Analyse des verdachtigen E-Mail-Inhalts mit ChatGPT Vision
Experte
Dies ist ein AI, SecOps-Bereich Automatisierungsworkflow mit 18 Nodes. Hauptsächlich werden Set, Code, Jira, HttpRequest, GmailTrigger und andere Nodes verwendet, kombiniert mit KI-Technologie für intelligente Automatisierung. Analyse des verdaechtigen E-Mail Inhalts mit ChatGPT Vision
Voraussetzungen
- •Möglicherweise sind Ziel-API-Anmeldedaten erforderlich
- •Google-Konto + Gmail API-Anmeldedaten
- •OpenAI API Key
Verwendete Nodes (18)
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"nodes": [
{
"id": "1bad6bfc-9ec9-48a5-b8f7-73c4de3d08cf",
"name": "Gmail-Trigger",
"type": "n8n-nodes-base.gmailTrigger",
"position": [
1480,
160
],
"parameters": {
"simple": false,
"filters": {},
"options": {},
"pollTimes": {
"item": [
{
"mode": "everyMinute"
}
]
}
},
"credentials": {
"gmailOAuth2": {
"id": "kkhNhqKpZt6IUZd0",
"name": " Gmail"
}
},
"typeVersion": 1.2
},
{
"id": "9ac747a1-4fd8-46ba-b4c1-75fd17aab2ed",
"name": "Microsoft Outlook Trigger",
"type": "n8n-nodes-base.microsoftOutlookTrigger",
"disabled": true,
"position": [
1480,
720
],
"parameters": {
"fields": [
"body",
"toRecipients",
"subject",
"bodyPreview"
],
"output": "fields",
"filters": {},
"options": {},
"pollTimes": {
"item": [
{
"mode": "everyMinute"
}
]
}
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "vTCK0oVQ0WjFrI5H",
"name": " Outlook Credential"
}
},
"typeVersion": 1
},
{
"id": "5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b",
"name": "HTML-Screenshot",
"type": "n8n-nodes-base.httpRequest",
"position": [
2520,
480
],
"parameters": {
"url": "https://hcti.io/v1/image",
"method": "POST",
"options": {},
"sendBody": true,
"sendQuery": true,
"authentication": "genericCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "html",
"value": "={{ $json.htmlBody }}"
}
]
},
"genericAuthType": "httpBasicAuth",
"queryParameters": {
"parameters": [
{}
]
}
},
"credentials": {
"httpBasicAuth": {
"id": "8tm8mUWmPvtmPFPk",
"name": "hcti.io"
}
},
"typeVersion": 4.2
},
{
"id": "fc770d1d-6c18-4d14-8344-1dc042464df6",
"name": "Screenshot abrufen",
"type": "n8n-nodes-base.httpRequest",
"position": [
2700,
480
],
"parameters": {
"url": "={{ $json.url }}",
"options": {},
"authentication": "genericCredentialType",
"genericAuthType": "httpBasicAuth"
},
"credentials": {
"httpBasicAuth": {
"id": "8tm8mUWmPvtmPFPk",
"name": "hcti.io"
}
},
"typeVersion": 4.2
},
{
"id": "2f3e5cc0-24e8-450a-898b-71e2d6f7bb58",
"name": "Outlook-Variablen setzen",
"type": "n8n-nodes-base.set",
"position": [
2020,
720
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "38bd3db2-1a8d-4c40-a2dd-336e0cc84224",
"name": "htmlBody",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.body.content }}"
},
{
"id": "13bdd95b-ef02-486e-b38b-d14bd05a4a8a",
"name": "headers",
"type": "string",
"value": "={{ $json}}"
},
{
"id": "20566ad4-7eb7-42b1-8a0d-f8b759610f10",
"name": "subject",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.subject }}"
},
{
"id": "7171998f-a5a2-4e23-946a-9c1ad75710e7",
"name": "recipient",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.toRecipients[0].emailAddress.address }}"
},
{
"id": "cc262634-2470-4524-8319-abe2518a6335",
"name": "textBody",
"type": "string",
"value": "={{ $('Retrieve Headers of Email').item.json.body.content }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "374e5b16-a666-4706-9fd2-762b2927012d",
"name": "Gmail Variablen setzen",
"type": "n8n-nodes-base.set",
"position": [
2040,
160
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "38bd3db2-1a8d-4c40-a2dd-336e0cc84224",
"name": "htmlBody",
"type": "string",
"value": "={{ $json.html }}"
},
{
"id": "18fbcf78-6d3c-4036-b3a2-fb5adf22176a",
"name": "headers",
"type": "string",
"value": "={{ $json.headers }}"
},
{
"id": "1d690098-be2a-4604-baf8-62f314930929",
"name": "subject",
"type": "string",
"value": "={{ $json.subject }}"
},
{
"id": "8009f00a-547f-4eb1-b52d-2e7305248885",
"name": "recipient",
"type": "string",
"value": "={{ $json.to.text }}"
},
{
"id": "1932e97d-b03b-4964-b8bc-8262aaaa1f7a",
"name": "textBody",
"type": "string",
"value": "={{ $json.text }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "3166738e-d0a3-475b-8b19-51afd519ee3a",
"name": "E-Mail-Header abrufen",
"type": "n8n-nodes-base.httpRequest",
"position": [
