Skip to main content
All CollectionsTemplatesAdvanced
Monitor an Outlook Mailbox for Phishing with VirusTotal - Workflow Template
Monitor an Outlook Mailbox for Phishing with VirusTotal - Workflow Template

Scan messages arriving to a specific folder in Outlook with VirusTotal for malicious URLs and files. Update the label on email results.

Updated over 7 months ago

This workflow template focuses on securing business email communications by continuously monitoring a designated Outlook mailbox for phishing threats. When new emails are identified, the template triggers a precise sequence of actions. First, it changes the email label to "Scan-Started," then leverages VirusTotal to scrutinize URLs, attachments, and email header IP reputations for suspicious or malicious content. Based on the findings, it updates email categories with verdicts like "Suspicious" or "Malicious" and promptly notifies the sender with a comprehensive scan report once the analysis is complete. This proactive approach enhances email security and cyber resilience in real-time.

Trigger

Scheduled Event

Optional Triggers

Webhook

Use Cases

Phishing

Workflow Breakdown

  1. Change the label to Scan-Started on new messages that are found.

  2. Retrieve URLs, attachments and headers that are part of the message and scan with VirusTotal.

  3. Use VirusTotal findings to append the suspicious or malicious data to return to the user.

  4. Update email categories on the message in the folder with the resulting verdict.

  5. Send a response message to the originator of the message when the scan is complete.

Vendors

Utils, VirusTotal, Microsoft Outlook, Microsoft 365

Workflow Output

Success/Failure via email back to originating user.

Tips

Set the desire labels in the \"Steps\" variable step, Workflow will create the labels if they don't exist. ","Setup an Outlook rule that moves specific messages to the folder to scan and update the label on the message to \"Not-Scanned\

Did this answer your question?