This Torq workflow template provides an automated solution for phishing detection and response within a Gmail inbox. The process is activated by an incoming webhook notification. It begins by setting up Gmail message notifications and extracting message details. Each message and its attachments are sent to VirusTotal for security scanning. Messages are then labeled in Gmail based on the scan results—safe messages are labeled as "Scanned," while those with detected threats are marked as "Malicious" or "Suspicious." This proactive approach supports cyber threat defense and bolsters email security protocols for businesses.

Trigger

Webhook

Use Cases

Phishing

Workflow Breakdown

Setup notifications of messages to a Gmail inbox via an incoming webhook
Extract the message and lookup label ids
Scan the message and attachments by sending to VirusTotal
If no Malicious or Suspicious results are found, label message as Scanned
If Malicious or Suspicious are found label the message

Vendors

GCP, Scripting, Utils, VirusTotal, HTTP, Gmail

Workflow Output

Update labels on each message that is scanned

Tips

Setup Push notifications with Gmail.","Documentation at https://developers.google.com/gmail/api/guides/push

Monitor and Handle Mailbox Folder for Phishing via IMAP - Workflow Template

Monitor an Outlook Mailbox for Phishing with Recorded Future - Workflow Template

Monitor an Outlook Mailbox for Phishing via Graph Subscription - Workflow Template

Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2 - Workflow Template

Monitor an Outlook Mailbox for Phishing with VirusTotal - Workflow Template