Email Analysis with Sublime Security

Name: Email Analysis with Sublime Security
Rating: 5 (5 reviews)
Author: Free N8N

Advanced

25 nodes connected

detail.loadingPreview

Free N8N Temples

271 views

19 downloads

Securityautomationemailphishingsecurityslacksublime security

Automate email ingestion, attachment analysis via Sublime Security, and report findings to Slack.

About This Workflow

This workflow automates the process of ingesting emails, specifically those received in a designated phishing inbox (e.g., via Outlook's security features). It checks for attachments, sends them to Sublime Security for analysis, and then reports the findings (including matched and unmatched rules) to a Slack channel. If no attachment is found, a notification is sent to Slack.

Key Features

Email Ingestion: Uses IMAP to fetch emails, treating them as .eml attachments.
Attachment Detection: Identifies if an email contains an attachment.
Binary Data Handling: Moves and encodes binary attachment data for analysis.
Sublime Security Integration: Sends the raw email content to Sublime Security's API for threat analysis.
Rule Analysis: Parses Sublime Security's response to identify matched and unmatched detection rules.
Slack Notification: Reports analysis results to a specified Slack channel.
No Attachment Notification: Alerts Slack if an email lacks an attachment.

How To Use

Configure IMAP Trigger: Set up the Email Trigger (IMAP) node with your email account credentials (e.g., Outlook) to fetch emails from a specific inbox.
Attachment Check: The IF email has attachment node determines if an attachment is present. It checks if attachment_0 exists and if its MIME type is message/rfc822.
Binary Data Processing: If an attachment is found, Move Binary Data prepares it for the next step.
Sublime Security Analysis: The Analyze email with Sublime Security node sends the raw email message to the Sublime Security API for analysis. Ensure your Sublime Security bearer token credential is correctly configured.
Result Separation: The Split to matched and unmatched code node categorizes the analysis results based on whether rules matched.
Message Formatting: The Format the message node constructs a summary message for Slack, detailing the number of matched rules and their names.
Slack Notifications:
- The first Slack node sends the formatted message to the #test-matti-tomi channel if analysis was performed.
- The Notify about missing attachment node sends a notification to the same Slack channel if no attachment was found in the email.

Apps Used

automation

phishing

security

slack

sublime security

Workflow JSON

{
  "id": "52ac034f-375f-4e99-8e48-4aea62e988af",
  "name": "Email Analysis with Sublime Security",
  "nodes": 25,
  "category": "Security",
  "status": "active",
  "version": "1.0.0"
}

Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.

Get This Workflow

ID: 52ac034f-375f...

About the Author

SaaS_Connector

Integration Guru

Connecting CRM, Notion, and Slack to automate your life.

Statistics

Downloads19

Rating5/5

Get Custom Workflow

Need a specific automation? Our experts can build it for you.

Trusted by top companies
7+ years experience

Related Workflows

Discover more workflows you might like

Advanced

SecurityemailphishingAI

Automated Email Analysis and Jira Ticketing

Automates the analysis of incoming emails from Gmail and Outlook, classifies them for phishing risk using AI, and creates Jira tickets with relevant attachments.

28 nodes

189

View Workflow

Intermediate

Securityemailsecuritysublime-security