Introduction to Message Query Language (MQL)

Sublime is an innovative open email security platform that allows users to write, execute, and share security rules using a universal domain-specific language called Message Query Language (MQL). MQL is designed for detecting and mitigating a range of email threats, like Business Email Compromise and credential phishing, and is used by the Sublime team to address emerging threats effectively. The language is intuitive and flexible, enabling defenders to create custom rules, modify existing ones, and leverage community-shared rules. Central to its operation is the Message Data Model (MDM), which converts the traditional EML email format into a structured schema, simplifying the process of rule creation by using JSON representations for fields like attachments and headers. MQL's syntax is user-friendly, utilizing plain English terms and offering functions for various operations like domain checks and regular expressions. The platform also features an interactive editor built on Visual Studio Code's core, providing tools like autocompletion, diagnostics, and testing capabilities to ensure effective rule development and deployment. Through an accessible interface and comprehensive features, Sublime empowers defenders to enhance email security systematically and collaboratively.