Sublime Security SIEM Integration

Integration Overview

Sublime Security is an email security platform that monitors and blocks sophisticated email attacks. Panther seamlessly integrates with Sublime Security, allowing you to continuously monitor and respond to email- and identity-based threats across your environment and correlate with other critical security insights. Once Sublime events are ingested into Panther, the normalized data is stored for future security investigations in a Snowflake-powered, serverless data lake.

Use Cases for Sublime Security Logs

Panther’s integration with Sublime Security includes audit log activity, messages with rule matches, and all messages in Message Data Model (MDM) format. Common SIEM use cases for these events include:

  • Detecting email-based attacks such as phishing and malware delivery
  • Monitoring configuration changes to Sublime Security
  • Correlating email content and events with other data sources such as DNS requests

Onboarding Sublime Security in Panther

Panther’s integration for Sublime Security is easy to configure, allowing you to onboard your log data in just a few minutes. Sublime Security events are uploaded through an S3 bucket.

For more detailed steps on onboarding Sublime Security or supported schema for events, view our Sublime Security documentation.

Normalizing & Analyzing Sublime Security Events

As Panther ingests Sublime Security events, they are parsed, normalized, and stored in a Snowflake security data lake. This empowers security teams to craft detections, identify anomalies, and conduct investigations on your data in the context of days, weeks, or months.

Panther’s managed schema applies normalization fields to your Sublime Security events, which standardizes names for attributes and empowers users to correlate and investigate data across all log types. For more on searching log data in Panther, check out our documentation on Investigations & Search.

Detection as Code

With Panther, your team won’t be confined to restrictive detection rules as seen in many SIEM platforms. Panther is built with detection-as-code principles, giving you the ability to use Python to write expressive detections, and to integrate external systems like version control and CI/CD pipelines into your detection engineering workflows. This results in powerful, flexible, and reusable scripting of detections for your security team.

A number of pre-built detections for Sublime Security are available by default in Panther, offering users immediate value for monitoring common IoCs and threats. You can explore our built-in detection coverage for Sublime logs here.

Configuring Alerts

Panther fires alerts when your detection rules or policies are triggered, and integrates with a variety of alert destinations to allow for easy access and management of any Sublime Security alerts. Alerts can also be forwarded to alert context or SOAR platforms for more remediation options.

Alerts are categorized in five different severity levels: Info, Low, Medium, High, and Critical. Security teams have the options to dynamically assign severity based on specific log event attributes.

Customer Support

If you have any questions about configuring Sublime Security with Panther, we’re here to help. All customers have access to our technical support team via a dedicated Slack channel, email, or in-app messenger.

You can check out our documentation on configuring Sublime Security here, or customers can sign up for the Panther Community to share best practices or custom detections for Sublime Security.

The Ideal SIEM Integration for Sublime Security

With Panther, security teams don’t have to struggle with restrictive detection logic, waste time and resources on operational overhead, or pay skyrocketing costs to keep up with the growth of cloud data. Panther was founded by a team of veteran security practitioners who struggled with legacy SIEM challenges first-hand, and built an intuitive, cloud-native platform to solve them.

Panther is a SIEM built for security operations at cloud scale, offering flexible detection-as-code, intuitive security workflows, and actionable real-time alerts to keep up with the needs of today’s security teams. For a powerful, flexible, and scalable SIEM solution, request a demo today.

Escape Cloud Noise. Detect Security Signal.
Request a Demo