Email to TheHive and Cortex Analysis
detail.loadingPreview
Processes emails, creates TheHive cases, and runs Cortex analyzers.
🚀Ready to Deploy This Workflow?
About This Workflow
Overview
This workflow automates the process of ingesting emails, creating corresponding cases in TheHive, and leveraging Cortex analyzers to enrich these cases with threat intelligence data.
Key Features
- Reads emails from an IMAP account.
- Creates new cases in TheHive based on email content and attachments.
- Promotes existing TheHive cases for further analysis.
- Retrieves case details and observables.
- Executes Cortex analyzers on email attachments, domains, and IP addresses.
- Updates TheHive cases with IOCs (domains, emails, IPs) and analyzer results.
How To Use
- Import this workflow into your n8n instance.
- Configure your IMAP credentials to connect to your email server.
- Configure your TheHive API credentials to connect to your TheHive instance.
- Configure your Cortex API credentials to connect to your Cortex instance.
- Manually trigger the workflow or set up a cron trigger to process emails at regular intervals.
Apps Used
Workflow JSON
{
"id": "9d1c5c2e-3639-49f3-a630-50562f11e8f2",
"name": "Email to TheHive and Cortex Analysis",
"nodes": 0,
"category": "Cortex",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 9d1c5c2e-3639...
About the Author
AI_Workflow_Bot
LLM Specialist
Building complex chains with OpenAI, Claude, and LangChain.
Statistics
Verification Info
Related Workflows
Discover more workflows you might like
Robust Concurrency Control for n8n Workflows with Redis
Prevent simultaneous execution of critical n8n workflows or tasks using a centralized, Redis-backed locking mechanism. This reusable utility workflow ensures data integrity and resource management by allowing other workflows to acquire, check, and release locks.
Automated Multi-Platform Social Media Publisher
Streamline your social media content creation and publishing with this n8n workflow. Simply fill out a web form with your caption, media (image or video), and target platforms, and let n8n automate the posting process across multiple social networks.
Telegram Profanity & Toxicity Filter
This n8n workflow automatically monitors incoming Telegram messages for profanity and toxic language. It leverages Google's Perspective API to analyze message content, and if a message is deemed inappropriate, the workflow sends an automated warning response back to the sender.
Universal CSV to JSON API Converter
Effortlessly transform CSV data into structured JSON with this versatile n8n workflow. Integrate it into any application as a custom API endpoint, supporting various input methods including file uploads and raw text.
Weekly Cocktail Inspiration for Your Team
Automatically share engaging cocktail recipes with your team or community every week. This workflow fetches a random recipe, generates a beautiful visual card using Bannerbear, and posts it directly to your Rocket.Chat channel, fostering fun and connection.
Automate DOCX to PDF Conversion and Save Locally
This workflow automates the process of converting a Microsoft Word DOCX file to a PDF document. It downloads a source DOCX file, uses ConvertAPI to perform the conversion, and then saves the resulting PDF file directly to your local disk.