Automated Phishing URL Analysis with URLScan.io & VirusTotal
detail.loadingPreview
This workflow automatically analyzes suspicious URLs found in emails, leveraging URLScan.io and VirusTotal for comprehensive threat intelligence. It marks emails as read and reports findings to Slack, streamlining your security operations.
About This Workflow
The "Phishing Analysis: URLScan.io and VirusTotal" workflow is a powerful tool for enhancing your security posture by automating the detection and analysis of potentially malicious URLs. It integrates seamlessly with Microsoft Outlook to fetch email content, extracts potential URLs using an IOC finder, and then submits them to both URLScan.io and VirusTotal for in-depth examination. The workflow intelligently retrieves and consolidates reports from these services, providing crucial insights into the safety of the scanned URLs. Any identified indicators of compromise are meticulously gathered, and a concise summary of the findings, including direct links to the reports and threat verdicts, is delivered to a designated Slack channel. Furthermore, the workflow marks the analyzed email as read, ensuring efficient management of your inbox and security alerts.
Key Features
- Automated URL Extraction: Identifies and extracts URLs from email content using robust IOC finding capabilities.
- Dual Threat Intelligence: Leverages the strengths of both URLScan.io and VirusTotal for comprehensive URL analysis.
- Detailed Reporting: Gathers scan IDs, report URLs, and threat verdicts from both services.
- Slack Notifications: Delivers a summarized analysis directly to your team via Slack for immediate action.
- Email Triage: Automatically marks analyzed emails as read to streamline inbox management.
How To Use
- Trigger Configuration: Choose between the 'Schedule Trigger' for regular scans or the 'Manual Trigger' for on-demand analysis.
- Email Input: Configure the workflow to receive email data, either through an Outlook trigger or by manually providing email content.
- URL Extraction: The 'Find indicators of compromise' node will automatically extract URLs from the email body.
- URLScan.io Scan: The 'URLScan: Scan URL' node submits the extracted URL for analysis. A 'continueOnFail' is set for resilience.
- VirusTotal Scan & Report: The 'VirusTotal: Scan URL' node submits the URL for analysis, and 'VirusTotal: Get report' retrieves the results.
- URLScan.io Report Retrieval: The 'URLScan: Get report' node fetches the detailed report from URLScan.io.
- Conditional Logic: Use the 'Has URL?' and 'No error?' IF nodes to ensure that analysis proceeds only when URLs are found and errors are handled gracefully.
- Data Filtering: The 'Not empty?' FILTER node ensures only valid data proceeds to the reporting stage.
- Slack Notification: Configure the 'sends slack message' node with your Slack channel and desired message format to receive the analysis summary.
- Email Marking: The 'Mark as read' node ensures the analyzed email is updated in your inbox.
Apps Used
Workflow JSON
{
"id": "3ddd5335-6eb2-48a0-bcad-7000157fe1e7",
"name": "Automated Phishing URL Analysis with URLScan.io & VirusTotal",
"nodes": 8,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 3ddd5335-6eb2...
About the Author
DevOps_Master_X
Infrastructure Expert
Specializing in CI/CD pipelines, Docker, and Kubernetes automations.
Statistics
Related Workflows
Discover more workflows you might like
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.
Robust Concurrency Control for n8n Workflows with Redis
Prevent simultaneous execution of critical n8n workflows or tasks using a centralized, Redis-backed locking mechanism. This reusable utility workflow ensures data integrity and resource management by allowing other workflows to acquire, check, and release locks.