You can now create custom rule feeds powered by private Git repositories, enabling you to:
- Privately managed your custom detection rules in Git
- Share custom rule feeds privately in sharing groups or with trusted individuals at other organizations
- Privately manage exceptions to rules from the Sublime feed
Authentication is handled via private SSH keys.
Here’s how Private Rule Feeds can be used to manage feed rule exceptions confidentially:
- Fork the Sublime Rules repo to your private Git repository
- Make your desired Rule modifications on your Fork
- Create a new Feed in your Sublime deployment and point it at this repo
- Manage updates from the upstream Sublime Rules Repo via Git; merged changes will appear in your Sublime deployment via the Feed
How do I get started?
If you have an AWS deployment or Cloud account, you received this update automatically.
If you have a local Docker deployment, follow these instructions to update.
If you don't have early access to Sublime, you can request it here.
Here are some of the other releases our team is actively working on:
- Automatically triage reported messages using Triage Rules
- Dynamic VIP impersonation detection
- Write detection rules that reference Active Directory or Google Groups
- Detect HTML smuggling by analyzing files linked in the body of a message
- Ingest threat intel directly into your Sublime environment and reference that intel in detection rules
Grab us on Slack or via email with any support questions or feedback! You can also grab a feedback or catch-up session with us at any time here.