sublime-rules
sublime-rules copied to clipboard
sublime-security
Sublime rules for email attack detection, prevention, and threat hunting.
# Description Adding `Professional and Career Development` topic. # Associated samples - https://platform.sublime.security/messages/4f8d424ab3de19c46724b242c29cbad41727f65d5dafcd8f3e45db186875a175?preview_id=0199afaf-b9a1-7e54-83fa-9279388cd896
Adding additional coverage for verbiage, and scoping parsing issues for email addresses as links. # Description Adding additional coverage for verbiage, and scoping parsing issues for email addresses as links....
# Description Adding additional logic to look for DHL International in the body current thread to cover missed samples. # Associated samples - [Sample 1](https://platform.sublime.security/messages/4fa01627235f64a2904ffa5186f4b0bf69ccb61959712214cd90e8416599066c?preview_id=019a1683-0418-779e-84e7-56833960f3a3) - [Sample 2](https://platform.sublime.security/messages/4fab0fe18283e79f49ce7b9ea884e7912a996cb400b7520cb798e29e7fdcda19?preview_id=019a472b-eaf8-737a-a4d1-cf15bfe918aa) ## Associated...
# Description Expanded scope of OR condition where sender to/from is the same address by removing the receiptients.cc and bcc check. Also moved line 33 out of the loop variable...
# Description This is a new rule titled `Brand impersonation: Experian` that mimics the `Brand impersonation: Venmo` rule by modifying the domains. # Associated samples - [Sample 1](https://platform.sublime.security/messages/e69ca0fee96c5b21fcb220fae03ab5246caa8c4857922f91cdff44381b05a126?preview_id=0196e48d-e924-78fd-a9f3-6012c75e2b1c) - [Sample...
# Description Adjusting HTML tolerences and softening "review and sign" to review.{0,10}sign # Associated samples - 4f903e73def54d604a5d7e4b7eae9459021d34b95f37c375ec374f81b5668c31
# Description adding logic to flag messages from SFDC with cred_theft nlu intents # Associated samples - https://platform.sublime.security/messages/4f655e3b3fb220399a776692218041ec875e4605d03e8bef8804e0bb5b9acf98 - https://platform.sublime.security/messages/4f65878e7f56bbd9b1b56d9e14a425d8cf6548d9ce2eb138c0b925912be369b6 ## Associated hunts - https://platform.sublime.security/messages/hunt?huntId=01992bd4-3756-7367-90a0-c7af3f4c23f5
# Description NLU confidence restricted to high, expanded to medium/high. # Associated samples [- Sample 1](https://platform.sublime.security/messages/4f8e2287d5aa619c4532759aaf51ce289ae9ece7c47ea8653cc84d18f1a65c33?preview_id=0199b556-2863-7594-936b-245186b1ebda)
# Description add coverage ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=0196c7d7-424d-7e48-8890-fa674cd6cb75)
# Description Add coverage for links directly to mural.co ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=01978360-4411-704d-bf15-6a5c7cae412e)
Metadata
Owner
Metadata
Sublime rules for email attack detection, prevention, and threat hunting.