Go back

Automate Phishing Triage with Tines and Material

At Material, we know there's no such thing as a universal workflow when it comes to reviewing user-reported emails. Some organizations take a "hands-off" approach and let Material's Phishing Herd Immunity protect users in near-real time with link and attachment speed bumps or blocks. Other organizations with dedicated security staff complement this with a more in-depth approach—manually reviewing reported messages to unravel ongoing adversarial campaigns or identify attacker trends. No matter what your phishing triage workflow is, we believe having the ability to automate repetitive tasks should be possible and straightforward.

Partners
March 2, 2022
9m read
9m read
9m listen
9m watch
9m watch
tines in a purple background
speakers
speakers
speakers
authors
Chris Long
participants
No items found.
share

At Material, we know there's no such thing as a universal workflow when it comes to reviewing user-reported emails. Some organizations take a "hands-off" approach and let Material's Phishing Herd Immunity protect users in near-real time with link and attachment speed bumps or blocks. Other organizations with dedicated security staff complement this with a more in-depth approach—manually reviewing reported messages to unravel ongoing adversarial campaigns or identify attacker trends. No matter what your phishing triage workflow is, we believe having the ability to automate repetitive tasks should be possible and straightforward.

Introducing a Material Action Template

We’re excited to share that we've worked with Tines to create an Action Template for Material. This template allows users to interact with Material's API without having to write a single line of code. To get started, just log into your Material admin console to create an API token and configure an event subscription to point to a Tines webhook.

‍

Example Playbook: Analyzing Attachments in Reported Messages

Let's dig into a reasonably sophisticated triage flow for analyzing email attachments. The goal of this playbook is to gather information about the attachments and automatically present a summary of the findings to your security team.

When someone flags an email as suspicious in Material, a case gets created in the Phishing Herd Immunity console. A case is essentially a container of messages that share similar qualities (sender, subject, etc) that can be remediated together. When a case gets created, the event subscription will send a notification to the Tines webhook with information about the case. Tines then makes additional calls against the Material API to gather information about the messages in the case, including information about their attachments. At the end of this automated workflow, you'll be able to present your security team with the SPF/DKIM/DMARC pass/fail results, VirusTotal hash lookup results, and Joe Sandbox dynamic analysis report.

tines content image
code content image

‍

Get Started with Tines + Material

Automating elements of a phishing triage workflow is one small example of what can be accomplished using Tines + Material. Material's API not only allows you to search for and retrieve email metadata, but allows you to take actions against messages as well. Whether you're looking to integrate Material with other tools, apply an additional level of scrutiny to certain messages, or simply receive a notification when certain events happen, the team at Material is here to help you tailor a workflow to fit your organization's needs.

Resources:

For more questions, contact our team.

‍

Frequently Asked Questions

Find answers to common questions and get the details you need.

No items found.

Related posts

Our blog is your destination for expert insights, practical tips, and the latest news in technology. Stay informed with our regular updates and in-depth articles. Join the conversation and enhance your understanding of the tech landscape.

blog post

What Is an Email Bomb? How Inbox Flooding Attacks Work and How to Stop Them

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

Nate Abbott
5
m read
Read post
Podcast

What Is an Email Bomb? How Inbox Flooding Attacks Work and How to Stop Them

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Listen to episode
Video

What Is an Email Bomb? How Inbox Flooding Attacks Work and How to Stop Them

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m watch
Watch video
Downloads

What Is an Email Bomb? How Inbox Flooding Attacks Work and How to Stop Them

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Watch video
Webinar

What Is an Email Bomb? How Inbox Flooding Attacks Work and How to Stop Them

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Listen episode
blog post

Consent Is the New Vulnerability

OAuth consent has emerged as a critical security vulnerability that bypasses traditional authentication like MFA and passwords, granting attackers persistent, automated access that survives even password resets and account offboarding.

Kate Hutchinson
5
m read
Read post
Podcast

Consent Is the New Vulnerability

OAuth consent has emerged as a critical security vulnerability that bypasses traditional authentication like MFA and passwords, granting attackers persistent, automated access that survives even password resets and account offboarding.

5
m listen
Listen to episode
Video

Consent Is the New Vulnerability

OAuth consent has emerged as a critical security vulnerability that bypasses traditional authentication like MFA and passwords, granting attackers persistent, automated access that survives even password resets and account offboarding.

5
m watch
Watch video
Downloads

Consent Is the New Vulnerability

OAuth consent has emerged as a critical security vulnerability that bypasses traditional authentication like MFA and passwords, granting attackers persistent, automated access that survives even password resets and account offboarding.

5
m listen
Watch video
Webinar

Consent Is the New Vulnerability

OAuth consent has emerged as a critical security vulnerability that bypasses traditional authentication like MFA and passwords, granting attackers persistent, automated access that survives even password resets and account offboarding.

5
m listen
Listen episode
blog post

See It, Close It: Agent Enhancements, New Detections, OAuth Risk Report, and More

Material’s June included new detections, workflow improvements, updates to the OAuth Threat Remediation Agent, and the industry’s first real-world OAuth Risk Report.

James Juran
5
m read
Read post
Podcast

See It, Close It: Agent Enhancements, New Detections, OAuth Risk Report, and More

Material’s June included new detections, workflow improvements, updates to the OAuth Threat Remediation Agent, and the industry’s first real-world OAuth Risk Report.

5
m listen
Listen to episode
Video

See It, Close It: Agent Enhancements, New Detections, OAuth Risk Report, and More

Material’s June included new detections, workflow improvements, updates to the OAuth Threat Remediation Agent, and the industry’s first real-world OAuth Risk Report.

5
m watch
Watch video
Downloads

See It, Close It: Agent Enhancements, New Detections, OAuth Risk Report, and More

Material’s June included new detections, workflow improvements, updates to the OAuth Threat Remediation Agent, and the industry’s first real-world OAuth Risk Report.

5
m listen
Watch video
Webinar

See It, Close It: Agent Enhancements, New Detections, OAuth Risk Report, and More

Material’s June included new detections, workflow improvements, updates to the OAuth Threat Remediation Agent, and the industry’s first real-world OAuth Risk Report.

5
m listen
Listen episode
blog post

What the Updated HIPAA Security Rule Means for Email Risk Assessments

A guide for auditors, HITRUST assessors, and HIPAA compliance consultants.

Material Team
10
m read
Read post
Podcast

What the Updated HIPAA Security Rule Means for Email Risk Assessments

A guide for auditors, HITRUST assessors, and HIPAA compliance consultants.

10
m listen
Listen to episode
Video

What the Updated HIPAA Security Rule Means for Email Risk Assessments

A guide for auditors, HITRUST assessors, and HIPAA compliance consultants.

10
m watch
Watch video
Downloads

What the Updated HIPAA Security Rule Means for Email Risk Assessments

A guide for auditors, HITRUST assessors, and HIPAA compliance consultants.

10
m listen
Watch video
Webinar

What the Updated HIPAA Security Rule Means for Email Risk Assessments

A guide for auditors, HITRUST assessors, and HIPAA compliance consultants.

10
m listen
Listen episode
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

New