Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Jul 17th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Attachment with VBA macros from employee impersonation (unsolicited) | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/attachment-with-vba-macros-from-employee-impersonation-unsolicited-9b262123 | |
BEC: Employee impersonation with subject manipulation | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/bec-employee-impersonation-with-subject-manipulation-9adfc77b | |
Benefits Enrollment Impersonation | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/benefits-enrollment-impersonation-5a6eb5a8 | |
Canva Infrastructure Abuse | Sublime Security | 3mo ago Apr 1st, 2025 | /feeds/core/detection-rules/canva-infrastructure-abuse-b69fdb5c | |
Corporate Services Impersonation Phishing | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/corporate-services-impersonation-phishing-3cd04f33 | |
Employee Impersonation: Payroll Fraud | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/employee-impersonation-payroll-fraud-2beb7d85 | |
Employee impersonation with urgent request (untrusted sender) | Sublime Security | 12d ago Jul 8th, 2025 | /feeds/core/detection-rules/employee-impersonation-with-urgent-request-untrusted-sender-1ce9a146 | |
Impersonation: Human Resources with link or attachment and engaging language | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/impersonation-human-resources-with-link-or-attachment-and-engaging-language-8c95a6a8 | |
Link: SharePoint Filename Matches Org Name | Sublime Security | 18d ago Jul 2nd, 2025 | /feeds/core/detection-rules/link-sharepoint-filename-matches-org-name-cb954726 | |
Sharepoint Link Likely Unrelated to Sender | Sublime Security | 4mo ago Mar 12th, 2025 | /feeds/core/detection-rules/sharepoint-link-likely-unrelated-to-sender-6870f489 | |
Suspicious attachment with unscannable Cloudflare link | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-attachment-with-unscannable-cloudflare-link-00f92b6f | |
Suspicious Request for Financial Information | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/suspicious-request-for-financial-information-4ebdaa4d | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 1y ago May 3rd, 2024 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP impersonation with charitable donation fraud | Sublime Security | 4d ago Jul 16th, 2025 | /feeds/core/detection-rules/vip-impersonation-with-charitable-donation-fraud-35a56b8e |