Receive_and_analyze_emails_with_rules_in_Sublime_Security

For Sublime Security, automate email analysis by seamlessly ingesting .eml attachments from your inbox. This workflow detects phishing attempts, analyzes them for threats, and delivers real-time reports to your Slack channels. It enhances your cybersecurity response by ensuring timely notifications and efficient threat management, all while minimizing manual intervention.

7/8/2025
13 nodes
Complex
gchvocimoxoevnzpqpjkatvlsxxtre8uemailcomplexemailreadimapmovebinarydataslacksticky noteadvancednotificationlogicconditionalcommunicationapiintegration
Categories:
Communication & MessagingComplex WorkflowEmail Triggered
Integrations:
EmailReadImapMoveBinaryDataSlackSticky Note

Target Audience

Target Audience


- Cybersecurity Teams: Professionals focused on identifying and mitigating email threats.
- IT Administrators: Individuals managing email systems and security protocols.
- Compliance Officers: Staff ensuring adherence to security policies and regulations.
- Organizations Using Outlook: Companies that utilize Outlook for email communication, especially those focused on phishing threat management.

Problem Solved

Problem Solved


This workflow addresses the challenge of efficiently analyzing potential phishing emails with attachments. By automating the detection and analysis process, it reduces the manual effort required to handle suspicious emails, ensuring a quicker response to threats. Key benefits include:
- Immediate Threat Detection: Automates the identification of phishing attempts, allowing for rapid response.
- Centralized Management: Streamlines the process of handling emails flagged for security analysis.
- Enhanced Communication: Sends notifications to Slack, keeping team members informed of potential threats.

Workflow Steps

Workflow Steps


1. Email Trigger (IMAP): The workflow initiates when an email is received in the designated inbox.
2. IF Email Has Attachment: Checks if the email contains any attachments. If an attachment is found, it proceeds to the next step; otherwise, it sends a notification about the missing attachment.
3. Move Binary Data: Converts the binary attachment data into a format suitable for analysis.
4. Analyze Email with Sublime Security: Sends the attachment to Sublime Security's API for in-depth analysis.
5. Split to Matched and Unmatched: Processes the analysis results, categorizing them into matched and unmatched rules.
6. Format the Message: Prepares a summary message based on the analysis results to be sent to Slack.
7. Notify About Missing Attachment: If no attachment is found, sends a notification to the designated Slack channel, prompting further investigation.
8. Send Report to Slack: Finally, the formatted message is sent to the specified Slack channel, ensuring that all stakeholders are promptly informed of the analysis results.

Customization Guide

Customization Guide


- Email Credentials: Update the IMAP credentials to connect to the appropriate email account where phishing emails are received.
- Slack Channel: Change the Slack channel ID in the Slack nodes to direct notifications to the desired channel.
- Sublime Security API Token: Ensure that the bearer token for Sublime Security is correctly configured to allow API access.
- Conditions for Analysis: Modify the conditions in the 'IF email has attachment' node to adapt to specific organizational needs, such as checking for different MIME types or attachment formats.
- Message Formatting: Adjust the message template in the 'Format the message' node to include additional details or customize the output format as needed.