top of page
Search

Sublime Security – Dashboard Walkthrough (Overview + User Reports)

  • Aug 8
  • 3 min read

Updated: Aug 12

ree


Alright folks — let’s dive in!

Now that I’ve hyped up Sublime Security in the last post (with good reason 😎), it’s time to show you how this beast of a platform actually looks and what kind of visibility you get once it's live in your environment.


We’re starting with the two most straightforward but powerful pages:


  • The Overview tab

  • And the User Reports tab


I know — it’s pretty self-explanatory. But I’m still going to walk you through it because even simple things can show big impact when done right.




📊 Page 1: The Overview Dashboard

So the moment you log into Sublime, this is your command center. The Overview page gives you a real-time pulse on what’s happening inside your email environment — and honestly, it’s clean, informative, and actually useful (not just pretty graphs).


Let’s break it down 👇



✅ High-Level Stats Right Up Top

ree

The first thing you'll see:

  • How many mailboxes are protected

  • How many messages have been analyzed

  • How many detection rules are active

This gives you instant feedback on how wide your protection spans and how active your defenses are. No need to dig through config menus.



📈 Attack Remediation Timeline

Next up — a timeline chart that shows how many attacks were remediated per day.

ree

This is 🔥 because it lets you see the ebb and flow of attacks over time. You’ll notice spikes — and those spikes tell stories.


Was there a burst of phishing on a Monday? Did something sketchy happen over the weekend? This is where you start spotting patterns.


🏷️ Top Labels: See What’s Being Flagged

Scroll a bit, and you hit the Top Labels section, broken down by:

ree

  1. Attack Types – What was the goal? (BEC, credential theft, QR scams, etc.)

  2. Tactics & Techniques – How did they try to pull it off? (HTML smuggling, spoofing, obfuscated links...)

  3. Detection Methods – How were these threats caught? Was it AI, a custom rule, a community rule?


You’re not just seeing “what got blocked” — you’re seeing how and why it was caught, which is gold for any security team trying to improve detection strategies.


🔍 Top Detection Rules

You’ll also get a list of:

ree

  • Detection Rules that fired the most

  • Based on how many attacks each rule caught


This helps in two major ways:

  1. You know which rules are working

  2. You can prioritize tuning the ones getting noisy or low-confidence hits


🎯 Top Targets

This section shows the mailboxes getting attacked the most.

ree

Very useful to:

  • Identify high-risk users (like finance, C-levels, HR)

  • Correlate with investigation timelines

  • Build custom protection (like VIP inbox rules)



⚙️ Actions Summary

A breakdown of:


ree

  • Remediation actions applied (e.g., quarantined, moved to junk)

  • Alert actions (like notifying SOC or ticket creation)

You see what actually happened after the detection — and whether automation kicked in or manual action was needed.



🚨 Message Classification

At the very bottom, you get a clear picture of:

ree

  • How many messages were classified as malicious, spam

  • How many were automatically remediated vs manually handled


This gives a snapshot of human vs machine balance — and you’ll start to see how much time you’re saving through automation.

And don’t worry — we’ll dig deeper into these remediation details in a future post.





📬 Page 2: User Reports Overview

The next tab is super useful, especially if you have an organization where users report emails to the SOC or security team.

This section basically shows:

  • Emails reported by users

  • What action was taken:

    • Quarantined

    • Moved to spam

    • Marked clean

    • Ignored

    • Further investigated


You don’t need to be a genius to use it — just click, review, and go. It helps the SOC team verify whether a report was valid or not, and it builds confidence with users that their reports are being looked at.

🧠 Why These Two Pages Matter (More Than You Think)

While these two tabs seem “basic,” they actually offer:


  • Instant operational visibility

  • Historical awareness (timeline + trends)

  • Confidence in what's working and where to tune

  • Context for each mailbox, rule, and user action


In the old days, we’d have to pull logs from the SEG, correlate with EDR alerts, and chase people down for context. Sublime brings all that into one place, focused purely on email.

---------------------------------------------------------------------------------------------------------

🎤 Wrapping Up

That’s the bird’s eye view of your Sublime dashboard.

In the next upcoming articles, I’ll dive deeper into custom rules, retro hunting, and how to use MQL like a pro. Because honestly, that’s where the magic happens — and it’s where you get to turn this tool into your own personalized email defense engine.


Until then — stay safe, stay curious, and watch those inboxes!Let’s keep digging. 🔍

-----------------------------------------------------------------------------------------------------------

Upcoming Article: Understanding the “Remediate Threats” Tab in Sublime Security

-----------------------------------------------------------------------------------------------------------



 
 
 

Comments

bottom of page