Usar ChatGPT Vision para analizar el contenido sospechoso de correos electrónicos
Avanzado
Este es unAI, SecOpsflujo de automatización del dominio deautomatización que contiene 18 nodos.Utiliza principalmente nodos como Set, Code, Jira, HttpRequest, GmailTrigger, combinando tecnología de inteligencia artificial para lograr automatización inteligente. Usar ChatGPT Vision para analizar el contenido de correos electrónicos sospechosos
Requisitos previos
- •Pueden requerirse credenciales de autenticación para la API de destino
- •Cuenta de Google y credenciales de API de Gmail
- •Clave de API de OpenAI
Nodos utilizados (18)
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"nodes": [
{
"id": "1bad6bfc-9ec9-48a5-b8f7-73c4de3d08cf",
"name": "Disparador de Gmail",
"type": "n8n-nodes-base.gmailTrigger",
"position": [
1480,
160
],
"parameters": {
"simple": false,
"filters": {},
"options": {},
"pollTimes": {
"item": [
{
"mode": "everyMinute"
}
]
}
},
"credentials": {
"gmailOAuth2": {
"id": "kkhNhqKpZt6IUZd0",
"name": " Gmail"
}
},
"typeVersion": 1.2
},
{
"id": "9ac747a1-4fd8-46ba-b4c1-75fd17aab2ed",
"name": "Microsoft Outlook Trigger",
"type": "n8n-nodes-base.microsoftOutlookTrigger",
"disabled": true,
"position": [
1480,
720
],
"parameters": {
"fields": [
"body",
"toRecipients",
"subject",
"bodyPreview"
],
"output": "fields",
"filters": {},
"options": {},
"pollTimes": {
"item": [
{
"mode": "everyMinute"
}
]
}
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "vTCK0oVQ0WjFrI5H",
"name": " Outlook Credential"
}
},
"typeVersion": 1
},
{
"id": "5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b",
"name": "Screenshot HTML",
"type": "n8n-nodes-base.httpRequest",
"position": [
2520,
480
],
"parameters": {
"url": "https://hcti.io/v1/image",
"method": "POST",
"options": {},
"sendBody": true,
"sendQuery": true,
"authentication": "genericCredentialType",
"bodyParameters": {
"parameters": [
{
"name": "html",
"value": "={{ $json.htmlBody }}"
}
]
},
"genericAuthType": "httpBasicAuth",
"queryParameters": {
"parameters": [
{}
]
}
},
"credentials": {
"httpBasicAuth": {
"id": "8tm8mUWmPvtmPFPk",
"name": "hcti.io"
}
},
"typeVersion": 4.2
},
{
"id": "fc770d1d-6c18-4d14-8344-1dc042464df6",
"name": "Retrieve Screenshot",
"type": "n8n-nodes-base.httpRequest",
"position": [
2700,
480
],
"parameters": {
"url": "={{ $json.url }}",
"options": {},
"authentication": "genericCredentialType",
"genericAuthType": "httpBasicAuth"
},
"credentials": {
"httpBasicAuth": {
"id": "8tm8mUWmPvtmPFPk",
"name": "hcti.io"
}
},
"typeVersion": 4.2
},
{
"id": "2f3e5cc0-24e8-450a-898b-71e2d6f7bb58",
"name": "Establecer Outlook Variables",
"type": "n8n-nodes-base.set",
"position": [
2020,
720
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "38bd3db2-1a8d-4c40-a2dd-336e0cc84224",
"name": "htmlBody",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.body.content }}"
},
{
"id": "13bdd95b-ef02-486e-b38b-d14bd05a4a8a",
"name": "headers",
"type": "string",
"value": "={{ $json}}"
},
{
"id": "20566ad4-7eb7-42b1-8a0d-f8b759610f10",
"name": "subject",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.subject }}"
},
{
"id": "7171998f-a5a2-4e23-946a-9c1ad75710e7",
"name": "recipient",
"type": "string",
"value": "={{ $('Microsoft Outlook Trigger').item.json.toRecipients[0].emailAddress.address }}"
},
{
"id": "cc262634-2470-4524-8319-abe2518a6335",
"name": "textBody",
"type": "string",
"value": "={{ $('Retrieve Headers of Email').item.json.body.content }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "374e5b16-a666-4706-9fd2-762b2927012d",
"name": "Establecer Gmail Variables",
"type": "n8n-nodes-base.set",
"position": [
2040,
160
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "38bd3db2-1a8d-4c40-a2dd-336e0cc84224",
"name": "htmlBody",
"type": "string",
"value": "={{ $json.html }}"
},
{
"id": "18fbcf78-6d3c-4036-b3a2-fb5adf22176a",
"name": "headers",
"type": "string",
"value": "={{ $json.headers }}"
},
{
"id": "1d690098-be2a-4604-baf8-62f314930929",
"name": "subject",
"type": "string",
"value": "={{ $json.subject }}"
},
{
"id": "8009f00a-547f-4eb1-b52d-2e7305248885",
"name": "recipient",
"type": "string",
"value": "={{ $json.to.text }}"
},
{
"id": "1932e97d-b03b-4964-b8bc-8262aaaa1f7a",
"name": "textBody",
"type": "string",
"value": "={{ $json.text }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "3166738e-d0a3-475b-8b19-51afd519ee3a",
