Get Started
Screenshot of n8n workflow
PRO TEMPLATE
Automate Gmail and Outlook Phishing Triage
4
Views
0
Downloads
25
Nodes
Download Template
Pro required
Preview Template
Utility Rating
8 / 10
Business Function
IT
Automation Orchestrator
n8n
Integrations
OpenAI
Microsoft Outlook
Microsoft Graph
Jira Software Cloud
HTML/CSS to Image
Gmail
Trigger Type
On app event
Approx setup time ≈ 75 min
Need help setting up this template?
Ask in our Futurise Pro community
About
Community
Courses
Events
Members
Templates

How to Automate Gmail and Outlook Phishing Triage?

Leon Petrou
PRO TEMPLATE
Automate Gmail and Outlook Phishing Triage
4
Views
0
Downloads
25
Nodes
Download Template
Pro required
Preview Template
Utility Rating
8 / 10
Business Function
IT
Automation Orchestrator
n8n
Integrations
OpenAI
Microsoft Outlook
Microsoft Graph
Jira Software Cloud
HTML/CSS to Image
Gmail
Trigger Type
On app event
Approximate setup time ≈ 75 minutes
Need help setting up this template?
Ask in our Futurise Pro community

Description

Security and IT teams get a faster way to handle suspicious emails. The system watches Gmail and Outlook, reviews each new message, and decides if it looks like phishing. It opens a Jira ticket with the AI decision, a screenshot of the email, and a text copy for clear records.

New emails arrive through Gmail Trigger and Microsoft Outlook Trigger every minute. Outlook headers and body are pulled from Microsoft Graph and formatted, while Gmail details are mapped to the same fields. The flow standardizes the data, turns the HTML into a text file and a full screenshot using HTML CSS to Image, then sends the body and headers to OpenAI for scoring. A check node routes the result to either a malicious or benign Jira ticket, and both the screenshot and the text file are attached automatically with the ticket ID tracked for uploads.

You will need accounts for all connected tools and the right permissions in each system. Teams usually cut review time from many minutes per email to just a few, while keeping proof and context in one place. It fits shared phishing inboxes, abuse reporting, and help desk intake to security. Use the Tools Required section for account links, then add credentials in n8n.

Copy link

Tools Required

OpenAI
Sign up
Pay-as-you-go: GPT-5 at $1.25 per 1M input tokens and $10 per 1M output tokens
n8n
Sign up
$24 / mo or $20 / mo billed annually to use n8n in the cloud. However, the local or self-hosted n8n Community Edition is free.
Microsoft Outlook
Sign up
Exchange Online (Plan 1): $4.00 user / mo (annual billing)
Microsoft Graph
Sign up
Exchange Online (Plan 1): $4.00 user / mo (annual)
Jira Software Cloud
Sign up
Free plan: $0 / mo (up to 10 users); REST API access via API token available on Free and paid plans
HTML/CSS to Image
Sign up
Free plan: $0 / mo, 50 images / mo
Gmail
Sign up
No cost: Personal Gmail (Gmail API has no usage-based pricing; quotas apply)

What this workflow does?

  • Watches Gmail and Microsoft Outlook for new emails every minute.
  • Pulls headers and body from Microsoft Graph and formats them for clear review.
  • Maps Gmail and Outlook data into the same fields for a single analysis path.
  • Creates a screenshot of the HTML email using HTML CSS to Image.
  • Converts the email body to a plain text file for search and audit.
  • Uses OpenAI to analyze headers and HTML body and returns a structured JSON result.
  • Routes outcomes with a check node to malicious or benign ticket paths.
  • Creates Jira tickets with detailed summaries and AI findings.
  • Uploads the screenshot and text file to the right Jira issue using the tracked ticket ID.

What are the benefits?

  • Reduce manual review from 15 minutes per email to 2 minutes
  • Automate up to 90 percent of phishing triage steps
  • Improve evidence capture with both screenshot and text files
  • Connect Gmail, Outlook, OpenAI, Jira and HTML CSS to Image in one flow
  • Handle 10 times more reports without adding staff
  • Increase report consistency with structured headers in Jira

How to set this up?

