Skip to main content
All CollectionsTemplatesAdvanced
Monitor and Handle Mailbox Folder for Phishing via IMAP - Workflow Template
Monitor and Handle Mailbox Folder for Phishing via IMAP - Workflow Template

Monitor and handle emails in an Inbox folder and scan the URLs and attachments via VirusTotal. Report back via Slack and send email result.

Updated over a week ago

This Torq workflow template helps safeguard businesses by monitoring mailbox folders for phishing threats. Once an IMAP trigger detects new emails in a specific folder, the workflow extracts URLs and attachments, analyzing them with VirusTotal. Results indicating whether content is safe or potentially malicious are then communicated via email and a designated Slack channel. This proactive approach ensures early threat detection, keeping organizational communication channels secure.

Trigger

IMAP

Use Cases

Phishing

Workflow Breakdown

  1. Setup IMAP trigger to retrieve emails in a specific folder

  2. Get all URLs included in the email and make them unique

  3. Scan all URLs and attachments(under 32MB) in the email with VirusTotal

  4. Send an email response back the user and Slack channel on results of the scan

Vendors

Slack, Utils, VirusTotal, Email

Workflow Output

Success/Failure via Email/Slack

Tips

Setup IMAP trigger based on the Torq Documentation at https://docs.torq.io/how-to-guides/use-an-imap-trigger

Did this answer your question?