"name": "Retrieve Headers of Correo electrónico",
"type": "n8n-nodes-base.httpRequest",
"position": [
1680,
720
],
"parameters": {
"url": "=https://graph.microsoft.com/v1.0/me/messages/{{ $json.id }}?$select=internetMessageHeaders,body",
"options": {},
"sendHeaders": true,
"authentication": "predefinedCredentialType",
"headerParameters": {
"parameters": [
{
"name": "Accept",
"value": "application/json"
},
{
"name": "Prefer",
"value": "outlook.body-content-type=\"text\""
}
]
},
"nodeCredentialType": "microsoftOutlookOAuth2Api"
},
"credentials": {
"microsoftOutlookOAuth2Api": {
"id": "vTCK0oVQ0WjFrI5H",
"name": " Outlook Credential"
}
},
"typeVersion": 4.2
},
{
"id": "25ae222c-088f-4565-98d6-803c8c1b0826",
"name": "Format Headers",
"type": "n8n-nodes-base.code",
"position": [
1860,
720
],
"parameters": {
"jsCode": "const input = $('Retrieve Headers of Email').item.json.internetMessageHeaders;\n\nconst result = input.reduce((acc, { name, value }) => {\n if (!acc[name]) acc[name] = [];\n acc[name].push(value);\n return acc;\n}, {});\n\nreturn result;"
},
"typeVersion": 2
},
{
"id": "8f14f267-1074-43ea-968d-26a6ab36fd7b",
"name": "Establecer Email Variables",
"type": "n8n-nodes-base.set",
"position": [
2360,
480
],
"parameters": {
"options": {},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "45d156aa-91f4-483c-91d4-c9de4a4f595d",
"name": "ChatGPT Analysis",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
3100,
480
],
"parameters": {
"text": "=Describe this image. Determine if the email could be a phishing email. The message headers are as follows:\n{{ $('Set Email Variables').item.json.headers }}\n\nFormat the response for Jira who uses a wiki-style renderer. Do not include ``` around your response.",
"modelId": {
"__rl": true,
"mode": "list",
"value": "chatgpt-4o-latest",
"cachedResultName": "CHATGPT-4O-LATEST"
},
"options": {
"maxTokens": 1500
},
"resource": "image",
"inputType": "base64",
"operation": "analyze"
},
"credentials": {
"openAiApi": {
"id": "76",
"name": "OpenAi account"
}
},
"typeVersion": 1.6
},
{
"id": "62ca591b-6627-496c-96a7-95cb0081480d",
"name": "Create Jira Ticket",
"type": "n8n-nodes-base.jira",
"position": [
3500,
480
],
"parameters": {
"project": {
"__rl": true,
"mode": "list",
"value": "10001",
"cachedResultName": "Support"
},
"summary": "=Phishing Email Reported: \"{{ $('Set Email Variables').item.json.subject }}\"",
"issueType": {
"__rl": true,
"mode": "list",
"value": "10008",
"cachedResultName": "Task"
},
"additionalFields": {
"description": "=A phishing email was reported by {{ $('Set Email Variables').item.json.recipient }} with the subject line \"{{ $('Set Email Variables').item.json.subject }}\" and body:\n{{ $('Set Email Variables').item.json.textBody }}\n\\\\\n\\\\\n\\\\\nh2. Here is ChatGPT's analysis of the email:\n{{ $json.content }}"
}
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "BZmmGUrNIsgM9fDj",
"name": "New Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "071380c8-8070-4f8f-86c6-87c4ee3bc261",
"name": "Rename Screenshot",
"type": "n8n-nodes-base.code",
"position": [
3680,
480
],
"parameters": {
"mode": "runOnceForEachItem",
"jsCode": "$('Retrieve Screenshot').item.binary.data.fileName = 'emailScreenshot.png'\n\nreturn $('Retrieve Screenshot').item;"
},
"typeVersion": 2
},
{
"id": "05c57490-c1ee-48f0-9e38-244c9a995e22",
"name": "Upload Screenshot of Correo electrónico to Jira",
"type": "n8n-nodes-base.jira",
"position": [
3860,
480
],
"parameters": {
"issueKey": "={{ $('Create Jira Ticket').item.json.key }}",
"resource": "issueAttachment"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "BZmmGUrNIsgM9fDj",
"name": "New Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "be02770d-a943-41f5-98a9-5c433a6a3dbf",
"name": "Nota adhesiva",
"type": "n8n-nodes-base.stickyNote",
"position": [
1420,
-107.36679523834897
],
"parameters": {
"color": 7,
"width": 792.3026315789474,
"height": 426.314163659402,
"content": "\n## Gmail Integration and Data Extraction\n\nThis section of the workflow connects to a Gmail account using the **Gmail Trigger** node, capturing incoming emails in real-time, with checks performed every minute. Once an email is detected, its key components—such as the subject, recipient, body, and headers—are extracted and assigned to variables using the **Set Gmail Variables** node. These variables are structured for subsequent analysis and processing in later steps."
