SOAR
Email Security
Threat Intelligence
Automation
PhishOps: Automated Phishing Incident Response Pipeline
End-to-end automated email threat analysis system on n8n. Extracts email artifacts, enriches IPs (AbuseIPDB) & URLs (VirusTotal), detects social engineering via heuristics, and delivers verdicts (Deliver/Investigate/Quarantine) with shift-aware SOC alerting integrated with Google Sheets.
n8n SOAR
VirusTotal API
AbuseIPDB
Heuristic Analysis
IMAP/Email Parsing
Shift-Aware Routing
Pipeline Architecture
Ingestion: IMAP / Webhook (EML/MSG)
Parsing: Custom JS Normalization Engine
Pre-filtering: Whitelisting (Preserve API Quota)
Enrichment: DNS (HackerTarget) + IP (AbuseIPDB) + URL (VirusTotal)
NLP: Social Engineering Keyword Detection
Scoring: Heuristic Risk Engine (0-100)
Routing: Switch Node (DELIVER / INVESTIGATE / QUARANTINE)
Detection Capabilities
SPF/DKIM/DMARC Authentication Analysis
Domain Alignment & Spoofing Detection
Malicious URL Detection (VirusTotal 70+ Engines)
IP Reputation Scoring (AbuseIPDB)
Social Engineering Linguistic Analysis (5 Categories)
Urgency & Time-Pressure Pattern Detection
Decision Engine (Heuristic Scoring)
Malicious URLs → +50 points
Bad IP Reputation (Score > 40) → +30 points
Social Engineering Detected → +20 points
SPF/DKIM Authentication Failure → +20 points
Score ≥ 70 → QUARANTINE
Score ≥ 30 → INVESTIGATE
Score < 30 → DELIVER
Integrations & Notifications
Google Sheets (Shift Schedule Sync)
Shift-Aware SOC Alerting (Automatic Analyst Routing)
User Notifications (Deliver / Quarantine Alerts)
SOC Report (HTML with IoCs & Full Forensics)
Rate Limiting & API Quota Optimization