Skip to main content
All CollectionsTemplatesAdvanced
Monitor an Outlook Mailbox for Phishing with Recorded Future - Workflow Template
Monitor an Outlook Mailbox for Phishing with Recorded Future - Workflow Template

Scan messages arriving to a specific folder in Outlook with Recorded Future for malicious urls and files. Update category on email results.

Updated over a week ago

This workflow template, "Monitor an Outlook Mailbox for Phishing with Recorded Future," streamlines the process of identifying and responding to potential phishing threats in an Outlook mailbox. Scheduled to trigger at regular intervals, it scans specified messages for malicious URLs, attachments, and headers. Upon discovery, Recorded Future's advanced threat intelligence analyzes the items. If a threat is detected, the message is appropriately labeled and a notification is sent back to the sender. By integrating with Recorded Future and Microsoft Outlook, this workflow enhances email security and automates the analysis of potential phishing attacks, supporting vigilant cybersecurity practices within the organization.

Use Cases

Phishing

Workflow Breakdown

  1. Setup a scheduled trigger to scan a mailbox folder on an interval

  2. Change the label on the message to Scan-Started when analysis starts

  3. Retrieve all urls, message headers and top level attachments that are part of the message and scan with Recorded Future

  4. Also extract all message headers and send to Recorded Future for analysis

  5. Use findings from Recorded Future to label message with the verdict found if Malicious, Suspicious, or Phishing

  6. Send a message to the originating user based on the findings from Recorded Future

Vendors

Utils, HTTP, Microsoft Outlook, Microsoft 365, Recorded Future, Recorded Future Sandbox

Workflow Output

Email results back to the original user and update the message category in the inbound mailbox.

Tips

Label categories are automatically added to the mailbox

Did this answer your question?