URL and IP lookups through Greynoise and VirusTotal
This security workflow automates threat intelligence by cross-referencing IP addresses and URLs against GreyNoise and VirusTotal to identify malicious activity. It features built-in DNS lookups and merges data from multiple vendors into a single, comprehensive report. Results are automatically delivered via Gmail or Slack, streamlining the incident response process for IT teams.
Start BuildingWhat This Recipe Does
This automated solution streamlines the critical process of security incident reporting and identity verification. By providing a structured intake form, the system captures essential data and immediately triggers a sophisticated validation and notification sequence. It eliminates the manual effort involved in triaging security alerts by automatically filtering information, processing logic through custom rules, and routing updates to both Slack and Gmail. The workflow ensures that stakeholders are notified instantly via their preferred communication channels, while internal logic checks prevent duplicate entries and prioritize urgent threats. This automation reduces response times, minimizes the risk of human error in data entry, and creates a consistent, auditable trail for every security event reported. For organizations managing sensitive data, this tool transforms a reactive security posture into a proactive, high-speed response system that keeps teams aligned and infrastructure protected.
What You'll Get
Forms, dashboards, and UI components ready to use
Background automations that run on your schedule
REST APIs for external integrations
HTTP / Webhook, Bot for Slack, BigMailer, Jotform configured and ready
How It Works
- 1
Click "Start Building" and connect your accounts
Runwork will guide you through connecting HTTP / Webhook and Bot for Slack
- 2
Describe any customizations you need
The AI will adapt the recipe to your specific requirements
- 3
Preview, test, and deploy
Your app is ready to use in minutes, not weeks
Who Uses This
- IT Security teams use this to standardize how employees report suspicious login attempts or lost devices.
- Compliance officers implement this to maintain an automated log of identity-related incidents for auditing purposes.
- Operations managers utilize this to bridge the gap between front-end reporting and back-end incident resolution across multiple platforms.
Frequently Asked Questions
How are security alerts distributed to the team?
The system automatically sends formatted notifications to designated Slack channels and Gmail addresses simultaneously once a report is submitted.
Can we customize the logic for different types of security threats?
Yes, the internal filtering and logic steps can be adjusted to prioritize specific incident types or route them to different departments based on severity.
Is it possible to add a delay before follow-up actions?
The workflow includes built-in wait states, allowing you to schedule automated follow-ups or status checks after the initial report is filed.
What information can be captured through the intake form?
The form is fully configurable to collect user identities, timestamps, descriptions of the event, and any other data points required for your security protocols.
Importing from n8n?
This recipe uses nodes like HttpRequest, Code, Set, Merge and 9 more. With Runwork, you don't need to learn n8n's workflow syntax. Just describe what you want in plain English.
Based on n8n community workflow. View original
Related Recipes
Ready to build this?
Start with this recipe and customize it to your needs.
Start Building Now