  1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
  2. You'll need accounts with Gmail, Microsoft Outlook, Microsoft Graph, OpenAI, Jira Software Cloud and HTML/CSS to Image. See the Tools Required section above for links to create accounts with these services.
  3. In the n8n credentials manager, create Gmail OAuth2 credentials. Double click the Gmail Trigger node, choose your credential, and follow the on screen steps to connect the mailbox that receives phishing reports.
  4. Create Microsoft Outlook OAuth2 credentials in n8n and allow Mail.Read permission. Assign this credential to both the Microsoft Outlook Trigger and the Retrieve Headers of Email HTTP Request node.
  5. Open the Microsoft Outlook Trigger and set the folder and fields to include body, toRecipients, subject, and bodyPreview. Confirm the poll time is every minute.
  6. Open the Retrieve Headers of Email node and confirm the URL uses the message id, and that Accept application/json and Prefer outlook.body-content-type text are set.
  7. Create an OpenAI API credential in n8n using your API key from the OpenAI account page. In the Analyze Email with ChatGPT node, pick this credential and keep the model set to GPT-4o.
  8. Create Jira Software Cloud credentials in n8n using your Atlassian email and an API token from your Atlassian account. In both Jira nodes, select the correct project and issue type.
  9. Create HTML CSS to Image Basic Auth credentials in n8n using your hcti.io user id and API key. Assign them to both Screenshot HTML and Retrieve Screenshot nodes.
  10. Review the Set nodes to ensure subject, recipient, headers, htmlBody, and text body are correctly mapped for both Gmail and Outlook paths.
  11. Run a test by sending one safe email and one phishing sample to each inbox. Confirm Jira creates the right ticket type and that both the screenshot and the text file appear as attachments.
  12. If you see errors: for OpenAI 401, check the API key and model; for Microsoft Graph 403, verify permissions; for Jira attachment failures, check project permissions and issue key; for blank screenshots, confirm the htmlBody variable is set before the Screenshot HTML node.

Need help or want to customize this?

Ask in the Futurise Pro Community.

Similar Templates

n8n
IT
Automate Slack and Gmail Threat Reports
Collect risky links and IPs from a simple form or a webhook, scan them with trusted security sources, and send clear results to your team in Slack and email. It fits security and IT teams that need quick answers without giving everyone access to full threat tools. The flow starts with two intake options: a form trigger for easy internal use and a webhook for API submissions. An item list splits batches, then a check decides if each entry is an IP or a domain. Domains are resolved to IPs using Google Public DNS so every record has a clean IP. The system submits URLs to VirusTotal, waits, and polls until results are ready. It also checks each IP with GreyNoise and RIOT. Results are merged by IP, summarized, and pushed to Gmail and Slack so the team can act fast. Plan for a VirusTotal API key and a GreyNoise enterprise API key, plus Slack and Gmail access. Expect faster triage, fewer copy paste steps, and a repeatable intake path that anyone in your company can use. Common uses include help desk tickets with suspicious links, vendor scans during onboarding, and quick checks before allowing new domains through a firewall.
11 views
view
n8n
IT
Automate Telegram and Gmail Proxmox Management
Turn chat, email, and web requests into safe Proxmox actions. Teams can ask in plain language to start or stop VMs, check cluster status, or change settings. Great for IT teams that want faster operations and less time in the UI. Messages from Telegram, Gmail, a chat interface, or a webhook feed into an AI agent. The model reads your request along with Proxmox API docs and wiki to plan the right call. A structured parser forces a clean JSON output with method, URL, and body fields. Switch and If nodes route that request to the correct Proxmox HTTP endpoint with a secure header token. Results are merged, cleaned, and explained in simple words so anyone can understand the outcome. Setup needs a Proxmox API token with proper rights and a Google Gemini API key. Update the base API URL to your host and pick your model. Expect faster ticket handling, fewer console logins, and clear audit trails. Ideal for chat based help desk, weekend duty handoffs, or safe self service for trusted users.
2 views
view
n8n
IT
Automate Multi-Channel SSL Certificate Alerts with Sheets, Gmail, and Telegram
Keep an eye on SSL certificate expiry across all your sites without manual checks. The workflow reads a list of domains, checks their SSL status, and alerts your team well before anything expires. It suits IT admins, web teams, and agencies that manage many websites. A weekly schedule runs at the time you set and loads URLs from a Google Sheet. Each domain is sent to an SSL check API to pull the host, expiry date, and days left. Results are written back to the sheet so you have a simple view of current status. A switch groups each site into invalid, warning under 30 days, notice under 60 days, or info for healthy. Alerts go out by Gmail with clear subject lines, plus optional Telegram and Ntfy messages for fast response. This makes follow up easy and keeps everyone on the same page. Create the sheet with a URL column, connect Google Sheets and Gmail in n8n Cloud, and add your Telegram bot and chat if you want chat alerts. Expect fewer outages and less panic work because the team sees risks weeks in advance. Good for company sites, client portfolios, and any service that cannot afford expired certificates.
10 views
view
See More Templates

These templates were sourced from publicly available materials across the web, including n8n’s official website, YouTube and public GitHub repositories. We have consolidated and categorized them for easy search and filtering, and supplemented them with links to integrations, step-by-step setup instructions, and personalized support in the Futurise community. Content in this library is provided for education, evaluation and internal use. Users are responsible for checking and complying with the license terms with the author of the templates before commercial use or redistribution.Where an original author was identified, attribution has been provided. Some templates did not include author information. If you know who created this template, please let us know so we can add the appropriate credit and reference link. If you are the author and would like this template removed from the library, email us at info@futurise.com and we will remove it promptly.