PlatformAnalysis APIDocsGitHubContact
Log in

Control
your email environment

name:

CEO impersonation

severity:

high

source:

| ilike(sender.display_name, "*Rachael Tyrell*") and sender.email.domain.root_domain != 'tyrellcorp.io'

actions:

warning_banner:

"Warning: This sender may be impersonating our CEO."

alert:

splunk

tags:

- "Executive Impersonation"

- "Business Email Compromise"

Modern email security is a one-size-fits-all black box. The same phishing attacks continue to land, and the same legitimate emails continue to get blocked.

Sublime

lets you write and run custom detection and response rules to

block phishing attacks, hunt for threats, and more.

Learn more

Rule

Message

Code

name:

CEO impersonation

severity:

high

source:

| ilike(sender.display_name, "*Rachael Tyrell*") and sender.email.domain.root_domain != 'tyrellcorp.io'

actions:

warning_banner:

"Warning: This sender may be impersonating our CEO."

alert:

splunk

tags:

- "Executive Impersonation"

- "Business Email Compromise"

Block

Write sophisticated rules to block and detect phishing attacks. Operationalize threat intel from any source.

Remediate

Delete reported phish and find similar messages with a single click. Add context-aware warning banners to suspicious messages.

Hunt

Identify and remediate campaigns using behavioral patterns and historical message search. Detect malicious forwarding rules.

Collaborate

Subscribe to rules written by others in the community. Report new attacker techniques.

© 2021. Sublime Security, Inc.

TermsPrivacySecurityCareersEmailRep