Notify user in Slack of quarantined email and create Jira ticket if opened
This workflow is designed to automatically respond to security alerts. It promptly notifies relevant recipients in Slack about suspicious emails that have been quarantined, and in cases where the email has been opened, it automatically creates a Jira ticket to track the security incident. Through real-time alerts and collaborative responses, it enhances the efficiency of security operations, reduces the need for manual monitoring and intervention, improves processing accuracy, effectively manages potential risks, and ensures information security and business continuity.
Workflow Name
Notify_user_in_Slack_of_quarantined_email_and_create_Jira_ticket_if_opened
Key Features and Highlights
This workflow automatically responds to security alerts from Sublime Security by intelligently notifying email recipients in Slack about suspicious emails that have been automatically quarantined. If the quarantined email has already been opened, it further creates a Jira ticket to facilitate subsequent security incident tracking and handling. This enables real-time alerting and collaborative response to email security incidents, significantly enhancing security operations efficiency.
Core Problems Addressed
- Timely notification to email recipients about quarantined emails to prevent business disruption caused by false positives.
- Automatic detection of whether the email has been opened, and automatic creation of Jira tickets for potential security threats to ensure rapid incident response and resolution.
- Reduction of manual monitoring and intervention, improving the automation and accuracy of security alert handling.
Application Scenarios
- Enterprise security operations teams requiring real-time monitoring and response to email security threats.
- IT departments needing to promptly inform users about email quarantine status and manage potential risks.
- Organizations seeking integration of security alerts with project management tools for incident tracking and collaborative handling.
Main Workflow Steps
- Receive Webhook Alert from Sublime Security: Triggered automatically when an email is scanned and quarantine rules are activated.
- Call API to Retrieve Email Details: Query email content and security rule information via the Sublime Security API.
- Check if the Email Has Been Opened: Determine whether the recipient opened the email prior to quarantine.
- Lookup Slack User ID by Recipient’s Email: Prepare for notification delivery.
- If Slack User is Found, Send Quarantine Notification Message: Inform the user about the quarantine and provide follow-up recommendations.
- If the Email Has Been Opened, Automatically Create a Jira Ticket: The ticket includes detailed email security information and rule context to assist the security team’s follow-up.
- If Slack User is Not Found or Email Not Opened, Corresponding Steps Are Skipped.
Involved Systems or Services
- Sublime Security: Email security scanning and quarantine service providing webhook alerts and APIs.
- Slack: Instant messaging platform used to notify email recipients.
- Jira Software: Project management and security incident tracking tool used to create security incident tickets.
- n8n: Automation workflow platform responsible for orchestration and data exchange between systems.
Target Users and Value Proposition
- Enterprise security operations and IT support teams can leverage this workflow to automate monitoring and response for email security incidents.
- Organizations aiming to improve email security incident handling efficiency and reduce exposure to security risks.
- Enterprises seeking to minimize manual operations through automation, enabling rapid user notification and efficient security incident management.
By automating the integration of email security monitoring, instant messaging, and project management, this workflow helps organizations quickly respond to potential threats, ensuring information security and business continuity.