Notify_user_in_Slack_of_quarantined_email_and_create_Jira_ticket_if_opened

Target Audience

• IT Security Teams: Responsible for monitoring and responding to email threats.
• Help Desk Personnel: Need to manage user inquiries regarding quarantined emails.
• Jira Users: Teams using Jira for incident tracking and management.
• Slack Users: Teams that utilize Slack for internal communications and alerts.

Problem Solved

This workflow addresses the challenge of notifying users about potentially malicious emails that have been quarantined. It ensures that users are informed promptly if they have opened an email before it was flagged, allowing for quick resolution and investigation of potential threats.

Workflow Steps

1. Receive Alert: The workflow is triggered by a webhook from Sublime Security when an email is flagged.
2. Fetch Email Details: It retrieves detailed information about the flagged email using Sublime Security's API.
3. Check Email Status: The workflow checks if the flagged email has been opened by the recipient.
4. Create Jira Ticket: If the email has been opened, a Jira ticket is generated for further investigation, including detailed information about the email.
5. Lookup Slack User: The workflow attempts to find the recipient's Slack username based on their email address.
6. Notify User: If the user is found in Slack, a notification is sent to inform them about the quarantined email, including details such as the sender's name and email, subject line, and instructions for further action.
7. No Action if Not Found: If the user is not found in Slack, the workflow does nothing further.