1680,
720
],
"parameters": {
"url": "=https://graph.microsoft.com/v1.0/me/messages/{{ $json.id }}?$select=internetMessageHeaders,body",
"options": {},
"sendHeaders": true,
"authentication": "predefinedCredentialType",
"headerParameters": {
"parameters": [
{
"name": "Accept",
"value": "application/json"
},
{
"name": "Prefer",
"value": "outlook.body-content-type=\"text\""
}
]
},
"nodeCredentialType": "microsoftOutlookOAuth2Api"
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "vTCK0oVQ0WjFrI5H",
"name": " Outlook Credential"
}
},
"typeVersion": 4.2
},
{
"id": "25ae222c-088f-4565-98d6-803c8c1b0826",
"name": "Header formatieren",
"type": "n8n-nodes-base.code",
"position": [
1860,
720
],
"parameters": {
"jsCode": "const input = $('Retrieve Headers of Email').item.json.internetMessageHeaders;\n\nconst result = input.reduce((acc, { name, value }) => {\n if (!acc[name]) acc[name] = [];\n acc[name].push(value);\n return acc;\n}, {});\n\nreturn result;"
},
"typeVersion": 2
},
{
"id": "8f14f267-1074-43ea-968d-26a6ab36fd7b",
"name": "E-Mail-Variablen setzen",
"type": "n8n-nodes-base.set",
"position": [
2360,
480
],
"parameters": {
"options": {},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "45d156aa-91f4-483c-91d4-c9de4a4f595d",
"name": "ChatGPT Analyse",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
3100,
480
],
"parameters": {
"text": "=Describe this image. Determine if the email could be a phishing email. The message headers are as follows:\n{{ $('Set Email Variables').item.json.headers }}\n\nFormat the response for Jira who uses a wiki-style renderer. Do not include ``` around your response.",
"modelId": {
"__rl": true,
"mode": "list",
"value": "chatgpt-4o-latest",
"cachedResultName": "CHATGPT-4O-LATEST"
},
"options": {
"maxTokens": 1500
},
"resource": "image",
"inputType": "base64",
"operation": "analyze"
},
"credentials": {
"openAiApi": {
"id": "76",
"name": "OpenAi account"
}
},
"typeVersion": 1.6
},
{
"id": "62ca591b-6627-496c-96a7-95cb0081480d",
"name": "Jira Ticket erstellen",
"type": "n8n-nodes-base.jira",
"position": [
3500,
480
],
"parameters": {
"project": {
"__rl": true,
"mode": "list",
"value": "10001",
"cachedResultName": "Support"
},
"summary": "=Phishing Email Reported: \"{{ $('Set Email Variables').item.json.subject }}\"",
"issueType": {
"__rl": true,
"mode": "list",
"value": "10008",
"cachedResultName": "Task"
},
"additionalFields": {
"description": "=A phishing email was reported by {{ $('Set Email Variables').item.json.recipient }} with the subject line \"{{ $('Set Email Variables').item.json.subject }}\" and body:\n{{ $('Set Email Variables').item.json.textBody }}\n\\\\\n\\\\\n\\\\\nh2. Here is ChatGPT's analysis of the email:\n{{ $json.content }}"
}
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "BZmmGUrNIsgM9fDj",
"name": "New Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "071380c8-8070-4f8f-86c6-87c4ee3bc261",
"name": "Screenshot umbenennen",
"type": "n8n-nodes-base.code",
"position": [
3680,
480
],
"parameters": {
"mode": "runOnceForEachItem",
"jsCode": "$('Retrieve Screenshot').item.binary.data.fileName = 'emailScreenshot.png'\n\nreturn $('Retrieve Screenshot').item;"
},
"typeVersion": 2
},
{
"id": "05c57490-c1ee-48f0-9e38-244c9a995e22",
"name": "E-Mail-Screenshot in Jira hochladen",
"type": "n8n-nodes-base.jira",
"position": [
3860,
480
],
"parameters": {
"issueKey": "={{ $('Create Jira Ticket').item.json.key }}",
"resource": "issueAttachment"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "BZmmGUrNIsgM9fDj",
"name": "New Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "be02770d-a943-41f5-98a9-5c433a6a3dbf",
"name": "Notizzettel",
"type": "n8n-nodes-base.stickyNote",
"position": [
1420,
-107.36679523834897
],
"parameters": {
"color": 7,
"width": 792.3026315789474,
"height": 426.314163659402,
"content": "\n## Gmail Integration and Data Extraction\n\nThis section of the workflow connects to a Gmail account using the **Gmail Trigger** node, capturing incoming emails in real-time, with checks performed every minute. Once an email is detected, its key components—such as the subject, recipient, body, and headers—are extracted and assigned to variables using the **Set Gmail Variables** node. These variables are structured for subsequent analysis and processing in later steps."
