sublime-rules
sublime-rules copied to clipboard
sublime-security
Sublime rules for email attack detection, prevention, and threat hunting.
# Description New rule exploring Zoho Signs template for credential phishing # Associated samples Link to samples that are affected by your change. For example, samples you are negating, samples...
# Description Detects HR Impersonation using legitimate DocuSign infrastructure # Associated samples - https://platform.sublime.security/messages/bebfbc450700aab618fd9968840c556b8e1d371808735fb5fe63c7540c87b72e - https://platform.sublime.security/messages/0d8b123a7868300074403ac06d8d252765a02ec1ef58b6c5b623be0a0cb12433
# Description Testing an OR'd on profile.by_sender() with uncommon and no false positives.
# Description Adding additional logic. # Associated samples - https://platform.sublime.security/messages/5a83a200d2028bfa4178c10457e35ad4568a1dd78d16e3e5abb445d204edb76a - https://platform.sublime.security/messages/71a1484a84752f5d67386a8fdde8427e52c1d3fad882757d3894c8dc354b18e3 - https://platform.sublime.security/messages/ba0bc7b8d5a1ae98fa42ce429bd19096ea9702d77ad2f6d57875f8aa471f3627 # Hunts - https://platform.sublime.security/hunts/daaae2c9-fa7c-4821-8fb0-9ca97ca8ed2c
# Description Recent increase in Expensify impersonation. # Associated samples - https://platform.sublime.security/messages/2beab4d019a0bc277b922b82672237c34e9cc0a689305f54dee7bdc0ce6b03e9 ## Associated hunts - https://platform.sublime.security/hunts/9f7dfdb2-70be-4113-b63a-d53f86860978
# Description Added more criteria from legitimate DocuSign documents to better handle OCR failures # Associated samples - https://platform.sublime.security/messages/1f2e6349811ece1971bb540e187c4b1cb3080aa296b7cacce89b9148914f0d0f
# Description Negating Zendesk support tickets # Associated samples - https://platform.sublime.security/messages/93e45c62aadca5c4c9b6092131f9f44849b58cfd5eae67d251c8b0c621c5a038 - https://platform.sublime.security/messages/7e1bbb03f5568f56c93ee390d0be6e7aae99729e707a76da7a4ad757313feff4
# Description complete rewrite of fake fax rule # Associated samples - [Sample 1](https://platform.sublime.security/messages/4d0675ea4ad547d74ec8607fe911a3065a331372c3d69b07a6d862d0f791cbd0?preview_id=0195cfd3-bb81-7694-b4b5-a42ba2f51b34) - [Sample 2](https://platform.sublime.security/messages/4e6282e26793adc8ad047e91ef8d8bac541059e394a8d15c3539c24385a95e83?preview_id=0195aaf8-7efc-7808-8777-5d0f78234f0d) ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=0196205c-149a-765a-bd02-a011118983a7)
# Description Add logic for when phishing dispo is set by captcha # Associated samples - [Sample 1](https://platform.sublime.security/messages/bb2ad094ce9a4475afbaed474c6c9a3a1f424995dcaf4dbf0ffc09f0e44c8e68?preview_id=0195f1e8-6ad8-7697-943a-498e297bc629)
# Description Adding OR'd condition to NLU check. # Associated samples - https://platform.sublime.security/messages/90059020aee0809098d81e1c4880c85091cfa45d72e8349ae8fa03c87601127f?preview_id=01962092-67ec-7683-9d2d-c7a053f55349
Metadata
Owner
Metadata
Sublime rules for email attack detection, prevention, and threat hunting.