This workflow template monitors an Outlook mailbox for potential phishing threats through Microsoft Graph subscriptions. Upon the arrival of new messages, it employs VirusTotal for comprehensive analysis of URLs, attachments, and message headers. Based on the findings from VirusTotal, it classifies and updates the message categories, then communicates the analysis results back to the message originator. This proactive approach to identifying and responding to phishing attempts is crucial for maintaining email security within an organization.
Trigger
Microsoft 365 Graph Subscription
Use Cases
Phishing
Workflow Breakdown
On trigger from the webhook on a new message, change the label to Sacn-Started on the new message.
Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal
Use VirusTotal findings to append the suspicious or malicious data to return to the user
Update the email categories on the message in the folder with the resulting verdict.
Send a response message to the originator of the message when the analysis is complete
Vendors
Utils, VirusTotal, Microsoft Outlook, Microsoft 365
Workflow Output
Analysis information via email back to the originating user and labels on the mailbox message with the verdict.