mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-03-24 13:32:37 +01:00

Files

Mike Reeves ebc1152376 Rebuild all analyzer source-packages for Python 3.14

Full rebuild of all analyzer source-packages via pip download targeting
cp314/manylinux_2_17_x86_64 to match the so-soc Dockerfile base image
(python:3.14.3-slim).

Replaces cp313 wheels with cp314 for pyyaml and charset_normalizer,
and picks up certifi 2026.2.25 (from 2026.1.4).

2026-03-16 18:58:24 -04:00

source-packages

Rebuild all analyzer source-packages for Python 3.14

2026-03-16 18:58:24 -04:00

__init__.py

Add Sublime Platform analyzer

2023-12-05 18:31:50 +00:00

README.md

update 2.4 references to 3

2026-03-05 11:05:19 -05:00

requirements.txt

Add Sublime Platform analyzer

2023-12-05 18:31:50 +00:00

sublime_test.py

Update live flow option

2023-12-05 19:55:23 +00:00

sublime.json

Change author

2023-12-05 18:36:25 +00:00

sublime.py

Fix indentation for rule_results

2023-12-06 17:37:07 +00:00

sublime.yaml

Update live flow option

2023-12-05 19:55:23 +00:00

README.md

Sublime

Description

Submit a base64-encoded EML file to Sublime Platform for analysis.

Configuration Requirements

In SOC, navigate to Administration, toggle Show all configurable settings, including advanced settings., and navigate to sensoroni -> analyzers -> sublime_platform.

The following configuration options are available for:

api_key - API key used for communication with the Sublime Platform API (Required)

base_url - URL used for communication with Sublime Platform. If no value is supplied, the default of https://api.platform.sublimesecurity.com will be used.

The following options relate to Live Flow analysis only:

live_flow - Determines if live flow analysis should be used. Defaults to False.

mailbox_email_address - The mailbox address to use for during live flow analysis. (Required for live flow analysis)

message_source_id - The ID of the message source to use during live flow analysis. (Required for live flow analysis)