Automate Email Attachment Ingestion to The Hive & Cortex

Instantly ingest email attachments into The Hive & Cortex via n8n, accelerating threat response and boosting security team productivity.

Email Read Imap

Manual Trigger

This n8n workflow automates the process of reading incoming emails from an IMAP account and ingesting their attachments into a security incident response platform. It starts by monitoring an IMAP inbox for new emails. Upon detection, it extracts any attached files and then creates a new alert or case within The Hive platform. The alert is specifically tagged as 'Email' and its type is set to 'Email', with the file name of the attachment used as the alert's title. Crucially, the original email's message ID is captured and linked as a source reference within The Hive for full traceability. Given the workflow's name and common security operations practices, this setup strongly indicates that the ingested attachments or associated observables within The Hive would subsequently be submitted to Cortex for automated threat analysis, enrichment, or detonation. This streamlines the initial triage and analysis of potential threats received via email.