Skip to content
| Marketplace
Sign in
Visual Studio Code>Language Packs>Message Query Language (MQL)New to Visual Studio Code? Get it now.
Message Query Language (MQL)

Message Query Language (MQL)

Sublime Security

|
729 installs
| (0) | Free
Syntax highlighter, formatter, and language client for Message Query Language.
Installation
Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.
Copied to clipboard
More Info

Message Query Language (MQL) extension for Visual Studio Code

Sublime prevents email attacks using AI and Detection-as-Code. Gain visibility and control, hunt for advanced threats, and spend less time on email-originated incidents.

Use the Sublime Platform to:

  • block email attacks such as phishing, BEC, and malware
  • hunt for threats over email
  • auto-triage user reports with phishing herd immunity and Triage rules

At its core, Sublime is a rules engine that ingests email messages from arbitrary sources, parsing to a structured *Message Data Model (MDM) which powers rules written in Message Query Language (MQL). When rules match, actions are taken such as generating a webhook notification or inserting a warning banner. Emails are extracted Below is an example of a simple rule:

name: HTML smuggling via attachment
severity: high
source: |
  type.inbound
  and any(attachments, .file_extension in~ ('html', 'htm') 
          and any(file.explode(.),
                  any(.scan.javascript.identifiers, . == "unescape")
          )
  )
tags:
  - "HTML smuggling"

The MQL extension for Visual Studio code provides validation and completion capabilities

  • Syntax highlighting
  • ChatGPT based completion for line comments (requires openAIKey in settings)
  • Autocompletion (if the Language Server is enabled)
  • Validation of functions and types (if the Language Server is enabled)
  • Diagnostic hints, warnings, and errors (if the Language Server is enabled)

Resources

  • Sublime Security homepage
  • Detection rules on GitHub
  • Sublime Security Platform
  • Platform documentation
    • Message Data Model (MDM)
    • Message Query Language (MDM)
  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft