Skip to content

Pull requests: sublime-security/sublime-rules

New pull request New
127 Open 4,442 Closed
127 Open 4,442 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Reviews
Filter by reviews
No reviews Review required Approved review Changes requested
Assignee
Filter by who’s assigned
Assigned to nobody Loading
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Pull requests list

Update observed IOC rules - 2026-05-30 shared-samples:excluded:author_membership test-rules:excluded:author_membership
#4570 opened May 30, 2026 by github-actions Bot Loading…
1
Update impersonation_docusign.yml in-test-rules PR is in our testing suite to collect telemetry
#4569 opened May 29, 2026 by JFarina5 Member Loading…
Adding condition for Adobe in detection rule in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review
#4567 opened May 29, 2026 by cybher0808 Member Loading…
@cybher0808
1
Create body_self_sender_bold_pdf_link.yml in-test-rules PR is in our testing suite to collect telemetry
#4565 opened May 29, 2026 by keaton-sublime Member Draft
Add service abuse detection rule for Datadog alerts in-test-rules PR is in our testing suite to collect telemetry
#4564 opened May 29, 2026 by peterdj45 Member Loading…
Add detection rule for suspicious PDF links in RFQ/RFP in-test-rules PR is in our testing suite to collect telemetry
#4563 opened May 28, 2026 by peterdj45 Member Loading…
Update impersonation_quickbooks.yml in-test-rules PR is in our testing suite to collect telemetry
#4561 opened May 28, 2026 by JFarina5 Member Loading…
Update impersonation_paypal.yml in-test-rules PR is in our testing suite to collect telemetry
#4560 opened May 28, 2026 by JFarina5 Member Loading…
Update whitespace stuffing regex and generic document sharing thread exclusion hunting-required Hunts needed to validate rule efficacy test-rules:excluded:link_analysis Link analysis in rule, excluding from test rules test-rules:excluded:manual Manually excluded from test-rules, either by adding this label or removing the in-test-rules label
#4556 opened May 28, 2026 by IndiaAce Member Loading…
1
Modify Callback phishing rule in-test-rules PR is in our testing suite to collect telemetry
#4554 opened May 27, 2026 by cybher0808 Member Loading…
@cybher0808
Create link_base64_recipient_with_arrow.yml in-test-rules PR is in our testing suite to collect telemetry
#4551 opened May 27, 2026 by D-Bolton Member Loading…
Add condition for 'Fax Message Delivered' in detection rule in-test-rules PR is in our testing suite to collect telemetry
#4544 opened May 26, 2026 by peterdj45 Member Loading…
Create attachment_pdf_base64_javascript_yara.yml
#4542 opened May 26, 2026 by keaton-sublime Member Draft
Update impersonation_usps.yml in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review
#4537 opened May 26, 2026 by JFarina5 Member Loading…
1
Update close the loop with reporter automation to trigger on asa complete review-needed Indicates that a PR is waiting for review shared-samples:excluded:author_membership test-rules:excluded:author_membership
#4536 opened May 26, 2026 by ameliagapin Loading…
1
Modify self-sender rule to detect suspicious links in-test-rules PR is in our testing suite to collect telemetry
#4529 opened May 22, 2026 by peterdj45 Member Loading…
Update impersonation_fake_copyright_infringement_notice_from_unsolicited_sender.yml in-test-rules PR is in our testing suite to collect telemetry
#4526 opened May 21, 2026 by missingn0pe Member Loading…
@IndiaAce @missingn0pe
Update brand_impersonation_irs.yml in-test-rules PR is in our testing suite to collect telemetry
#4521 opened May 21, 2026 by markmsublime Member Loading…
Update credential_phishing_suspicious_subject_nlu_financial_urgent.yml in-test-rules PR is in our testing suite to collect telemetry
#4519 opened May 20, 2026 by cybher0808 Member Loading…
@cybher0808
Add first_name/last_name concat matching to org_vips body/subject rules in-test-rules PR is in our testing suite to collect telemetry
#4515 opened May 20, 2026 by IndiaAce Member Loading…
Create brand_impersonation_morgan_stanley.yml in-test-rules PR is in our testing suite to collect telemetry
#4514 opened May 20, 2026 by JFarina5 Member Loading…
Add first_name/last_name concat matching to org_vips sender rules in-test-rules PR is in our testing suite to collect telemetry
#4513 opened May 20, 2026 by IndiaAce Member Loading…
1
Update attachment_adobe_image_lure.yml in-test-rules PR is in our testing suite to collect telemetry review-needed Indicates that a PR is waiting for review
#4512 opened May 20, 2026 by MSAdministrator Member Loading…
@zoomequipd
3
Create link_self_sender_doc_lure_external_domain.yml in-test-rules PR is in our testing suite to collect telemetry
#4510 opened May 19, 2026 by MSAdministrator Member Loading…
Create link_self_sender_cred_theft_sus_tlds.yml in-test-rules PR is in our testing suite to collect telemetry
#4507 opened May 19, 2026 by MSAdministrator Member Loading…
@MSAdministrator
1
ProTip! Exclude everything labeled bug with -label:bug.