Skip to main content

Monitor and Handle Mailbox Folder for Phishing via IMAP - Workflow Template

Monitor and handle emails in an Inbox folder and scan the URLs and attachments via VirusTotal. Report back via Slack and send email result.

Updated over a year ago

This Torq workflow template helps safeguard businesses by monitoring mailbox folders for phishing threats. Once an IMAP trigger detects new emails in a specific folder, the workflow extracts URLs and attachments, analyzing them with VirusTotal. Results indicating whether content is safe or potentially malicious are then communicated via email and a designated Slack channel. This proactive approach ensures early threat detection, keeping organizational communication channels secure.

Take Me to the Template

Trigger

IMAP

Use Cases

Phishing

Workflow Breakdown

  1. Setup IMAP trigger to retrieve emails in a specific folder

  2. Get all URLs included in the email and make them unique

  3. Scan all URLs and attachments(under 32MB) in the email with VirusTotal

  4. Send an email response back the user and Slack channel on results of the scan

Vendors

Slack, Utils, VirusTotal, Email

Workflow Output

Success/Failure via Email/Slack

Tips

Setup IMAP trigger based on the Torq Documentation at https://docs.torq.io/how-to-guides/use-an-imap-trigger

Related Articles
Monitor and Handle Gmail Mailbox for Phishing (Gmail) - Workflow Template
Monitor an Outlook Mailbox for Phishing via Graph Subscription - Workflow Template
Workflow Template: VirusTotal URL Enrichment with Cache
Monitor and Handle a Gmail Mailbox for Phishing Using OAuth2 - Workflow Template
Monitor an Outlook Mailbox for Phishing with VirusTotal - Workflow Template
Did this answer your question?