This release improves the way MQL functions are organized by grouping them into modules. Now, when you’re searching for MQL functions, you’ll find that your favorite string functions are grouped under
regex.. In the future, we plan to add function modules for NLU, base64 parsing, HTTP requests, and more!
As part of this release, your custom rules are automatically migrated to the new function names, and the MQL editor will help you use the new names going forward. The old names will continue to work, but with a deprecation warning and a Quick Fix suggestion in the editor, so you can easily use the new names.
Rules in the Sublime Rules Feed have also been updated to use the new function names!
This release also includes a few new functions:
strings.concat: Concatenate multiple strings on the fly.
strings.contains: Check if one string contains another.
strings.ends_with: Check if one string ends with another.
strings.starts_with: Check if one string starts with another.
like, which uses a wildcard pattern that has to be known ahead of time, these new substring functions can flexibly support fields or other dynamic values for both arguments. For example, you can now do
The MQL editor is aware of this change, and will help you use the new names as you type.
When you use the old function names, the editor will suggest updates to automatically use the new name, and you can apply that update with a single click.
How do I get started?
If you have an AWS deployment or Cloud account, you received this update automatically.
If you have a local Docker deployment, follow these instructions to update.
If you’re on the waitlist and want to get started with Sublime, please reply to this email and let us know. We’re currently onboarding folks as quickly as we can.
Here are some of the other releases our team is actively working on:
- Detect HTML smuggling by analyzing files linked in the body of a message
- URL classifier for identifying suspicious links
- Easily manage exclusions to feed rules
- Flag messages that communicate “urgency”, “financial requests”, and more using Natural Language Understanding (NLU)
- Use Rule severities to prioritize message triage and trigger distinct investigation workflows
Grab us on Slack or via email with any support questions or feedback! You can also grab a feedback or catch-up session with us at any time here.