Mini SOC-Ereignisklassifizierung
Fortgeschritten
Dies ist ein AI Summarization, Multimodal AI-Bereich Automatisierungsworkflow mit 7 Nodes. Hauptsächlich werden Set, Gmail, Webhook, OpenAi und andere Nodes verwendet. Automatisierung der Klassifizierung von Sicherheitsvorfällen: GPT-4o-mini und Gmail-Benachrichtigungen
Voraussetzungen
- •Google-Konto + Gmail API-Anmeldedaten
- •HTTP Webhook-Endpunkt (wird von n8n automatisch generiert)
- •OpenAI API Key
Verwendete Nodes (7)
Kategorie
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"id": "9R3de4CVLxlzUZuO",
"meta": {
"instanceId": "146ab8f1ce0cef4bd9c6b91db262ad7cd77638e200455d5838ba053a27e415bc",
"templateCredsSetupCompleted": true
},
"name": "Mini SOC Triage",
"tags": [],
"nodes": [
{
"id": "a9c71043-da13-45b2-954a-93f2e6c3832d",
"name": "Webhook-Trigger",
"type": "n8n-nodes-base.webhook",
"position": [
0,
0
],
"webhookId": "6e4fa508-b160-4373-bf80-e3e0e485024e",
"parameters": {
"path": "mini-triage",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 2.1
},
{
"id": "68cf1b53-2710-4218-a3b7-9f9a842a7b2e",
"name": "Klassifizieren",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
448,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the SOC Classifier. Output VALID JSON only with keys:\n{\n \"incident_type\": \"creds|malware|network|data|cloud|other\",\n \"severity\": \"P0|P1|P2|P3\",\n \"urgency\": \"now|today|this_week\",\n \"short_title\": \"≤12 words\",\n \"why\": \"≤50 words\"\n}\nRules:\n- Prefer \"cloud\" if resource_type looks like cloud infra (e.g., AwsS3Bucket, SecurityGroup, IAM).\n- If title contains \"public\", \"exposed\", \"leak\" → data|cloud depending on resource.\n- If unclear, return \"other\" and P3, but try to use title/description before giving up.\n- Be conservative with P0.\n\nExamples:\nInput: {\"title\":\"S3 bucket public READ\",\"description\":\"ACL allows public READ\",\"resource_type\":\"AwsS3Bucket\"}\nOutput: {\"incident_type\":\"cloud\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Public S3 read\",\"why\":\"Public READ on bucket risks data exposure.\"}\n\nInput: {\"title\":\"Multiple failed logins\",\"description\":\"probable credential stuffing\"}\nOutput: {\"incident_type\":\"creds\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Credential stuffing suspected\",\"why\":\"Repeated failures indicate attack; monitor & protect accounts.\"}\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxTFkzmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "11785568-2cdb-4541-98b8-f9ae659a0f3d",
"name": "Nachricht senden",
"type": "n8n-nodes-base.gmail",
"position": [
1152,
0
],
"webhookId": "21bf3d3a-363f-48dd-9f63-00d1796bea6b",
"parameters": {
"sendTo": "test5@gmail.com",
"message": "=<h3>\n {{ $('Classify').item.json.message.content.short_title }}\n ({{ $('Classify').item.json.message.content.severity }})\n</h3>\n\n<p>\n <b>Type:</b> {{ $('Classify').item.json.message.content.incident_type }}\n | \n <b>Resource Name:</b> {{ $('Clean_Finding').item.json.resource_id }}\n</p>\n\n<p>\n <b>Account:</b> {{ $('Clean_Finding').item.json.account_id }}\n</p>\n\n<p>\n <b>Urgency:</b> {{ $('Classify').item.json.message.content.urgency }}\n</p>\n\n<p>\n <b>Why:</b> {{ $('Classify').item.json.message.content.why }}\n</p>\n\n<p><b>Next Actions</b></p>\n<ol>\n <li>{{ $json.message.content.next_actions[0] }}</li>\n <li>{{ $json.message.content.next_actions[1] }}</li>\n <li>{{ $json.message.content.next_actions[2] }}</li>\n</ol>\n\n<p>\n <b>Owner:</b> {{ $json.message.content.owner_hint }} <br/>\n <b>Success:</b> {{ $json.message.content.success_criteria }}\n</p>\n",
"options": {},
"subject": "={{ $('Classify').item.json.message.content.short_title }}- {{ $('Clean_Finding').item.json.resource_id }} in {{ $('Clean_Finding').item.json.account_id }}"
},
"credentials": {
"gmailOAuth2": {
"id": "08JLRuwZ9XXXSVk",
"name": "Gmail account"
}
},
"typeVersion": 2.1
},
{
"id": "b2de9927-f64c-4a41-83f2-fb41e6d8d9e8",
"name": "Planen",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
