Intelligent Email Security Analysis and Automated Ticket Creation

Workflow Name

Intelligent Email Security Analysis and Automated Ticket Creation

Key Features and Highlights

This workflow enables real-time monitoring and capturing of incoming emails in Gmail and Microsoft Outlook inboxes. Leveraging AI technology, it performs in-depth analysis of email content and header information to automatically identify potential phishing or malicious emails. Based on the analysis results, the workflow automatically generates corresponding Jira tickets, attaching screenshots of the email body and text files, significantly optimizing the efficiency and traceability of security incident response.

Core Problems Addressed

• Real-time capture and processing of suspicious emails across multiple mailboxes (Gmail, Outlook);
• Automatic identification of phishing emails to reduce risks of human error and oversight;
• Automated creation of security incident tickets to accelerate security team response;
• Multi-format archiving of emails (text and screenshots) for convenient subsequent review and analysis.

Application Scenarios

• Automated protection and monitoring of email phishing attacks by enterprise Security Operations Centers (SOC);
• IT support teams for rapid identification and handling of security incidents;
• Any organization requiring automated detection and incident tracking of secure emails in mailboxes.

Main Process Steps

1. Email Trigger Monitoring
   Uses the “Gmail Trigger” node to poll for new Gmail emails every minute, and optionally enables the “Microsoft Outlook Trigger” to monitor Outlook emails.

2. Extraction of Email Content and Header Information

   • For Gmail, directly extracts subject, recipients, HTML body, and plain text body variables.
   • For Outlook, retrieves detailed email headers and body content via Microsoft Graph API, then formats and assigns them to variables.

3. Multi-format Conversion of Email Body

   • Converts the email body text into a .txt file.
   • Calls a third-party API (hcti.io) to generate a screenshot of the HTML email body for visual inspection.

4. AI Intelligent Analysis
   Utilizes the ChatGPT model to analyze the combined HTML body and header information, determining whether the email is phishing or malicious, outputting structured JSON results along with detailed analysis explanations.

5. Automated Ticket Creation
   Based on AI analysis results, routes and creates two types of Jira tickets:

   • Phishing/Malicious Email Tickets (tagged as “Potentially Malicious”)
   • Security Email Tickets (tagged as “Potentially Benign”)

6. Attachment Upload
   Uploads the email body screenshot and text file to the corresponding Jira ticket to enrich ticket content and facilitate investigation by the security team.

Involved Systems and Services

• Gmail: Email triggering and data extraction
• Microsoft Outlook / Microsoft Graph API: Email and header retrieval
• hcti.io: HTML email body to screenshot conversion
• OpenAI ChatGPT: Email analysis and phishing detection
• Jira Software Cloud: Automated security incident ticket creation and attachment management

Target Users and Value

• Enterprise information security teams seeking to enhance automation in phishing email defense
• IT support and operations personnel aiming for rapid incident localization and response
• Any organization relying on email communication and concerned with email security, effectively reducing phishing risks and manual workload
• Combines AI technology with automation tools to improve the efficiency and accuracy of email security incident handling

---

By integrating multi-platform email access, intelligent AI analysis, and enterprise-grade ticket management, this workflow delivers a fully automated and intelligent solution for email security incident handling, making it a vital tool for modern enterprise email security governance.