Automate Email Quarantine Notifications and Jira Incident Creation
detail.loadingPreview
This workflow automatically notifies users on Slack about quarantined emails and creates Jira tickets if the email was opened before quarantine. Enhance your security operations by streamlining incident response.
About This Workflow
This n8n workflow significantly boosts your Security Operations (SecOps) efficiency by automating critical incident response processes. When Sublime Security flags an inbound email for quarantine, this workflow springs into action. It first attempts to locate the recipient's Slack user via their email address to send a personalized notification. Crucially, if the flagged email was accessed before quarantine, the workflow automatically generates a Jira ticket. This ensures that your security team is immediately alerted to potential threats, providing them with all necessary details from Sublime Security to investigate and manage the incident effectively. Streamline your email security and incident management today.
Key Features
- Real-time Slack Notifications: Inform recipients immediately via Slack when their emails are quarantined.
- Automated Jira Ticketing: Create Jira issues for opened emails to ensure prompt incident tracking and resolution.
- Sublime Security Integration: Seamlessly triggers based on Sublime Security alerts and leverages its rich message data.
- User Lookup: Intelligently finds Slack users by email for targeted communication.
- Detailed Incident Context: Populates Jira tickets with comprehensive email details for efficient investigation.
How To Use
- Configure Sublime Security: Set up a rule in Sublime Security with auto-quarantine enabled and create a webhook to send alerts to the 'Receive Sublime Security Alert' n8n node.
- Set up n8n Credentials:
- Sublime Security: Provide your API key as a Header Auth credential with the format
Authorization: Bearer YOUR-API-KEY. - Slack: Configure credentials for a Slack app with
users:read.emailandim:writescopes. - Jira: Set up your Jira Cloud API credentials.
- Sublime Security: Provide your API key as a Header Auth credential with the format
- Map Slack User: Ensure the 'lookup slack user by email' node correctly uses the recipient's email from the incoming webhook payload.
- Configure Jira Ticket Details: Customize the 'Jira Software' node to specify your Jira project and issue type, and refine the summary and description fields to include relevant email data.
- Test the Workflow: Trigger a Sublime Security alert with auto-quarantine enabled to verify Slack notifications and Jira ticket creation.
Apps Used
Workflow JSON
{
"id": "3fdf9366-a06d-4fec-afc0-cb7727c8dc2d",
"name": "Automate Email Quarantine Notifications and Jira Incident Creation",
"nodes": 21,
"category": "Operations",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 3fdf9366-a06d...
About the Author
Crypto_Watcher
Web3 Developer
Automated trading bots and blockchain monitoring workflows.
Statistics
Related Workflows
Discover more workflows you might like
Universal CSV to JSON API Converter
Effortlessly transform CSV data into structured JSON with this versatile n8n workflow. Integrate it into any application as a custom API endpoint, supporting various input methods including file uploads and raw text.
Instant WooCommerce Order Notifications via Telegram
When a new order is placed on your WooCommerce store, instantly receive detailed notifications directly to your Telegram chat. Stay on top of your e-commerce operations with real-time alerts, including order specifics and a direct link to view the order.
On-Demand Microsoft SQL Query Execution
This workflow allows you to manually trigger and execute any SQL query against your Microsoft SQL Server database. Perfect for ad-hoc data lookups, administrative tasks, or quick tests, giving you direct control over your database operations.