A free and open platform for detecting and preventing email attacks like BEC, malware, and credential phishing. Gain visibility and control, hunt for advanced threats, and collaborate with the community.
Sublime uses Message Query Language (MQL), a domain-specific language purpose-built for describing behavior in email. MQL is email provider agnostic, enabling defenders to write, run, and share Detections-as-Code.
Learn more about MQL: Introduction to Message Query Language
This Docker deployment is intended for small-medium size deployments and for testing purposes ONLY (limited to 600 active mailboxes). For the best Sublime experience, we recommend the AWS Cloud-native deployment or Sublime Managed Cloud, which can support any number of mailboxes, is resilient, and has the latest features. The docker deployment allows you to gain hands on experience, but will only receive best effort support (no long term support).
Learn more about feature restrictions for Docker Compose
The Sublime Platform Docker Compose ships as an entire setup. Modifying the docker-compose file or using our docker images within your own implementation is not supported.
curl -sL https://raw.githubusercontent.com/sublime-security/sublime-platform/main/install-and-launch.sh | shOpen-source detection rules and links to community Feeds are maintained in the sublime-rules repo.