OpenDXL
Security Intelligence Sharing
This Node Red flow uses the Cisco Threat Grid node. It uses IMAP or POP3 to check an e-mail address where potential Phishing e-mails are sent for analysis. The flow then parses the e-mail for URLs and submits them to Threat Grid for analysis. The submission information is stored in the DXL topic, /cisco/threatgrid/urlresults for future reference.
The Cisco Threat Grid URL Submission node can be install natively in Node Red or via npm install. The name is node-red-contrib-threatgrid-urlsubmit. It will need and API Key from Threat Grid to work.
The Node-RED flow content for this solution: