AI Phishing Detection & Jira Reporting Agent

Unlock Proactive Email Security with this AI Agent\nThis AI Agent automates the critical task of phishing detection and incident reporting. It monitors your Gmail or Outlook inboxes for new emails, then employs an advanced OpenAI model (GPT-4o) to perform in-depth email analysis, including content and headers. The agent possesses the ability of 'Phishing Detection' by scrutinizing emails for malicious indicators. If a threat is identified, or even if an email is deemed benign after analysis of a reported phishing attempt, it automatically creates a detailed ticket in Jira. This ticket includes the AI's analysis summary, a screenshot of the email for visual context (generated via hcti.io), and the full email body text. This AI-driven automation significantly reduces manual review time, accelerates response to potential threats, and ensures consistent, detailed incident logging for your security operations.\n\n### Key Features & Benefits\n* Automated Email Monitoring: Continuously checks Gmail and/or Microsoft Outlook for new emails.\n* AI-Powered Phishing Detection: Leverages OpenAI's GPT-4o for sophisticated analysis of email content and headers to identify phishing attempts.\n* Visual Context Generation: Automatically captures a screenshot of the email's HTML body using hcti.io.\n* Automated Jira Ticketing: Creates Jira tickets categorized by threat level (malicious/benign) based on AI analysis.\n* Comprehensive Reporting: Attaches the AI-generated summary, email screenshot, and full email body as a text file to each Jira ticket.\n* Increased Efficiency: Frees up your security team by automating the initial analysis and reporting process.\n* Faster Threat Response: Enables quicker identification and mitigation of phishing attacks.\n* Standardized Incident Logging: Ensures all relevant information is captured consistently in Jira for review and auditing.

• An n8n instance (Cloud or self-hosted).
• OpenAI API Key with access to a suitable model (e.g., gpt-4o is used in this template).
• Credentials for your email account (Gmail OAuth2 and/or Microsoft Outlook OAuth2).
• Jira Cloud API credentials.
• hcti.io API credentials (User ID and API Key for HTTP Basic Auth for HTML to Image screenshotting).

1. Download the n8n workflow JSON file.
2. Import the workflow into your n8n instance.
3. Configure the 'Gmail Trigger' or 'Microsoft Outlook Trigger' node with your email credentials. Disable the trigger node you are not using.
4. If using the 'Microsoft Outlook Trigger', ensure the 'Retrieve Headers of Email' node is also configured with your Microsoft Graph API credentials (typically the same OAuth2 credentials as the trigger).
5. Configure the 'Screenshot HTML' and 'Retrieve Screenshot' nodes with your hcti.io API credentials (HTTP Basic Auth using your hcti.io User ID and API Key).
6. In the 'Analyze Email with ChatGPT' node, select your OpenAI credential and choose your desired model (e.g., gpt-4o).
7. Review the system prompt in the 'Analyze Email with ChatGPT' node. Customize if needed, but ensure the JSON output structure ({"malicious": boolean, "summary": "string"}) is maintained for the 'Check if Malicious' IF node to function correctly.
8. Configure the 'Create Potentially Malicious Ticket' and 'Create Potentially Benign Ticket' Jira nodes: connect your Jira Cloud API credentials and select the appropriate Project and Issue Type for creating tickets.
9. The 'Upload Screenshot of Email to Jira' and 'Upload Email Body to Jira' nodes will use the Jira credentials and the Issue Key from the ticket creation step. Ensure they are correctly linked.
10. Activate the workflow.