},
"typeVersion": 1
},
{
"id": "c1d2f691-669a-46de-9ef8-59ce4e6980c5",
"name": "Notizzettel 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1420,
380.6918768014301
],
"parameters": {
"color": 7,
"width": 792.3026315789474,
"height": 532.3344389880435,
"content": "\n## Microsoft Outlook Integration and Email Header Processing\n\nThis section connects to a Microsoft Outlook account to monitor incoming emails using the **Microsoft Outlook Trigger** node, which checks for new messages every minute. Emails are then processed to retrieve detailed headers and body content via the **Retrieve Headers of Email** node. The headers are structured into a user-friendly format using the **Format Headers** code node, ensuring clarity for further analysis. Key details, including the email's subject, recipient, and body content, are assigned to variables with the **Set Outlook Variables** node for streamlined integration into subsequent workflow steps."
},
"typeVersion": 1
},
{
"id": "c189e2e0-9f51-4bc0-a483-8b7f0528be70",
"name": "Notizzettel 2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2287.3684210526317,
46.18421052631584
],
"parameters": {
"color": 7,
"width": 580.4605263157906,
"height": 615.460526315789,
"content": "\n## HTML Screenshot Generation and Email Visualization\n\nThis section processes an email’s HTML content to create a visual representation, useful for documentation or phishing detection workflows. The **Set Email Variables** node organizes the email's HTML body into a format ready for processing. The **Screenshot HTML** node sends this HTML content to the **hcti.io** API, which generates a screenshot of the email's layout. The **Retrieve Screenshot** node then fetches the image URL for further use in the workflow. This setup ensures that the email's appearance is preserved in a visually accessible format, simplifying review and reporting. Keep in mind however that this exposes the email content to a third party. If you self host n8n, you can deploy a cli tool to rasterize locally instead."
},
"typeVersion": 1
},
{
"id": "9076f9e9-f4fb-409a-9580-1ae459094c31",
"name": "Notizzettel 3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2880,
123.72476075009968
],
"parameters": {
"color": 7,
"width": 507.82894736842223,
"height": 537.9199760920052,
"content": "\n## AI-Powered Email Analysis with ChatGPT\n\nThis section leverages AI to analyze email content and headers for phishing indicators. The **ChatGPT Analysis** node utilizes the ChatGPT-4 model to review the email screenshot and associated metadata, including message headers. It generates a detailed report indicating whether the email might be a phishing attempt. The output is formatted specifically for Jira’s wiki-style renderer, making it ready for seamless integration into ticketing workflows. This ensures thorough and automated email threat assessments."
},
"typeVersion": 1
},
{
"id": "ca2488af-e787-4675-802a-8b4f2d845376",
"name": "Notizzettel 4",
"type": "n8n-nodes-base.stickyNote",
"position": [
3400,
122.88662032580646
],
"parameters": {
"color": 7,
"width": 692.434210526317,
"height": 529.5475902005091,
"content": "\n## Automated Jira Ticket Creation for Phishing Reports\n\nThis section streamlines the process of reporting phishing emails by automatically creating detailed Jira tickets. The **Create Jira Ticket** node compiles email information, including the subject, recipient, body text, and ChatGPT's phishing analysis, into a structured ticket. The **Rename Screenshot** node ensures that the email screenshot file is appropriately labeled for attachment. Finally, the **Upload Screenshot of Email to Jira** node attaches the email’s visual representation to the ticket, providing additional context for the security team. This integration ensures that phishing reports are logged with all necessary details, enabling efficient tracking and resolution."
