Go back

Automate Phishing Triage with Tines and Material

At Material, we know there's no such thing as a universal workflow when it comes to reviewing user-reported emails. Some organizations take a "hands-off" approach and let Material's Phishing Herd Immunity protect users in near-real time with link and attachment speed bumps or blocks. Other organizations with dedicated security staff complement this with a more in-depth approach—manually reviewing reported messages to unravel ongoing adversarial campaigns or identify attacker trends. No matter what your phishing triage workflow is, we believe having the ability to automate repetitive tasks should be possible and straightforward.

Partners
March 2, 2022
9m read
9m read
9m listen
9m watch
9m watch
tines in a purple background
speakers
speakers
speakers
authors
Chris Long
participants
No items found.
share

At Material, we know there's no such thing as a universal workflow when it comes to reviewing user-reported emails. Some organizations take a "hands-off" approach and let Material's Phishing Herd Immunity protect users in near-real time with link and attachment speed bumps or blocks. Other organizations with dedicated security staff complement this with a more in-depth approach—manually reviewing reported messages to unravel ongoing adversarial campaigns or identify attacker trends. No matter what your phishing triage workflow is, we believe having the ability to automate repetitive tasks should be possible and straightforward.

Introducing a Material Action Template

We’re excited to share that we've worked with Tines to create an Action Template for Material. This template allows users to interact with Material's API without having to write a single line of code. To get started, just log into your Material admin console to create an API token and configure an event subscription to point to a Tines webhook.

Example Playbook: Analyzing Attachments in Reported Messages

Let's dig into a reasonably sophisticated triage flow for analyzing email attachments. The goal of this playbook is to gather information about the attachments and automatically present a summary of the findings to your security team.

When someone flags an email as suspicious in Material, a case gets created in the Phishing Herd Immunity console. A case is essentially a container of messages that share similar qualities (sender, subject, etc) that can be remediated together. When a case gets created, the event subscription will send a notification to the Tines webhook with information about the case. Tines then makes additional calls against the Material API to gather information about the messages in the case, including information about their attachments. At the end of this automated workflow, you'll be able to present your security team with the SPF/DKIM/DMARC pass/fail results, VirusTotal hash lookup results, and Joe Sandbox dynamic analysis report.

tines content image
code content image

Get Started with Tines + Material

Automating elements of a phishing triage workflow is one small example of what can be accomplished using Tines + Material. Material's API not only allows you to search for and retrieve email metadata, but allows you to take actions against messages as well. Whether you're looking to integrate Material with other tools, apply an additional level of scrutiny to certain messages, or simply receive a notification when certain events happen, the team at Material is here to help you tailor a workflow to fit your organization's needs.

Resources:

For more questions, contact our team.

Related posts

Our blog is your destination for expert insights, practical tips, and the latest news in technology. Stay informed with our regular updates and in-depth articles. Join the conversation and enhance your understanding of the tech landscape.

blog post

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

Josh Donelson
5
m read
Read post
Podcast

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Listen to episode
Video

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m watch
Watch video
Downloads

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Watch video
Webinar

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Listen episode
blog post

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Material Team
10
m read
Read post
Podcast

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Listen to episode
Video

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m watch
Watch video
Downloads

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Watch video
Webinar

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Listen episode
blog post

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Material Team
35
m read
Read post
Podcast

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Listen to episode
Video

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m watch
Watch video
Downloads

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Watch video
Webinar

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Listen episode
blog post

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

Rajan Kapoor
7
m read
Read post
Podcast

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Listen to episode
Video

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m watch
Watch video
Downloads

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Watch video
Webinar

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Listen episode
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.