AI Phishing Detector & Jira Reporter Agent

Unlock Automated Security Triage with this AI Agent

This n8n AI Agent empowers you to automatically detect potential phishing emails from Gmail or Outlook, analyze them using OpenAI's advanced vision and language capabilities, and report them by creating comprehensive tickets in Jira. Stop wasting time manually screening suspicious emails and let this agent handle the initial threat assessment and documentation.

Key Features & Benefits

• Dual Email Source Triggering: Connects to either Gmail or Microsoft Outlook to monitor incoming emails in real-time (checks every minute).
• Intelligent Phishing Detection: Leverages OpenAI's GPT-4o model to analyze email content, headers, and a visual screenshot of the email for sophisticated phishing indicators.
• Automated Jira Ticketing: Automatically creates a new Jira ticket for each suspected phishing email, pre-filled with the subject, sender, recipient, email body text, and the AI's detailed analysis.
• Visual Context: Generates a screenshot of the HTML email body using the hcti.io API and attaches it to the Jira ticket, providing crucial visual evidence for your security team.
• Header Analysis: Extracts and includes email headers in the AI analysis and Jira ticket, offering deeper insights for investigation.
• Customizable & Extensible: Easily adapt the AI prompts, Jira project details, or extend the workflow with further notification or remediation steps within n8n.
• Streamlined Security Operations: Frees up your team from tedious manual checks, allowing them to focus on verified threats and strategic security initiatives.

• An n8n instance (Cloud or self-hosted).
• OpenAI API Key with access to a vision-capable model (e.g., GPT-4o).
• Gmail account credentials (OAuth2) if using the Gmail trigger.
• Microsoft Outlook account credentials (OAuth2) if using the Outlook trigger.
• Jira Cloud API credentials (API token and user email) and details for your target project and issue type.
• hcti.io account credentials (User ID and API Key for Basic Authentication) for the HTML-to-image feature.

1. Download the n8n workflow JSON file.
2. Import the workflow into your n8n instance.
3. Choose your email source: By default, the 'Gmail Trigger' is active. If you want to use Outlook, disable the 'Gmail Trigger' and enable the 'Microsoft Outlook Trigger'.
4. Configure Email Trigger & Data Extraction:
   • If using Gmail: In the 'Gmail Trigger' node, select or create your Gmail OAuth2 credentials. The 'Set Gmail Variables' node is pre-configured to extract necessary email data.
   • If using Outlook: In the 'Microsoft Outlook Trigger' node, select or create your Microsoft Outlook OAuth2 credentials. In the 'Retrieve Headers of Email' node, select or create the same Microsoft Outlook OAuth2 credentials. The 'Format Headers' and 'Set Outlook Variables' nodes are pre-configured.
5. Configure HTML Screenshot Node: In the 'Screenshot HTML' node (and 'Retrieve Screenshot' node), select or create HTTP Basic Auth credentials for your hcti.io account (User ID and API Key).
6. Configure AI Analysis Node: In the 'ChatGPT Analysis' node, select or create your OpenAI API credentials. Ensure a vision-capable model like 'chatgpt-4o-latest' is selected. You can customize the prompt for analysis if needed.
7. Configure Jira Integration Nodes:
   • In the 'Create Jira Ticket' node, select or create your Jira Cloud API credentials. Choose your target Jira Project and Issue Type. Customize the ticket summary and description fields using the available expressions.
   • In the 'Upload Screenshot of Email to Jira' node, select or create the same Jira Cloud API credentials.
8. (Optional) Review the 'Set Email Variables' node. It correctly routes data from your chosen email source (Gmail or Outlook) to the subsequent steps. No changes are typically needed here.
9. Activate the workflow. Test thoroughly by sending a sample email to the monitored account to ensure tickets are created as expected.