Automatic triage of suspicious emails for threats

Takes incoming emails, opens an incident case, extracts the sender, domains and IPs and checks their reputation through threat analyzers — filing the results into the case.

  • Every email becomes a ready incident case
  • Auto-checks sender, domains and IPs against threat databases
  • Results collected in a single case
  • The analyst works from ready data, not from scratch
Email Trigger (IMAP)TheHive

How it works

Automating yandexPochta and Email Trigger (IMAP) takes no code: a ready-made scenario does the routine for you.

  1. Starts when: IMAP Email
  2. Then: TheHive
  3. Then: Create Case
  4. Then: Case
  5. Then: Wait
  6. Then: Observable
  7. Then: Analyzer Email
  8. Then: Cortex
  9. Check: IF
  10. If yes: Update Case Domain
  11. Then: OTX DOMAIN
  12. If yes: Update Case Email
  13. Then: Email Reputation
  14. If yes: Update Case Ip
  15. Then: OTX IP

You can launch this yandexPochta + Email Trigger (IMAP) integration in Scriptera: describe the task in plain words — the scenario is built, launched and monitored for you.