This workflow template, "Monitor an Outlook Mailbox for Phishing with Recorded Future," streamlines the process of identifying and responding to potential phishing threats in an Outlook mailbox. Scheduled to trigger at regular intervals, it scans specified messages for malicious URLs, attachments, and headers. Upon discovery, Recorded Future's advanced threat intelligence analyzes the items. If a threat is detected, the message is appropriately labeled and a notification is sent back to the sender. By integrating with Recorded Future and Microsoft Outlook, this workflow enhances email security and automates the analysis of potential phishing attacks, supporting vigilant cybersecurity practices within the organization.
Use Cases
Phishing
Workflow Breakdown
Setup a scheduled trigger to scan a mailbox folder on an interval
Change the label on the message to Scan-Started when analysis starts
Retrieve all urls, message headers and top level attachments that are part of the message and scan with Recorded Future
Also extract all message headers and send to Recorded Future for analysis
Use findings from Recorded Future to label message with the verdict found if Malicious, Suspicious, or Phishing
Send a message to the originating user based on the findings from Recorded Future
Vendors
Utils, HTTP, Microsoft Outlook, Microsoft 365, Recorded Future, Recorded Future Sandbox
Workflow Output
Email results back to the original user and update the message category in the inbound mailbox.
Tips
Label categories are automatically added to the mailbox