sublime-rules
sublime-rules copied to clipboard
sublime-security
Sublime rules for email attack detection, prevention, and threat hunting.
# Description New BEC Coverage # Associated samples - [Sample 1](https://platform.sublime.security/messages/4f4dedc792970ef762f98fe152cc6221d75856130b56b09ac8e97e07c62d6c2b?preview_id=0198757d-1ed6-7c8f-8dbf-febc59fa70a8) ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=019958a0-6e65-7bf5-90b0-455f66260c16)
# Description Google Appsheet abuse ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=0199527a-13dc-7e55-b630-b48e7f028c5e)
New test rule for spam content using fuzzy attack score.
New test rule for malicious content using fuzzy attack score.
New test rule for graymail content using fuzzy attack score.
# Description Expanded scope to cover samples below. # Associated samples - [Sample 1](https://platform.sublime.security/messages/4f8ffc9a099ee62425e76ecd0682fa2f8c079f06cc6f7d65521c660a844109c4?preview_id=0199b93f-cc48-7b81-9911-7f2a750c9d25) ## Associated hunts - [Hunt 1](https://platform.sublime.security/hunts/0199c4b1-8812-76f3-b491-fb37a1aa2b3b) - hunt with new logic, finds more samples as well
# Description Detects messages impersonating Xfinity or Comcast through subject lines, display names, or body content that contains credential theft or advance fee fraud indicators, while excluding legitimate communications from...
# Description Message contains kagoya.net domain in the email headers, indicating routing through Kagoya Internet Routing services. ## Associated hunts - [Hunt 1](https://platform.sublime.security/messages/hunt?huntId=01999d1d-7db9-7b2a-9de2-54aeb6f66659)
# Description This rule is designed to identify suspicious OpenAI style phishing content, using both logo detect (TBD) and levenshtein logic to determine whether brand impersonation is present. Including the...
Metadata
Owner
Metadata
Sublime rules for email attack detection, prevention, and threat hunting.