file-with-google-drive-branding-4b5343be | |
Open Redirect: Google domain with /url path and suspicious indicators | Sublime Security | 6mo ago Jan 10th, 2025 | /feeds/core/detection-rules/open-redirect-google-domain-with-url-path-and-suspicious-indicators-fc5adf74 | |
Suspicious Attachment: Duplicate decoy PDF files | Sublime Security | 4mo ago Mar 18th, 2025 | /feeds/core/detection-rules/suspicious-attachment-duplicate-decoy-pdf-files-79b9b2e7 | |
Suspicious recipient pattern and language with low reputation link to login | Sublime Security | 1y ago Apr 30th, 2024 | /feeds/core/detection-rules/suspicious-recipient-pattern-and-language-with-low-reputation-link-to-login-a8ea0402 | |
X (Twitter) Impersonation with Credential Phishing motives | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/x-twitter-impersonation-with-credential-phishing-motives-0b60dca6 |