Automated Multi-Email Phishing Detection and Jira Ticket Generation

Workflow Name

Automated Multi-Email Phishing Detection and Jira Ticket Generation

Key Features and Highlights

This workflow enables real-time monitoring and automated processing of new emails across Gmail and Microsoft Outlook accounts. It converts email content into screenshots and leverages AI (ChatGPT-4) for phishing email analysis. Detailed Jira tickets are automatically generated, including the email screenshots to assist security teams in rapid response. The fully automated process significantly enhances the efficiency and speed of phishing email identification and handling.

Core Problems Addressed

• Automated monitoring of multiple email accounts (Gmail and Outlook) to capture potential phishing emails
• Accurate phishing risk assessment through AI-driven analysis of email headers and content
• Rapid creation of Jira issues containing comprehensive email details and analysis reports, optimizing security incident tracking and resolution
• Visual representation of emails (via screenshots) to help security teams intuitively understand email content and improve judgment accuracy

Use Cases

• Automated phishing email monitoring and incident response for enterprise information security teams
• IT support teams quickly capturing and handling emails related to security threats
• Organizations requiring security analysis and automated ticket management for emails from multiple mailboxes

Main Process Steps

1. Email Trigger
   • Real-time monitoring of new emails in each mailbox using “Gmail Trigger” and “Microsoft Outlook Trigger” nodes (polling every minute).
2. Email Data Extraction and Variable Assignment
   • Extract key fields such as subject, recipients, body, and email headers from each email and standardize their format for storage.
3. Email Screenshot Generation
   • Use the hcti.io API to convert the email’s HTML content into an image, preserving the visual layout of the email.
4. Email Header Formatting
   • Parse Outlook email headers and structure critical information for subsequent analysis.
5. AI-Powered Analysis
   • Utilize the ChatGPT-4 model to analyze the email screenshot and header information, automatically generating a phishing risk assessment report.
6. Jira Ticket Creation and Attachment Upload
   • Automatically create Jira issues based on the analysis results, including detailed email information and AI conclusions, with attached email screenshots to facilitate swift follow-up by security teams.

Involved Systems and Services

• Gmail (email retrieval via Gmail Trigger node)
• Microsoft Outlook (email and header retrieval via Outlook Trigger and Microsoft Graph API)
• hcti.io (HTML-to-image API for generating email screenshots)
• OpenAI ChatGPT-4 (AI model for phishing risk analysis of email content and headers)
• Jira Software Cloud (automated creation of phishing email handling tickets and attachment uploads)

Target Users and Value

• Enterprise security operations teams: Automate phishing email detection to reduce manual investigation workload and accelerate incident response.
• IT support and operations personnel: Quickly access detailed phishing email information and analysis to take timely action.
• Developers and automation engineers: Extend this workflow to integrate additional mailboxes or security systems for comprehensive email security management.
• Medium to large organizations: Ensure standardized handling and tracking of email security incidents through automation, enhancing overall security management capabilities.