DigitalRiskProt-04-Telegram-Scrapping
DigitalRiskProt-04-Telegram-Scrapping
Overview
This workflow automates the scraping of Telegram channels, performs AI-driven analysis of collected messages for threat relevance, sends an intelligence summary back to a designated Telegram chat, and delivers a comprehensive HTML report via email. It enables continuous monitoring of Telegram channels for cybersecurity-relevant content with minimal manual effort.
How It Works
-
Input Configuration: Two Input Nodes provide the workflow's parameters: an email configuration JSON specifying recipients and format, and a customizable AI prompt defining the analysis criteria (e.g., messages related to npm compromises or other specific threat topics).
-
Telegram Channel Scraping: An Integration Node connects to the Telegram API to scrape messages from configured channels, retrieving message content, metadata, view counts, and participant information.
-
Parallel Processing: The scraped channel data is branched into two concurrent paths:
Branch A - AI Analysis and Telegram Notification:
- A Scripting Agent Node combines the user-defined analysis prompt with the scraped Telegram data into a structured JSON payload
- An AI Integration Node (powered by Claude) processes the combined input, performing a detailed threat relevance analysis of the scraped messages
- A Scripting Agent Node extracts the AI-generated analysis and formats it as a Telegram-compatible message
- An Integration Node sends the AI summary directly to a designated Telegram chat for real-time team awareness
Branch B - HTML Report and Email Delivery:
- A Scripting Agent Node generates a styled HTML report from the scraped channel data, presenting messages organized by channel with metadata including timestamps, view counts, and participant statistics
- A Scripting Agent Node merges the HTML report content with the email configuration JSON
- An Operation Node sends the complete HTML report via email to the designated recipients
Who is this for?
- Threat intelligence analysts monitoring Telegram channels for indicators of compromise and threat actor activity
- Digital risk protection teams tracking dark web and messaging platform chatter for brand mentions or data leaks
- Security operations teams requiring automated OSINT collection from messaging platforms
- Incident response teams investigating threat actor communications during active incidents
- Cybersecurity researchers studying threat trends and attack campaigns discussed on Telegram
What problem does this workflow solve?
- Automates the labor-intensive process of manually monitoring Telegram channels for security-relevant content, enabling continuous surveillance without dedicated analyst time
- Provides AI-powered contextual analysis of scraped messages, filtering signal from noise and identifying threat-relevant content based on customizable criteria
- Delivers real-time intelligence summaries directly to Telegram for immediate team visibility, alongside detailed email reports for documentation and further analysis
- Enables flexible monitoring scope through configurable channel lists and AI prompts, allowing teams to adapt collection criteria to evolving threat landscapes
- Reduces mean time to awareness for emerging threats discussed on Telegram by automating the collection-analysis-notification pipeline Updated: 2026-03-19