Sublime Core Feed
This repo contains open-source Rules for Sublime, a free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing.
Sublime Security
Last updated Apr 28th, 2025
Feed Source
Tactic or Technique is
Rule Name & Severity | Author | Last Updated | Labels | |
|---|---|---|---|---|
Brand impersonation: DocuSign | Sublime Security | 1mo ago Mar 28th, 2025 | /feeds/core/detection-rules/brand-impersonation-docusign-4d29235c | |
Brand Impersonation: Navan | Sublime Security | 26d ago Apr 4th, 2025 | /feeds/core/detection-rules/brand-impersonation-navan-3573e9a8 | |
Brand spoof: Dropbox | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/brand-spoof-dropbox-bd99740a | |
Business Email Compromise (BEC) attempt from unsolicited sender | Sublime Security | 1y ago Apr 23rd, 2024 | /feeds/core/detection-rules/business-email-compromise-bec-attempt-from-unsolicited-sender-57eccc45 | |
Cyrillic vowel substitution in subject or display name from unknown sender | Sublime Security | 4mo ago Dec 19th, 2024 | /feeds/core/detection-rules/cyrillic-vowel-substitution-in-subject-or-display-name-from-unknown-sender-74bc0b0c | |
DocuSign Impersonation via Spoofed Intuit Sender | Sublime Security | 1mo ago Mar 26th, 2025 | /feeds/core/detection-rules/docusign-impersonation-via-spoofed-intuit-sender-d437710b | |
Extortion / Sextortion in Attachment From Untrusted Sender | Sublime Security | 4mo ago Dec 18th, 2024 | /feeds/core/detection-rules/extortion-sextortion-in-attachment-from-untrusted-sender-3cb8d32c | |
Extortion / sextortion (untrusted sender) | Sublime Security | 1mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/extortion-sextortion-untrusted-sender-265913eb | |
Impersonation: SharePoint Reply Header Anomaly | Sublime Security | 1mo ago Mar 3rd, 2025 | /feeds/core/detection-rules/impersonation-sharepoint-reply-header-anomaly-78875848 | |
SPF temp error | Sublime Security | 2y ago Aug 21st, 2023 | /feeds/core/detection-rules/spf-temp-error-2df7e839 | |
Spoofable internal domain with suspicious signals | Sublime Security | 12mo ago May 3rd, 2024 | /feeds/core/detection-rules/spoofable-internal-domain-with-suspicious-signals-40089d69 | |
VIP impersonation: Fake thread with display name match, email mismatch | Sublime Security | 9mo ago Jul 29th, 2024 | /feeds/core/detection-rules/vip-impersonation-fake-thread-with-display-name-match-email-mismatch-11cc3e28 | |
VIP Impersonation via Google Group relay with suspicious indicators | Sublime Security | 12mo ago May 3rd, 2024 | /feeds/core/detection-rules/vip-impersonation-via-google-group-relay-with-suspicious-indicators-57f9cd3b | |
VIP local_part impersonation from unsolicited sender | Sublime Security | 5mo ago Nov 20th, 2024 | /feeds/core/detection-rules/vip-localpart-impersonation-from-unsolicited-sender-74035fdc |