Home

Awesome

custom-sublime-rules

This repo is a collection of Sublime Security rules that I've developed personally. Most, if not all of these, have been created as a result of emails I've seen in my enviroment that I'd like a rule for.

Rules in development may have a high false positive or false negative rate. Rules in production should be safe.

Please feel free to contribute to this repo, or test these rules in your environment. I don't have a lot of emails to work with, so testing these rules on larger datasets is much appreciated.

Rule inventory

Rule NameIn DevelopmentIn ProductionPushed to Sublime repoComments
Brand impersonation: M365 Mail NotificationsNeeds to be tested on a larger dataset; improve detection
Brand impersonation: Canada PostFalse positives unlikely
Impersonation: Employee Benefits NotificationNeeds to be tested on a larger dataset