diff --git a/salt/sensoroni/files/analyzers/sublime/README.md b/salt/sensoroni/files/analyzers/sublime/README.md
new file mode 100644
index 000000000..77894a2b1
--- /dev/null
+++ b/salt/sensoroni/files/analyzers/sublime/README.md
@@ -0,0 +1,24 @@
+# Sublime
+
+## Description
+Submit a base64-encoded EML file to Sublime Platform for analysis.
+
+## Configuration Requirements
+In SOC, navigate to `Administration`, toggle `Show all configurable settings, including advanced settings.`, and navigate to `sensoroni` -> `analyzers` -> `sublime_platform`.
+
+![image](https://github.com/Security-Onion-Solutions/securityonion/assets/16829864/a914f59d-c09f-40b6-ae8b-d644df236b81)
+
+
+The following configuration options are available for:
+
+``api_key`` - API key used for communication with the Sublime Platform API (Required)
+
+``base_url`` -  URL used for communication with Sublime Platform. If no value is supplied, the default of `https://api.platform.sublimesecurity.com` will be used.
+
+The following options relate to [Live Flow](https://docs.sublimesecurity.com/reference/analyzerawmessageliveflow-1) analysis only:
+
+``live_flow`` - Determines if live flow analysis should be used. Defaults to `False`.
+
+``mailbox_email_address`` - The mailbox address to use for during live flow analysis. (Required for live flow analysis)
+
+``message_source_id`` - The ID of the message source to use during live flow analysis. (Required for live flow analysis)