This workflow template focuses on securing business email communications by continuously monitoring a designated Outlook mailbox for phishing threats. When new emails are identified, the template triggers a precise sequence of actions. First, it changes the email label to "Scan-Started," then leverages VirusTotal to scrutinize URLs, attachments, and email header IP reputations for suspicious or malicious content. Based on the findings, it updates email categories with verdicts like "Suspicious" or "Malicious" and promptly notifies the sender with a comprehensive scan report once the analysis is complete. This proactive approach enhances email security and cyber resilience in real-time.
Trigger
Scheduled Event
Optional Triggers
Webhook
Use Cases
Phishing
Workflow Breakdown
Change the label to Scan-Started on new messages that are found.
Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal.
Use VirusTotal findings to append the suspicious or malicious data to return to the user.
Update email categories on the message in the folder with the resulting verdict.
Send a response message to the originator of the message when the scan is complete.
Vendors
Utils, VirusTotal, Microsoft Outlook, Microsoft 365
Workflow Output
Success/Failure via email back to originating user.
Tips
Set the desire labels in the \"Steps\" variable step, Workflow will create the labels if they don't exist. ","Setup an Outlook rule that moves specific messages to the folder to scan and update the label on the message to \"Not-Scanned\