Intelligent Phishing Email Detection and Automated Ticket Creation Workflow

Workflow Name

Intelligent Phishing Email Detection and Automated Ticket Creation Workflow

Key Features and Highlights

This workflow enables real-time monitoring of Gmail and Microsoft Outlook inboxes, automatically extracting email content and detailed header information. It generates HTML screenshots of emails and leverages AI (ChatGPT-4) for phishing risk analysis. The analysis results and email screenshots are automatically used to create Jira tickets, providing security teams with an efficient and systematic solution for handling phishing emails.

Core Problems Addressed

• Manual phishing email identification is time-consuming and prone to errors
• Dispersed email information makes it difficult to quickly obtain a comprehensive view and header details
• Phishing email reporting processes are cumbersome and lack automation support
• Absence of a unified platform to promptly relay email threat information to security operations teams

Use Cases

• Automated phishing email detection and response for enterprise security operations teams
• Integration with email security monitoring systems to enhance phishing email identification efficiency
• Assisting IT support departments in quickly locating and handling potential phishing threats
• Automatically generating security incident tickets to facilitate process tracking and management

Main Workflow Steps

1. Email Trigger and Listening

   • Real-time capture of new Gmail emails via the Gmail Trigger node
   • (Optional) Listening for new Outlook emails via the Microsoft Outlook Trigger node (currently disabled)

2. Extraction of Email Content and Header Information

   • Variables configured to extract subject, recipients, body, and email header details
   • For Outlook emails, detailed headers are retrieved and structured by calling the Microsoft Graph API

3. Email HTML Screenshot Generation

   • Conversion of email HTML content into images using the hcti.io API, preserving the visual layout of the email

4. AI-based Phishing Email Analysis

   • Utilizing the ChatGPT-4 model combined with email screenshots and header information to automatically assess phishing risks
   • Generating a detailed analysis report formatted for Jira wiki-style presentation

5. Automated Jira Ticket Creation

   • Integrating key email information with AI analysis results to automatically create Jira issue tickets
   • Attaching email screenshots to provide intuitive references for the security team

Involved Systems and Services

• Gmail (email triggering and content retrieval)
• Microsoft Outlook (email monitoring and header information retrieval)
• hcti.io (HTML email to image screenshot service)
• OpenAI ChatGPT-4 (AI phishing email analysis)
• Jira Software Cloud (automated phishing email ticket creation and management)
• Microsoft Graph API (retrieval of Outlook email header information)

Target Users and Value

• Enterprise security operations and email security teams: improve phishing email detection efficiency and reduce manual misjudgments
• IT support departments: automate ticket creation and accelerate phishing email response workflows
• Automation engineers: integrate multiple services via a no-code platform to achieve end-to-end email security automation
• Any organization needing to monitor and handle large volumes of email security threats, enhancing the speed and accuracy of security incident response

---

Centered on automation and AI-driven intelligent analysis, this workflow integrates multi-platform email data to deliver a closed-loop solution from email monitoring and phishing threat detection to ticket management, making it a vital tool for modern enterprise email security defense.