},
"typeVersion": 1
},
{
"id": "c1d2f691-669a-46de-9ef8-59ce4e6980c5",
"name": "Nota adhesiva1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1420,
380.6918768014301
],
"parameters": {
"color": 7,
"width": 792.3026315789474,
"height": 532.3344389880435,
"content": "\n## Microsoft Outlook Integration and Email Header Processing\n\nThis section connects to a Microsoft Outlook account to monitor incoming emails using the **Microsoft Outlook Trigger** node, which checks for new messages every minute. Emails are then processed to retrieve detailed headers and body content via the **Retrieve Headers of Email** node. The headers are structured into a user-friendly format using the **Format Headers** code node, ensuring clarity for further analysis. Key details, including the email's subject, recipient, and body content, are assigned to variables with the **Set Outlook Variables** node for streamlined integration into subsequent workflow steps."
},
"typeVersion": 1
},
{
"id": "c189e2e0-9f51-4bc0-a483-8b7f0528be70",
"name": "Nota adhesiva2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2287.3684210526317,
46.18421052631584
],
"parameters": {
"color": 7,
"width": 580.4605263157906,
"height": 615.460526315789,
"content": "\n## HTML Screenshot Generation and Email Visualization\n\nThis section processes an email’s HTML content to create a visual representation, useful for documentation or phishing detection workflows. The **Set Email Variables** node organizes the email's HTML body into a format ready for processing. The **Screenshot HTML** node sends this HTML content to the **hcti.io** API, which generates a screenshot of the email's layout. The **Retrieve Screenshot** node then fetches the image URL for further use in the workflow. This setup ensures that the email's appearance is preserved in a visually accessible format, simplifying review and reporting. Keep in mind however that this exposes the email content to a third party. If you self host n8n, you can deploy a cli tool to rasterize locally instead."
},
"typeVersion": 1
},
{
"id": "9076f9e9-f4fb-409a-9580-1ae459094c31",
"name": "Nota adhesiva3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2880,
123.72476075009968
],
"parameters": {
"color": 7,
"width": 507.82894736842223,
"height": 537.9199760920052,
"content": "\n## AI-Powered Email Analysis with ChatGPT\n\nThis section leverages AI to analyze email content and headers for phishing indicators. The **ChatGPT Analysis** node utilizes the ChatGPT-4 model to review the email screenshot and associated metadata, including message headers. It generates a detailed report indicating whether the email might be a phishing attempt. The output is formatted specifically for Jira’s wiki-style renderer, making it ready for seamless integration into ticketing workflows. This ensures thorough and automated email threat assessments."
},
"typeVersion": 1
},
{
"id": "ca2488af-e787-4675-802a-8b4f2d845376",
"name": "Nota adhesiva4",
"type": "n8n-nodes-base.stickyNote",
"position": [
3400,
122.88662032580646
],
"parameters": {
"color": 7,
"width": 692.434210526317,
"height": 529.5475902005091,
"content": "\n## Automated Jira Ticket Creation for Phishing Reports\n\nThis section streamlines the process of reporting phishing emails by automatically creating detailed Jira tickets. The **Create Jira Ticket** node compiles email information, including the subject, recipient, body text, and ChatGPT's phishing analysis, into a structured ticket. The **Rename Screenshot** node ensures that the email screenshot file is appropriately labeled for attachment. Finally, the **Upload Screenshot of Email to Jira** node attaches the email’s visual representation to the ticket, providing additional context for the security team. This integration ensures that phishing reports are logged with all necessary details, enabling efficient tracking and resolution."
