Node-RED Flow: URL in Phishing E-mail To Cisco Threat Grid Submission 1.0.0

This flow checks an e-mail address and sends the URLs in e-mail messages to Threat Grid for analysis.

This Node Red flow uses the Cisco Threat Grid node. It uses IMAP or POP3 to check an e-mail address where potential Phishing e-mails are sent for analysis. The flow then parses the e-mail for URLs and submits them to Threat Grid for analysis. The submission information is stored in the DXL topic, /cisco/threatgrid/urlresults for future reference.

The Cisco Threat Grid URL Submission node can be install natively in Node Red or via npm install. The name is node-red-contrib-threatgrid-urlsubmit. It will need and API Key from Threat Grid to work.


The Node-RED flow content for this solution: