Phishing Analysis: URLScan.io and VirusTotal
detail.loadingPreview
Analyzes potential phishing URLs using URLScan.io and VirusTotal for enhanced cybersecurity.
🚀Ready to Deploy This Workflow?
About This Workflow
Overview
This n8n workflow is engineered to enhance cybersecurity measures by analyzing potential phishing URLs using URLScan.io and VirusTotal. It is designed to automatically process and evaluate URLs from incoming messages for malicious content.
This workflow is tuned specifically for Outlook, but you can replace outlook with your mail provider of choice.
The workflow can be initiated manually or scheduled to run automatically, ensuring consistent checks against phishing threats. By integrating with leading cybersecurity tools, it provides a comprehensive analysis, strengthening your organization's defense against phishing attacks.
Key Features
- Automatically identifies and extracts URLs from email bodies.
- Scans extracted URLs using URLScan.io for detailed website analysis.
- Fetches threat intelligence reports from VirusTotal for identified URLs.
- Integrates with Slack to send summarized analysis reports.
- Can be triggered manually or on a schedule.
How To Use
- Configure Credentials: Set up credentials for Microsoft Outlook (for fetching emails), URLScan.io, VirusTotal, and Slack.
- Set Environment Variables: Define necessary environment variables such as
BASE_URLandWEBHOOK_URL. - Adjust Email Node: If not using Outlook, replace the
Microsoft Outlooknode with your preferred email provider node. - Customize Slack Message: Modify the
Slacknode's text to tailor the notification content and target channel. - Schedule Trigger: Configure the
Schedule Triggernode for desired execution frequency or trigger manually.
Apps Used
Workflow JSON
{
"id": "1a27670e-337e-4530-9be2-ab1b9bf96981",
"name": "Phishing Analysis: URLScan.io and VirusTotal",
"nodes": 0,
"category": "Security Automation",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 1a27670e-337e...
About the Author
DevOps_Master_X
Infrastructure Expert
Specializing in CI/CD pipelines, Docker, and Kubernetes automations.
Statistics
Verification Info
Related Workflows
Discover more workflows you might like
Email Phishing Detection and Jira Ticketing
Detects phishing emails and creates Jira tickets for them.
Crowdstrike Detections to Jira and Slack
Analyzes Crowdstrike detections, searches for IOCs in VirusTotal, creates Jira tickets, and posts notifications to Slack.
Venafi Slack CertBot (Community Contributed - Unverified)
Automate CSR generation and certificate management via Slack, integrating with Venafi and Virustotal.
Community Contributed: Palo Alto Security Advisories Monitor
Monitors Palo Alto security advisories for specific keywords and notifies relevant parties.
Qualys Reports to The Hive Case
Fetches Qualys scan reports and creates cases in The Hive.
Receive and Analyze Emails with Rules in Sublime Security
Ingest emails, analyze attachments using Sublime Security, and report findings to Slack.