Skip to main content
All CollectionsTemplatesIntermediate
Add Phishing Domain to CloudFlare ZeroTrust (IntSights) - Workflow Template
Add Phishing Domain to CloudFlare ZeroTrust (IntSights) - Workflow Template

Poll alerts in IntSights for High level Phishing issues. Ask a Slack channel if the domain should be added to the CloudFlare Zero Trust List

Updated over 6 months ago

This Torq workflow template automates the process of protecting an organization from high-level phishing threats. The daily scheduled workflow initiates by polling IntSights for phishing alerts. If any alerts are found, the workflow cross-references the domain with the CloudFlare Zero Trust block list. For new suspicious domains, it sends a message to a designated Slack channel requesting approval to block. Upon approval, the domain is added to the CloudFlare Zero Trust List, enhancing network security by preventing access to malicious sites. The completion of this action is then communicated back to the Slack channel.

Take Me to the Template

Use Cases

Phishing, Remediate Network Security Alerts

Workflow Breakdown

  1. Poll for high level Phishing events daily from IntSights

  2. If alerts are found, check if the domain is already blocked in CloudFlare Zero Trust

  3. Ask a Slack channel for approval to add domain to the CloudFlare Zero Trust List

  4. If approved, notify the channel when complete

Vendors

Slack, Utils, VirusTotal, HTTP, IntSights

Workflow Output

Success/Failure via Slack

Tips

Modify the first \"set workflow variable\" step for your integrations and CloudFlare information

Related Articles
IP Penalty Box with Timeout via Slack (Cloudflare) - Workflow Template
Block Domain Finding on PerceptionPoint (IntSights) - Workflow Template
Retrieve New Exploited Vulnerabilities from CISA - Workflow Template
Enable AWS S3 Bucket Versioning on Lacework Alert - Workflow Template
Handle Wiz Alert for Public Azure Container with Sensitive Data - Workflow Template
Did this answer your question?