GmailTrigger Automate

Target Audience

- IT Security Teams: Those responsible for monitoring and responding to phishing threats can leverage this workflow for efficient email analysis and reporting.
- Help Desk Personnel: Individuals who handle user-reported phishing emails and need a streamlined method to document and escalate these incidents.
- Developers and Automation Specialists: Professionals looking to integrate Gmail and Microsoft Outlook triggers with AI analysis for automated workflows.
- Project Managers in IT: Managers overseeing security projects can use this workflow to ensure timely responses to phishing threats.
- Compliance Officers: Those tasked with ensuring that organizations adhere to security protocols can utilize this workflow to document phishing incidents effectively.

Problem Solved

This workflow addresses the challenge of efficiently monitoring and responding to potential phishing emails. By automating the detection, analysis, and reporting of suspicious emails, it helps organizations mitigate the risk of phishing attacks. Key benefits include:
- Real-time Monitoring: Captures incoming emails every minute, ensuring no potential threats are overlooked.
- Automated Analysis: Utilizes AI (ChatGPT) to analyze email content and headers, providing insights on potential phishing attempts.
- Streamlined Reporting: Automatically generates Jira tickets for reported phishing emails, ensuring proper tracking and management of incidents.
- Visual Documentation: Creates screenshots of email content for easy reference and review, enhancing the reporting process.

Workflow Steps

1. Trigger: The workflow is manually triggered when an email is received in either Gmail or Microsoft Outlook.
2. Set Variables: Extracts key components of the email, such as subject, recipient, body, and headers, and assigns them to variables for further processing.
3. Retrieve Email Headers: For Microsoft Outlook emails, detailed headers and body content are fetched to gain more context.
4. Format Headers: The headers are structured into a user-friendly format for easier analysis.
5. Generate Screenshot: The HTML content of the email is processed to create a visual representation using the hcti.io API.
6. Analyze with AI: The ChatGPT node analyzes the email content and headers, determining if it might be a phishing attempt, and formats the response for Jira.
7. Create Jira Ticket: A detailed Jira ticket is created, compiling all relevant information about the reported phishing email.
8. Upload Screenshot: The generated screenshot of the email is attached to the Jira ticket for additional context.
9. Final Documentation: All steps ensure that phishing incidents are documented efficiently, improving response times and tracking.

Customization Guide

- Modify Email Triggers: Users can adjust the polling frequency of email triggers (e.g., from every minute to every five minutes) based on their needs.
- Change Analysis Parameters: Customize the parameters sent to ChatGPT for analysis, such as changing the text prompts or adjusting token limits for the AI response.
- Alter Jira Ticket Fields: Users can modify the fields included in the Jira ticket, such as adding custom labels or tags relevant to their organization’s workflow.
- Integrate Additional Services: The workflow can be expanded to include other services (e.g., Slack notifications) for alerting teams about phishing reports.
- Customize Email Processing Logic: Adjust the logic in the code nodes to filter specific types of emails or to include additional processing steps based on organizational requirements.