Post Gmail Phishing Alerts to Slack/Microsoft Teams

Hi Folks,

We’ve encountered a challenge in our current workflow due to our security gateway rewriting URLs in the emails we receive. Specifically, the URLs now look like this: “”.

We’re seeking advice on how to extract only the domain part (“”) while omitting everything preceding it, including the “domain==” string.

You can use the Pattern Match Step to achieve your desired results. In my example below I defined two new variables “NotDomain” to pull out the domain==, and “Domain” to capture There might be more efficient way, but this way worked for me. Here is the input for the pattern section {{NotDomain:/(?:domain==)/}}{{Domain:/([^&\s]+)/}}


Screen Shot 2024-01-16 at 7.50.59 AM

1 Like

Thank You Darrick. Let me try the same in our env and let you know.

Thank you Darrick. Provided regex did the wonder!!!