Skip to main content
All CollectionsTemplatesAdvanced
Monitor an Outlook Mailbox for Phishing via Graph Subscription - Workflow Template
Monitor an Outlook Mailbox for Phishing via Graph Subscription - Workflow Template

Analyze a message arriving to a mailbox in Outlook with VirusTotal for malicious and suspicious URLs and files. Update label on message.

Updated over a week ago

This workflow template addresses the critical task of safeguarding Outlook mailboxes from phishing threats. It automatically activates upon receiving a new message through a webhook, at which point the analysis for malicious content kicks off, powered by VirusTotal. This process scrutinizes URLs, attachments, and email headers to identify potential threats. Based on the findings, it updates the message labels to reflect the level of suspicion or threat and provides feedback to the sender. This proactive approach facilitates real-time detection of phishing attempts, helping protect sensitive data and maintain the integrity of business communications.

Trigger

Microsoft 365 Graph Subscription

Use Cases

Phishing

Workflow Breakdown

  1. On trigger from the webhook on a new message, change the label to Sacn-Started on the new message.

  2. Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal

  3. Use VirusTotal findings to append the suspicious or malicious data to return to the user

  4. Update the email categories on the message in the folder with the resulting verdict.

  5. Send a response message to the originator of the message when the analysis is complete

Vendors

Utils, VirusTotal, Microsoft Outlook, Microsoft 365

Workflow Output

Analysis information via email back to the originating user and labels on the mailbox message with the verdict.

Did this answer your question?