Notify_user_in_Slack_of_quarantined_email_and_create_Jira_ticket_if_opened

For Slack, this workflow automates notifications for users when a quarantined email has been opened, ensuring timely communication about potential security threats. It creates a Jira ticket for further investigation if the email was accessed before quarantine, streamlining incident response and enhancing security management.

7/8/2025
13 nodes
Complex
5tdahoqdlbnsfbryqpjkatvlsxxtre8uwebhookcomplexjirasticky noteslacknoopadvancedlogicconditionalintegrationapicommunicationnotification
Categories:
Communication & MessagingComplex WorkflowWebhook Triggered
Integrations:
JiraSticky NoteSlackNoOp

Target Audience

Target Audience


- IT Security Teams: Responsible for monitoring and responding to email threats.
- Help Desk Personnel: Need to manage user inquiries regarding quarantined emails.
- Jira Users: Teams using Jira for incident tracking and management.
- Slack Users: Teams that utilize Slack for internal communications and alerts.

Problem Solved

Problem Solved


This workflow addresses the challenge of notifying users about potentially malicious emails that have been quarantined. It ensures that users are informed promptly if they have opened an email before it was flagged, allowing for quick resolution and investigation of potential threats.

Workflow Steps

Workflow Steps


1. Receive Alert: The workflow is triggered by a webhook from Sublime Security when an email is flagged.
2. Fetch Email Details: It retrieves detailed information about the flagged email using Sublime Security's API.
3. Check Email Status: The workflow checks if the flagged email has been opened by the recipient.
4. Create Jira Ticket: If the email has been opened, a Jira ticket is generated for further investigation, including detailed information about the email.
5. Lookup Slack User: The workflow attempts to find the recipient's Slack username based on their email address.
6. Notify User: If the user is found in Slack, a notification is sent to inform them about the quarantined email, including details such as the sender's name and email, subject line, and instructions for further action.
7. No Action if Not Found: If the user is not found in Slack, the workflow does nothing further.

Customization Guide

Customization Guide


- Webhook Configuration: Adjust the webhook settings in Sublime Security to point to your n8n instance.
- API Credentials: Update the API keys for Sublime Security, Jira, and Slack with your own credentials in the n8n settings.
- Jira Issue Type: Modify the Jira issue type and project settings to align with your organization's tracking system.
- Slack Notifications: Customize the message sent to users in Slack to better suit your company's tone and communication style.
- Additional Logic: Enhance the workflow with more conditions or actions based on your specific security processes.