Skip to main content

Simple phishing analysis workflow

Simple phishing analysis workflow

Jean-Baptiste Joly avatar
Written by Jean-Baptiste Joly
Updated over 8 months ago

Overview

Mindflow was created to enable individuals to automate their work without requiring coding skills. The goal of this quick start guide is to introduce new users to the essential concepts of Mindflow. We will guide you through the process of creating a simple URL analysis flow.

By the end of this journey, you should be comfortable enough to create your own flows from scratch, while gaining a new understanding of how to optimize your recurring workflows through automation.

This guide will get you started with text documentation and a series of short video tutorials.

💡 This guide allows you to explore the content of our quick start guide independently. If you prefer a guided experience with an instructor, feel free to sign up for our Mindflow Quick Start Guide!

Before you go further

1. Detail your needs

It's important to correctly expose what you want to achieve before going deeper in your projects. To do so, we encourage writing your needs in Agile User Story format like :

  • WHEN: an alert is emitted …

  • THEN: enrich it ….

  • IF: malicious …

  • THEN: block ip …

And iterate over it adding informations as long as you can, ending in something like that:

  • WHEN: an alert is emitted in Google Alert Center

  • THEN: Extract IP address

  • THEN: Analyze it against Virustotal

  • IF: malicious score > 0THEN: block ip in Fortinet FW

  • ENDIF

  • END

2. Calculate cost, gains, profitability

It can be in goal for profitability, or to convince your hierarchy. But one thing is sure, you'll need to demonstrate the profitability of your project.

COSTS:

  • One Time :

    • Automation Development (Including time requesting accesses, hierarchy validation, development, testing)

  • Recurring :

    • Maintainability

    • Licenses

GAINS :

  • Time Saved : Calculated per day / per people

  • Backlog reduction

  • Hidden (hard to calculate):

    • Process Harmonisation / stability

    • Human-based error reduction

    • Opportunity creations

    • People motivation / well-being

Step by Step

1. Get Started

Navigate to https://your-tenant.mindflow.io and click on Create Account

Once you have clicked on the Create Account button, an e-mail will be sent to you inviting you to enter the code received.

Now you can log in with your credentials.

The security of your environment is paramount, and we strongly recommend that you configure the 2FA. Go to the Settings page and click on the Enable Two Factor Authentification button.

Scan the QR code using your authentication app and enter the verification code.

Congratulations ! You now have access to a brighter future automating things with Mindflow !

2. Create an Environment

Now it's time to create your first environment, which will host your first flow.

Click on the + Create environment button, edit the environment title by clicking on it and modify the emoji as you wish.

Congratulations ! You can now start playing around and discover a brand-new world !

3. Choose integrations

Now, you are going to select the integrations you want to play with :

Click on the Integrations tab.

Search for VirusTotal

Select the first integration which doesn’t have the Preset header.

Congratulations ! You can now play with the freshly added integrations, allowing you to connect tools between them, and much more !

4. Create a Credential

In this section, assuming you already have a VirusTotal account, we will guide you through the process of obtaining an API key from VirusTotal. You will then proceed to build a credential in the Mindflow Vault using that API key.

Log on to https://www.virustotal.com/gui/sign-in, navigate to the API Key page by clicking on your profile and copy the “API key”.

You can now navigate to the Environment page and click on the Create a credential button

Search for VirusTotal in the search bar and select VirusTotal "Native”:

  1. Click on the + Credential drop-down menu and select the correct service : Virus Total

  2. In the x-apikey field, insert your api key in the Value field And finally, click on Create

Congratulations ! You can now authenticate against your company tools and retrieve more useful data than you could before !

5. Build a flow

Today, you will be creating a flow that enables you to analyze one or multiple URLs through VirusTotal triggered by an email hook and receive the results via email.

Let's get started with Mindflow editor

Now it's time to explore Mindflow's capabilities. These form the core building blocks of your Mindflow flows, and by connecting them together, you can bring your automation ideas to life.