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"Gmail Trigger": {
"main": [
[
{
"node": "Set Gmail Variables",
"type": "main",
"index": 0
}
]
]
},
"25ae222c-088f-4565-98d6-803c8c1b0826": {
"main": [
[
{
"node": "Set Outlook Variables",
"type": "main",
"index": 0
}
]
]
},
"5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b": {
"main": [
[
{
"node": "fc770d1d-6c18-4d14-8344-1dc042464df6",
"type": "main",
"index": 0
}
]
]
},
"45d156aa-91f4-483c-91d4-c9de4a4f595d": {
"main": [
[
{
"node": "62ca591b-6627-496c-96a7-95cb0081480d",
"type": "main",
"index": 0
}
]
]
},
"071380c8-8070-4f8f-86c6-87c4ee3bc261": {
"main": [
[
{
"node": "Upload Screenshot of Email to Jira",
"type": "main",
"index": 0
}
]
]
},
"62ca591b-6627-496c-96a7-95cb0081480d": {
"main": [
[
{
"node": "071380c8-8070-4f8f-86c6-87c4ee3bc261",
"type": "main",
"index": 0
}
]
]
},
"fc770d1d-6c18-4d14-8344-1dc042464df6": {
"main": [
[
{
"node": "45d156aa-91f4-483c-91d4-c9de4a4f595d",
"type": "main",
"index": 0
}
]
]
},
"Set Email Variables": {
"main": [
[
{
"node": "5bf9b0e8-b84e-44a2-aad2-45dde3e4ab1b",
"type": "main",
"index": 0
}
]
]
},
"Set Gmail Variables": {
"main": [
[
{
"node": "Set Email Variables",
"type": "main",
"index": 0
}
]
]
},
"Set Outlook Variables": {
"main": [
[
{
"node": "Set Email Variables",
"type": "main",
"index": 0
}
]
]
},
"9ac747a1-4fd8-46ba-b4c1-75fd17aab2ed": {
"main": [
[
{
"node": "Retrieve Headers of Email",
"type": "main",
"index": 0
}
]
]
},
"Retrieve Headers of Email": {
"main": [
[
{
"node": "25ae222c-088f-4565-98d6-803c8c1b0826",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Avanzado - Inteligencia Artificial, Operaciones de seguridad
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
Analizar y clasificar contenido de sospechosos de correos electrónicos con ChatGPT
Usar ChatGPT para analizar y clasificar contenido de correos sospechosos
If
Set
Code
+
If
Set
Code
25 NodosAngel Menendez
Inteligencia Artificial
Analizar encabezados de Gmail para detectar reputación de IP y suplantación de identidad
Analizar encabezados de Gmail para detectar reputación de IP y phishing
If
Set
Code
+
If
Set
Code
40 NodosAngel Menendez
Operaciones de seguridad
Analizar encabezados de Outlook para detectar reputación de IP y suplantación de identidad
Analizar encabezados de Outlook para detectar reputación de IP y phishing
If
Set
Code
+
If
Set
Code
41 NodosAngel Menendez
Operaciones de seguridad
Usar el bot rápido de seguridad de Qualys en Slack para potenciar las operaciones de seguridad
a través deQualys Slack快捷bot提升安全运维效率
Set
Switch
Webhook
+
Set
Switch
Webhook
23 NodosAngel Menendez
Inteligencia Artificial
CallForge - 03 - Procesador de transcripciones de Gong y potenciador de Salesforce
CallForge - 03 - Procesador de transcripciones de Gong y potenciador de Salesforce
Set
Code
Merge
+
Set
Code
Merge
23 NodosAngel Menendez
Ventas
Corrección de HRMate
Automatización del cribado de candidatos con LlamaIndex y GPT-4o-mini, generando respuestas de correo personalizadas
If
Set
Code
+
If
Set
Code
30 NodosKhairul Muhtadin
Recursos Humanos
Información del flujo de trabajo
Nivel de dificultad
Avanzado
Número de nodos18
Categoría2
Tipos de nodos8
Descripción de la dificultad
Autor
Angel Menendez
@djangelicAngel Menendez is a Staff Developer Advocate at n8n.io, specializing in low-code tools for cybersecurity workflows. From Puerto Rico, Angel's tech journey began by helping his father translate technical books. He later started a web development business and transitioned from a career as a flight attendant to cybersecurity engineering. His workflows have saved companies significant time. Outside work, Angel enjoys time with his two sons, riding electric bikes, reading, and exploring new places.
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo