Security and IT teams get a faster way to handle suspicious emails. The system watches Gmail and Outlook, reviews each new message, and decides if it looks like phishing. It opens a Jira ticket with the AI decision, a screenshot of the email, and a text copy for clear records.

New emails arrive through Gmail Trigger and Microsoft Outlook Trigger every minute. Outlook headers and body are pulled from Microsoft Graph and formatted, while Gmail details are mapped to the same fields. The flow standardizes the data, turns the HTML into a text file and a full screenshot using HTML CSS to Image, then sends the body and headers to OpenAI for scoring. A check node routes the result to either a malicious or benign Jira ticket, and both the screenshot and the text file are attached automatically with the ticket ID tracked for uploads.

You will need accounts for all connected tools and the right permissions in each system. Teams usually cut review time from many minutes per email to just a few, while keeping proof and context in one place. It fits shared phishing inboxes, abuse reporting, and help desk intake to security. Use the Tools Required section for account links, then add credentials in n8n.

• Watches Gmail and Microsoft Outlook for new emails every minute.
• Pulls headers and body from Microsoft Graph and formats them for clear review.
• Maps Gmail and Outlook data into the same fields for a single analysis path.
• Creates a screenshot of the HTML email using HTML CSS to Image.
• Converts the email body to a plain text file for search and audit.
• Uses OpenAI to analyze headers and HTML body and returns a structured JSON result.
• Routes outcomes with a check node to malicious or benign ticket paths.
• Creates Jira tickets with detailed summaries and AI findings.
• Uploads the screenshot and text file to the right Jira issue using the tracked ticket ID.

• Reduce manual review from 15 minutes per email to 2 minutes
• Automate up to 90 percent of phishing triage steps
• Improve evidence capture with both screenshot and text files
• Connect Gmail, Outlook, OpenAI, Jira and HTML CSS to Image in one flow
• Handle 10 times more reports without adding staff
• Increase report consistency with structured headers in Jira

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Gmail, Microsoft Outlook, Microsoft Graph, OpenAI, Jira Software Cloud and HTML/CSS to Image. See the Tools Required section above for links to create accounts with these services.
3. In the n8n credentials manager, create Gmail OAuth2 credentials. Double click the Gmail Trigger node, choose your credential, and follow the on screen steps to connect the mailbox that receives phishing reports.
4. Create Microsoft Outlook OAuth2 credentials in n8n and allow Mail.Read permission. Assign this credential to both the Microsoft Outlook Trigger and the Retrieve Headers of Email HTTP Request node.
5. Open the Microsoft Outlook Trigger and set the folder and fields to include body, toRecipients, subject, and bodyPreview. Confirm the poll time is every minute.
6. Open the Retrieve Headers of Email node and confirm the URL uses the message id, and that Accept application/json and Prefer outlook.body-content-type text are set.
7. Create an OpenAI API credential in n8n using your API key from the OpenAI account page. In the Analyze Email with ChatGPT node, pick this credential and keep the model set to GPT-4o.
8. Create Jira Software Cloud credentials in n8n using your Atlassian email and an API token from your Atlassian account. In both Jira nodes, select the correct project and issue type.
9. Create HTML CSS to Image Basic Auth credentials in n8n using your hcti.io user id and API key. Assign them to both Screenshot HTML and Retrieve Screenshot nodes.
10. Review the Set nodes to ensure subject, recipient, headers, htmlBody, and text body are correctly mapped for both Gmail and Outlook paths.
11. Run a test by sending one safe email and one phishing sample to each inbox. Confirm Jira creates the right ticket type and that both the screenshot and the text file appear as attachments.
12. If you see errors: for OpenAI 401, check the API key and model; for Microsoft Graph 403, verify permissions; for Jira attachment failures, check project permissions and issue key; for blank screenshots, confirm the htmlBody variable is set before the Screenshot HTML node.