  1. Go in the Flows section and select the Environment you want to create the flow in

  2. Click on the + Create Flow

  3. Edit the emoji by clicking on it

  4. Edit the title by clicking on it

You are now in your flow editor

  1. Click on the blue + button in the middle of the designer to add an Email Trigger

  2. Copy the email, hook under the Email address field. Allowing you to trigger the flow with an email.

  1. Go to your mailbox

  2. Create a test mail with several urls (you can copy the one from the video 😉) Hello you ! You won an iPhone 24 pro plus ultra max ! Click here to redeem : <https://secure.eicar.org/eicar.com.txt> Or here : <https://google.fr> Cheers

  3. Insert the mail you've just copied into the recipient.

  4. Send the e-mail

  1. Click on the + button to display the step menu

  2. Select the Transform data step and rename it by clicking on it.

  3. Click on the ⚙ button

  4. Fill the Key field with the value “body”

  5. Insert a / in the Value field to display the datas selection menu, then click on your mail in the Triggers category, click on the last iteration, then select on the field containing the content of the mail you sent

(In the video, it's the text field that applies to Gmail)

  1. Click on the + button below the previously created step and add another Transform Data step.

  2. Rename step to “Extract URLs

  3. Open step configuration menu and fill Key name field with “URLs”

  4. Insert a / in the Value field, and select the "TEXT" data stack in the Variable section.

  5. Then click on the fonction button fx that appears when you move the cursor over the right-hand side of the field.

  6. Click on the Add a function button and select the Extract URLs function.

  7. You’re done configuring the step.

  1. Click on the + button of the last step and add a For each

  2. Rename the step to “For each URL

  3. Go to the step configuration menu and insert a “/” to access the data selection menu

  4. Select URLs in the Variables section, then URLs.

  1. Click on the + button inside Step For each

  2. Search and select VirusTotal, then select the Analyze a URL operation

  3. Access the Input menu, then the Url field data selection menu

  4. Type / to open the variables panel.

  5. Select For each URL in the Flow category, then Iteration data

  6. Go to the Settings tab of the ⚙️ configuration menu, click on the drop-down menu for the Credential field and select the VirusTotal credential you created in 3️⃣ Create a Credential.

  7. Rename the Analyze a URL step to “Submit URL” and add a relevant description by clicking just below the title.

  8. Add the VirusTotal operation Retrieve information about a file or URL in the For each just after the previous step.

  9. Access the step configuration menu, then the data selection menu in the id field. Select Submit URL, then the last iteration, and finally data > id.

  10. Navigate to the Settings tab and select your credential.

  11. Rename step to “Retrieve URL analysis

  1. Add a condition step after the Retrieve URL analysis step and rename it "Is malicious?".

  2. Add a new Transform data Transform data step

  3. Move the step far enough away to see the editable branch name and rename it "YES" and rename the Transform data step to "Set malicious = true".

  4. Access the configuration menu and add a variable with the Key "malicious" and set the Raw value to "true".

  5. click on the ⚙️ configuration button of the condition step to click on the > button of the IF field

  6. Access the data selection menu of the first field, select Retrieve URL analysis, the last iteration then data > attributes > stats > malicious

  7. change the formula in the drop-down menu to is greater than and insert a 0 in the last field

  1. Click on the + button under the For each step and select the Send email step.

  2. Rename Reply to sender

  3. Access the Item 0 field data selection menu, then your email, the last iteration then from > value > value[0] > address

  4. Write the subject of your e-mail, for example: Email analysis status in the Subject field.

  5. Write the text of your e-mail in the Text field: Hello,The email you submitted was analyzed:Malicious: <INSERT “/” HERE>Cheers,

  6. Insert a “/” just after “Malicious:” in the email text, to display the data selection menu and select the malicious variable

Your flow is ready to use! Now, if you try to send an e-mail containing URLs to your flow's trigger e-mail, it will send you an e-mail containing the results of their VirusTotal analyses.

Congratulations ! You have created an awesome flow that avoid you to do manual analysis, and you now have more time to do things that matter !

6. Conclusion

Congratulations! You've just built your first Mindflow workflow! We've covered configuring credentials, using event transformation actions, leveraging cybersecurity integrations for multiple API calls, and using an email hook action to control event flow.

Most importantly, you've witnessed how easy it can be to automate your everyday workflows. Today, we've only scratched the surface of what Mindflow can do.

Did this answer your question?