Community Spotlight: Email Detection Rules built by the Sublime Community

Sublime offers a unique approach to email security by providing open and modifiable AI-powered Detection Rules, allowing users to edit, test, and share these rules through an intuitive detection workbench without needing to submit support tickets. This collaborative framework encourages community contributions, enabling users to share rules for potential inclusion in Sublime's Core Feed or on the Sublime Community Slack for peer review. Highlighted community-contributed rules include detection of malicious Visual Studio Tools for Office add-ins embedded in Microsoft Office documents, identification of QakBot attacks using double Base64 encoded ZIP files in HTML attachments, and detection of ROT13-based obfuscation in HTML files, showcasing the platform's adaptability to evolving threats. By empowering users to contribute to and refine detection rules, Sublime promotes a collaborative environment that enhances security measures and broadens protection against email-based threats.