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"Gmail Trigger": {
"main": [
[
{
"node": "374e5b16-a666-4706-9fd2-762b2927012d",
"type": "main",
"index": 0
}
]
]
},
"25ae222c-088f-4565-98d6-803c8c1b0826": {
"main": [
[
{
"node": "2f3e5cc0-24e8-450a-898b-71e2d6f7bb58",
"type": "main",
"index": 0
}
]
]
},
"5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b": {
"main": [
[
{
"node": "fc770d1d-6c18-4d14-8344-1dc042464df6",
"type": "main",
"index": 0
}
]
]
},
"45d156aa-91f4-483c-91d4-c9de4a4f595d": {
"main": [
[
{
"node": "62ca591b-6627-496c-96a7-95cb0081480d",
"type": "main",
"index": 0
}
]
]
},
"071380c8-8070-4f8f-86c6-87c4ee3bc261": {
"main": [
[
{
"node": "05c57490-c1ee-48f0-9e38-244c9a995e22",
"type": "main",
"index": 0
}
]
]
},
"62ca591b-6627-496c-96a7-95cb0081480d": {
"main": [
[
{
"node": "071380c8-8070-4f8f-86c6-87c4ee3bc261",
"type": "main",
"index": 0
}
]
]
},
"fc770d1d-6c18-4d14-8344-1dc042464df6": {
"main": [
[
{
"node": "45d156aa-91f4-483c-91d4-c9de4a4f595d",
"type": "main",
"index": 0
}
]
]
},
"8f14f267-1074-43ea-968d-26a6ab36fd7b": {
"main": [
[
{
"node": "5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b",
"type": "main",
"index": 0
}
]
]
},
"374e5b16-a666-4706-9fd2-762b2927012d": {
"main": [
[
{
"node": "8f14f267-1074-43ea-968d-26a6ab36fd7b",
"type": "main",
"index": 0
}
]
]
},
"2f3e5cc0-24e8-450a-898b-71e2d6f7bb58": {
"main": [
[
{
"node": "8f14f267-1074-43ea-968d-26a6ab36fd7b",
"type": "main",
"index": 0
}
]
]
},
"9ac747a1-4fd8-46ba-b4c1-75fd17aab2ed": {
"main": [
[
{
"node": "3166738e-d0a3-475b-8b19-51afd519ee3a",
"type": "main",
"index": 0
}
]
]
},
"3166738e-d0a3-475b-8b19-51afd519ee3a": {
"main": [
[
{
"node": "25ae222c-088f-4565-98d6-803c8c1b0826",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Experte - Künstliche Intelligenz, Sicherheitsbetrieb
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
Verwende ChatGPT, um beschäftigte E-Mail-Inhalte zu analysieren und zu kategorisieren
Verwenden Sie ChatGPT zur Analyse und Klassifizierung verdächtiger E-Mail-Inhalte
If
Set
Code
+
If
Set
Code
25 NodesAngel Menendez
Künstliche Intelligenz
Analyse von Gmail-Email-Headern zur Erkennung von IP-Reputations- und Tricksendungen
Gmail-Header analysieren, um IP-Reputationsverlust und Betrug zu erkennen
If
Set
Code
+
If
Set
Code
40 NodesAngel Menendez
Sicherheitsbetrieb
Analyse von Outlook-Email-Headern zur Erkennung von IP-Reputations- und Tricksendungen
Outlook-Header analysieren, um IP-Reputationsverlust und Betrug zu erkennen
If
Set
Code
+
If
Set
Code
41 NodesAngel Menendez
Sicherheitsbetrieb
Sicherheitsbetrieb mit Qualys Slack-Shortcuts-Bot verbessern
Betriebseffizienz im IT-Sicherheitsbereich durch Qualys Slack-Quick-Bot steigern
Set
Switch
Webhook
+
Set
Switch
Webhook
23 NodesAngel Menendez
Künstliche Intelligenz
CallForge - 03 - Gong-Transkriptionsverarbeiter und Salesforce-Verbesserer
CallForge - 03 - Gong-Transkriptionsverarbeiter und Salesforce-Enhancer
Set
Code
Merge
+
Set
Code
Merge
23 NodesAngel Menendez
Vertrieb
HRMate-Reparatur
Kandidatenscreening mit LlamaIndex und GPT-4o-mini automatisieren, um personalisierte E-Mail-Antworten zu generieren
If
Set
Code
+
If
Set
Code
30 NodesKhairul Muhtadin
Personalwesen
Workflow-Informationen
Schwierigkeitsgrad
Experte
Anzahl der Nodes18
Kategorie2
Node-Typen8
Autor
Angel Menendez
@djangelicAngel Menendez is a Staff Developer Advocate at n8n.io, specializing in low-code tools for cybersecurity workflows. From Puerto Rico, Angel's tech journey began by helping his father translate technical books. He later started a web development business and transitioned from a career as a flight attendant to cybersecurity engineering. His workflows have saved companies significant time. Outside work, Angel enjoys time with his two sons, riding electric bikes, reading, and exploring new places.
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen