Automatisierte Sicherheitsklassifizierung: NixGuard AI und Weiterleitung an Slack oder Jira
Experte
Dies ist ein SecOps, AI Summarization-Bereich Automatisierungsworkflow mit 19 Nodes. Hauptsächlich werden If, Set, Code, Slack, Switch und andere Nodes verwendet. Automatisierung der Klassifizierung von Sicherheitswarnungen: NixGuard AI und Weiterleitung an Slack oder Jira
Voraussetzungen
- •Slack Bot Token oder Webhook URL
Verwendete Nodes (19)
Kategorie
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "40fb885c-9077-447c-a236-2262ff465d29",
"name": "Täglich um 8 Uhr ausführen",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
740,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"name": "Warnungs-Array parsen",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"name": "Prompt für Zusammenfassung setzen",
"type": "n8n-nodes-base.set",
"position": [
1380,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "=Act as a senior security analyst reporting to a non-technical executive. Analyze the following JSON array of all high-severity security alerts from the last 24 hours.\n\nYour response MUST be a single, valid JSON object and nothing else. Do not include any text before or after the JSON, and do not wrap it in Markdown code fences (```json).\n\nYour output must strictly adhere to the following structure:\n{\n \"ai_priority\": \"<'Critical' | 'High' | 'Medium' | 'Low'>\",\n \"ai_summary\": \"<A single sentence summarizing the day's overall security risk.>\",\n \"total_critical_alerts\": <Total number of alerts with 'critical' severity>,\n \"key_observations\": [\n \"<Bulleted summary of the most significant activities or threat patterns, focused on business impact.>\",\n \"<Another bulleted summary point.>\",\n \"<And another, if necessary.>\"\n ],\n \"recommendation\": \"<A single, clear, actionable recommendation.>\"\n}\n\nHere is the raw alert data:\n{{ JSON.stringify($json) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"name": "API-Schlüssel & Initial-Prompt setzen",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"name": "Ausführen: Tägliche Ereignisse als JSON abrufen (Echtzeit-Sicherheitseinblicke mit NixGuard RAG und Wazuh-Integration)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"name": "Wenn",
"type": "n8n-nodes-base.if",
"position": [
980,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "f066f0e6-fa5d-4ab6-9d0c-0b6b5f9bb269",
"name": "Workflow-Übersicht",
"type": "n8n-nodes-base.stickyNote",
"position": [
720,
1060
],
"parameters": {
"color": 7,
"width": 520,
"height": 260,
"content": "## 💡 Workflow Overview\n\nThis workflow acts as an automated SOC analyst. It receives security alerts from & uses **NixGuard's AI** to analyze and prioritize them, and then routes them to the correct **Slack** channel based on the AI-assigned priority.\n\n**Use Case:** Eliminate alert fatigue by automatically distinguishing between critical threats that need immediate attention and informational logs that can be reviewed later."
},
"typeVersion": 1
},
{
"id": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"name": "AI-Priorität & Zusammenfassung extrahieren",
"type": "n8n-nodes-base.set",
"position": [
1160,
2040
],
"parameters": {
"values": {
"string": [
{
"name": "ai_priority",
"value": "={{ $json.ai_priority }}"
},
{
"name": "ai_summary",
"value": "={{ $json.ai_summary }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"name": "Ausführen: Slack-Nachricht generieren (Echtzeit-Sicherheitseinblicke mit NixGuard RAG und Wazuh-Integration)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
760,
2040
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "93849a07-6c84-4abc-b5f3-0025e0625187",
"name": "Felder bearbeiten",
"type": "n8n-nodes-base.set",
"position": [
1200,
1600
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "7e0725fd-e9b4-4564-808a-708f6e8ecafa",
"name": "output",
"type": "array",
"value": "={{ $json.alerts }}"
}
]
},
"includeOtherFields": "={{ false }}"
},
"typeVersion": 3.4
},
{
"id": "4a49a959-6a27-410b-9a66-798480eb3612",
"name": "Warnungen parsen und aufteilen",
"type": "n8n-nodes-base.code",
"position": [
760,
1840
],
"parameters": {
"jsCode": "try {\n const alerts = $input.first().json.output;\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Return a separate item for each alert.\n // The .map() function transforms the array of alert objects\n // into an array of n8n items, which splits the execution.\n return alerts.map(alert => ({ json: alert }));\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly stop this branch of the workflow.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"name": "Aggregieren",
"type": "n8n-nodes-base.aggregate",
"position": [
1200,
1820
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData",
"destinationFieldName": "output"
},
"typeVersion": 1
},
{
"id": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"name": "Nach wichtigen Warnungen filtern (Level > 7)",
"type": "n8n-nodes-base.if",
"position": [
960,
1840
],
"parameters": {
"conditions": {
"number": [
{
"value1": "={{ $json.level }}",
"value2": 7,
"operation": "largerEqual"
}
]
}
},
"typeVersion": 1
},
{
"id": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"name": "KRITISCHE Warnung an Slack senden",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
1800
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"name": "HOHE Warnung an Slack senden",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2040
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"name": "INFO-Warnung an Slack senden",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2260
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"name": "AI-JSON-Antwort parsen",
"type": "n8n-nodes-base.code",
"position": [
960,
2040
],
"parameters": {
"jsCode": "// Get the AI response. Your previous node used a complex path,\n// we assume the final AI string is here. Adjust if needed.\n// For example, it might be in $input.first().json.output or similar.\nconst rawOutput = $input.first().json.output;\n\nconst jsonString = rawOutput;\n\ntry {\n // Parse the cleaned JSON string\n const parsedResponse = JSON.parse(jsonString);\n // Add the parsed fields to the n8n item.\n // This merges the new data with any existing data from the input.\n return [{ \n json: {\n ...$input.first().json,\n ...parsedResponse \n }\n }];\n\n} catch (e) {\n console.error(\"Failed to parse AI JSON response:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n // Return an empty item to indicate failure and stop the flow if desired.\n return [];\n}\n"
},
"typeVersion": 2
},
{
"id": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"name": "Switch",
"type": "n8n-nodes-base.switch",
"position": [
1380,
2020
],
"parameters": {
"rules": {
"values": [
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Critical"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1be5b449-70dd-4bfe-91da-9ce25b523a74",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "High"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1dd6239e-c965-4e06-85d9-4a8ad9f06287",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Info"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "c019ac34-3196-49f1-8bdb-d399ff989103",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Low"
}
]
}
}
]
},
"options": {}
},
"typeVersion": 3.2
},
{
"id": "5190c963-d8b8-446d-ace5-403d93b91432",
"name": "Einrichtungsanleitung1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1300,
880
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"40caac74-9e6c-4387-bc52-3bbe31e98481": {
"main": [
[
{
"node": "93849a07-6c84-4abc-b5f3-0025e0625187",
"type": "main",
"index": 0
}
]
]
},
"17359ba5-d1b1-42a6-bdfd-ab93be0fe857": {
"main": [
[
{
"node": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"type": "main",
"index": 0
}
],
[
{
"node": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"type": "main",
"index": 0
}
],
[
{
"node": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"type": "main",
"index": 0
}
],
[]
]
},
"c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b": {
"main": [
[
{
"node": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"type": "main",
"index": 0
}
]
]
},
"93849a07-6c84-4abc-b5f3-0025e0625187": {
"main": [
[
{
"node": "4a49a959-6a27-410b-9a66-798480eb3612",
"type": "main",
"index": 0
}
]
]
},
"e5f01889-2ae6-4563-8f34-836f1556e1f0": {
"main": [
[
{
"node": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"type": "main",
"index": 0
}
]
]
},
"40fb885c-9077-447c-a236-2262ff465d29": {
"main": [
[
{
"node": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"type": "main",
"index": 0
}
]
]
},
"4a49a959-6a27-410b-9a66-798480eb3612": {
"main": [
[
{
"node": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"type": "main",
"index": 0
}
]
]
},
"f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e": {
"main": [
[
{
"node": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"type": "main",
"index": 0
}
]
]
},
"6a3c2d13-ea2c-4a21-8063-cee59b220746": {
"main": [
[
{
"node": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"type": "main",
"index": 0
}
]
]
},
"d27114b8-536c-4937-8af0-b6a4e0d20d9f": {
"main": [
[
{
"node": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"type": "main",
"index": 0
}
]
]
},
"c8cac8b0-dac8-42ed-bb38-9daba321de8e": {
"main": [
[
{
"node": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"type": "main",
"index": 0
}
]
]
},
"079081a2-6e54-44cc-aee9-a00a34f545ef": {
"main": [
[
{
"node": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"type": "main",
"index": 0
}
]
]
},
"d047a378-b41a-4652-83e8-85ed0e87a2d9": {
"main": [
[
{
"node": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"type": "main",
"index": 0
}
]
]
},
"0adc2f21-8480-4749-9f0c-ef05b46b8b29": {
"main": [
[
{
"node": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Experte - Sicherheitsbetrieb, KI-Zusammenfassung
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
Erstellung von Management-Sicherheits-Newslettern mit NixGuard KI und Wazuh-Alarmen
Executive-Sicherheitsbericht mit NixGuard AI und Wazuh-Alarmen erstellen
If
Set
Code
+
If
Set
Code
13 NodesJonathan | NEX
Sicherheitsbetrieb
Automatisierte kostenlose IP-Analyse
Automatisierte kostenlose IP-Analyse: NixGuard AI-Zusammenfassung mit Wazuh-Integration
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodesJonathan | NEX
Sicherheitsbetrieb
Automatische Analyse von URL-Phishing und Bedrohungen
Automatisierte URL-Phishing- und Bedrohungsanalyse mit NixGuard AI
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodesJonathan | NEX
Sicherheitsbetrieb
Automatisierter wöchentlicher Teambericht für WhatsApp-Gruppen mit Gemini AI-Zusammenfassung
Automatisierte wöchentliche Team-Berichte für WhatsApp-Gruppen mit Gemini AI-Zusammenfassungen
If
Set
Code
+
If
Set
Code
47 NodesJamot
Projektmanagement
Auf KI basierende Meeting-Recherche und Tagesagenda (Google Kalender, Attio CRM und Slack)
Auf KI basierende Meeting-Recherche und Tagesagenda: Nutzung von Google Kalender, Attio CRM und Slack
If
Set
Code
+
If
Set
Code
30 NodesHarry Siggins
KI-Zusammenfassung
Automatisierte Meeting-Vorbereitung
Automatische Vorbereitung von Meetings vom Kalender bis Slack über Attio CRM mit GPT-5 und Gemini-Recherche
If
Set
Code
+
If
Set
Code
39 NodesHarry Siggins
KI-Zusammenfassung
Workflow-Informationen
Schwierigkeitsgrad
Experte
Anzahl der Nodes19
Kategorie2
Node-Typen9
Autor
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen