mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-14 06:54:57 +03:00
mukul975
61 lines
1.4 KiB
Markdown
61 lines
1.4 KiB
Markdown
# Workflows: Google Workspace Phishing Protection
|
|
|
|
## Workflow 1: Gmail Inbound Protection Pipeline
|
|
|
|
```
|
|
Inbound email arrives at Gmail
|
|
|
|
|
v
|
|
[Connection-level checks]
|
|
+-- IP reputation
|
|
+-- SPF validation
|
|
+-- DKIM verification
|
|
+-- DMARC evaluation
|
|
|
|
|
v
|
|
[Enhanced Pre-Delivery Scanning]
|
|
+-- Content analysis for phishing indicators
|
|
+-- URL expansion (shortened URLs)
|
|
+-- Image scanning for embedded phishing
|
|
+-- NLP analysis for social engineering
|
|
|
|
|
v
|
|
[Attachment Protection]
|
|
+-- File type analysis
|
|
+-- Script detection in attachments
|
|
+-- Encrypted attachment from untrusted sender check
|
|
+-- Security Sandbox detonation (Enterprise)
|
|
|
|
|
v
|
|
[Spoofing Detection]
|
|
+-- Domain name similarity check
|
|
+-- Employee name impersonation check
|
|
+-- Internal domain spoofing check
|
|
|
|
|
v
|
|
[Delivery decision]
|
|
+-- DELIVER: Clean message to inbox
|
|
+-- WARN: Deliver with yellow warning banner
|
|
+-- SPAM: Route to spam folder
|
|
+-- QUARANTINE: Hold for admin review
|
|
+-- REJECT: Block delivery entirely
|
|
```
|
|
|
|
## Workflow 2: Safe Browsing URL Protection
|
|
|
|
```
|
|
User clicks URL in Gmail
|
|
|
|
|
v
|
|
[Enhanced Safe Browsing check]
|
|
+-- Real-time URL reputation lookup
|
|
+-- Check against known phishing database
|
|
+-- Dynamic page analysis
|
|
|
|
|
v
|
|
[Decision]
|
|
+-- SAFE: Allow navigation
|
|
+-- DANGEROUS: Display full-page warning
|
|
+-- SUSPICIOUS: Display interstitial warning
|
|
```
|