Who is this workflow for? This n8n workflow automates the response to potentially malicious emails flagged by Sublime Security. It not only notifies the relevant users in Slack about quarantined emails but also creates detailed Jira tickets if the email has been opened, ensuring a streamlined incident management process..

What does this workflow do?

  • Webhook Trigger: The workflow initiates when Sublime Security sends a POST request to the webhook URL, signaling that an email has been quarantined.
  • Extract Email Details: An HTTP Request node retrieves detailed information about the quarantined email using the provided messageId.
  • Parallel Processing: The workflow splits into two simultaneous paths:

  • Slack Notification Path:

    • Lookup Slack User: Searches for the Slack user associated with the email recipient’s address.
    • Send Notification: If a matching Slack user is found, a message is sent informing them about the quarantined email, including the email’s subject and sender details.

  • Jira Ticket Creation Path:

    • Check Email Status: Evaluates the read_at timestamp from Sublime Security to determine if the email has been opened.
    • Prepare Issue Details: If the email was opened, compiles a summary table of the flagged security rules.
    • Create Jira Issue: Generates a new issue in Jira Software containing the email’s subject, sender, recipient, and the summarized flagged rules for further investigation.
  • Error Handling: The workflow includes checks to handle cases where the Slack user lookup fails or Jira issue creation encounters issues, such as requiring a node replacement.

🤖 Why Use This Automation Workflow?

  • Enhanced Security Response: Automatically alerts users about suspicious emails, enabling prompt awareness and action.
  • Efficient Incident Tracking: Automatically generates Jira tickets for opened malicious emails, facilitating organized tracking and resolution.
  • Seamless Integration: Connects Sublime Security, Slack, and Jira, reducing manual intervention and minimizing response time.

👨‍💻 Who is This Workflow For?

This workflow is ideal for IT security teams, system administrators, and organizations that utilize Sublime Security for email protection and rely on Slack for team communication and Jira for issue tracking. It is designed for users seeking to enhance their email security incident response with automation.

🎯 Use Cases

  1. Immediate User Notification: When a user receives a potentially harmful email, they are instantly informed via Slack, allowing them to take necessary precautions.
  2. Automated Incident Logging: If a quarantined email is opened, the workflow automatically logs the incident in Jira, ensuring all security events are recorded and addressed.
  3. Security Compliance: Maintains comprehensive records of security incidents and user notifications, aiding in compliance and auditing processes.

TL;DR

This n8n workflow seamlessly integrates Sublime Security with Slack and Jira to enhance your email security incident response. By automatically notifying users of quarantined emails and creating detailed Jira tickets for opened incidents, it streamlines communication and ensures efficient tracking and resolution of potential security threats.

Get started with n8n
Need help with n8n?

Related

Automate Local File Management Using AI Solutions

Streamline file management with AI, enhance organization, and simplify directory structuring using key features of this n8n template. 

  • 502
  • 14

Reddit AI Digest Automation Workflow

Streamline your Reddit summaries using AI. Automate post curation and content analysis with this efficient n8n workflow template. 

  • 602
  • 26

Retrieve GitHub Repository Community Profiles Using n8n

Access GitHub community profiles quickly. Automate data retrieval and streamline analysis with n8n's powerful integration features. 

  • 536
  • 25

Help us find the best n8n templates

About

A curated directory of the best n8n templates for workflow automations.

Navigation

Submit