> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Sublime

> Reference for the Tracecat Sublime integration: registered actions, required secrets, expected inputs, and example workflow usage.

## Analyze EML

Action ID: `tools.sublime.analyze_eml`

Analyze an EML message against active detection rules and ML attack score in Sublime.

Reference: [https://docs.sublime.security/reference/analyzemessage](https://docs.sublime.security/reference/analyzemessage)

### Secrets

Required secrets:

* `sublime`: required values `SUBLIME_API_KEY`.

### Input fields

<ParamField path="eml_base64" type="string" required>
  Base64-encoded EML file.
</ParamField>

<ParamField path="base_url" type="string | null">
  Base URL of the Sublime API.

  Default: `null`.
</ParamField>

## Analyze URL

Action ID: `tools.sublime.analyze_url`

Analyze a URL with ML link analysis in Sublime.

Reference: [https://docs.sublime.security/docs/enrichment-functions#mllink\_analysis](https://docs.sublime.security/docs/enrichment-functions#mllink_analysis)

### Secrets

Required secrets:

* `sublime`: required values `SUBLIME_API_KEY`.

### Input fields

<ParamField path="url" type="string" required>
  URL to analyze.
</ParamField>

<ParamField path="base_url" type="string | null">
  Base URL of the Sublime API.

  Default: `null`.
</ParamField>

## Attack score for EML

Action ID: `tools.sublime.score_eml`

Evaluate attack score of an EML message using the Sublime API.

Reference: [https://docs.sublime.security/reference/attackscoreforrawmessage](https://docs.sublime.security/reference/attackscoreforrawmessage)

### Secrets

Required secrets:

* `sublime`: required values `SUBLIME_API_KEY`.

### Input fields

<ParamField path="eml_base64" type="string" required>
  Base64-encoded EML file.
</ParamField>

<ParamField path="base_url" type="string | null">
  Base URL of the Sublime API.

  Default: `"https://platform.sublime.security"`.
</ParamField>

## Scan file with BinExplode

Action ID: `tools.sublime.scan_file`

Scan a file with BinExplode. Returns

Reference: [https://docs.sublime.security/reference/postscan-1](https://docs.sublime.security/reference/postscan-1)

### Secrets

Required secrets:

* `sublime`: required values `SUBLIME_API_KEY`.

### Input fields

<ParamField path="file_base64" type="string" required>
  Base64-encoded file.
</ParamField>

<ParamField path="file_name" type="string" required>
  Name of the file.
</ParamField>

<ParamField path="base_url" type="string | null">
  Base URL of the Sublime API.

  Default: `null`.
</ParamField>