800,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the Remediation Planner. Based on the classifier output and original finding, return VALID JSON:\n{\n \"next_actions\": [\"step 1\", \"step 2\", \"step 3\"],\n \"owner_hint\": \"who should act first (e.g., Cloud On-Call, IAM, EDR)\",\n \"success_criteria\": \"what proves it's resolved\"\n}\nKeep it to 3 atomic steps max. No speculation.\n"
},
{
"content": "=Classifier:\n```json\n{{$node[\"Classify\"].json}}\n{{$node[\"Webhook\"].json}}\n\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxXXXXmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "34aa6438-b428-4720-90b7-89c25bf16619",
"name": "Clean_Finding",
"type": "n8n-nodes-base.set",
"position": [
224,
0
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "d9f10bb7-9869-4f49-a44d-3ca7beb3e0e9",
"name": "Title",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Title }}"
},
{
"id": "df567881-cff9-40b3-acf1-d3e4b6499802",
"name": "Description",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Description }}"
},
{
"id": "86a3f987-3bbe-4e16-8964-403b435f89cf",
"name": "account_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].AwsAccountId }}"
},
{
"id": "4ca89192-e879-435e-89c8-4e66a1e4ab77",
"name": "resource_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Id }}"
},
{
"id": "9823717a-0340-4787-8d1c-b3fc118ad675",
"name": "resource_type",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Type }}"
},
{
"id": "061b1afc-f74b-4743-9dab-55cb16fa061c",
"name": "updated_at",
"type": "string",
"value": "={{$json.detail?.findings?.[0]?.UpdatedAt || new Date().toISOString()}}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "8f1880b6-bc09-4cc1-b587-9e4b92146927",
"name": "Haftnotiz",
"type": "n8n-nodes-base.stickyNote",
"position": [
-480,
-64
],
"parameters": {
"color": 4,
"width": 384,
"height": 336,
"content": "📥 ENTRY \n\nSend a POST to /mini-triage to get started!\n\nExample:\n\ncurl -X POST \"$YOUR_WEBHOOK_URL\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"detail\": {\n \"findings\": [{\n \"Title\": \"Multiple failed logins\",\n \"Description\": \"probable credential stuffing\",\n \"AwsAccountId\": \"111111111111\",\n \"Resources\": [{ \"Id\": \"user:alice@example.com\", \"Type\": \"AwsIamUser\" }]\n }]\n }\n }'\n"
},
"typeVersion": 1
},
{
"id": "37bc3107-c1ac-4386-817c-95a0009cf9c0",
"name": "Haftnotiz1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-464,
304
],
"parameters": {
"color": 6,
"width": 336,
"height": 128,
"content": "✉️ EMAIL & SECURITY\n \nSubject = <short_title> - <resource_id> in <account_id> \nReplace with your email/SMTP \nKeep creds in n8n Credentials, not nodes"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "39333a9c-5775-4440-aca6-0532fe50e307",
"connections": {
"b2de9927-f64c-4a41-83f2-fb41e6d8d9e8": {
"main": [
[
{
"node": "11785568-2cdb-4541-98b8-f9ae659a0f3d",
"type": "main",
"index": 0
}
]
]
},
"Webhook": {
"main": [
[
{
"node": "34aa6438-b428-4720-90b7-89c25bf16619",
"type": "main",
"index": 0
}
]
]
},
"68cf1b53-2710-4218-a3b7-9f9a842a7b2e": {
"main": [
[
{
"node": "b2de9927-f64c-4a41-83f2-fb41e6d8d9e8",
"type": "main",
"index": 0
}
]
]
},
"34aa6438-b428-4720-90b7-89c25bf16619": {
"main": [
[
{
"node": "68cf1b53-2710-4218-a3b7-9f9a842a7b2e",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Fortgeschritten - KI-Zusammenfassung, Multimodales KI
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
Tägliche Geschäftsnews
Tägliche Geschäftsnews-Zusammenfassung aus mehreren RSS-Quellen mit OpenAI und Gmail generiert
If
Code
Gmail
+
If
Code
Gmail
15 NodesCalistus Christian
Marktforschung
GRC-Modul 3: Lieferanten-Risikobewertung
Automatisierung des Risikomanagements für Lieferanten mit KI, Google Sheets und E-Mail-Benachrichtigungen
If
Set
Gmail
+
If
Set
Gmail
7 NodesAdnan Tariq
KI-Zusammenfassung
Konkurrenz-Analyse-Content-Inspector: Automatische Themen-Mapping von Websites
Analyse von Wettbewerbsinhalten und -lücken mit Gemini AI, Apify und Google Sheets
If
Set
Code
+
If
Set
Code
30 NodesMychel Garzon
Verschiedenes
Automatisiertes E-Mail-Klassifizierungs- und Antwortsystem mit Gmail, GPT und Tabellen
Automatisches E-Mail-Klassifizierungs- und Antwortsystem mit Gmail, GPT und Tabellen
Set
Gmail
Error Trigger
+
Set
Gmail
Error Trigger
35 NodesSergio Afonso
KI-Zusammenfassung
Tägliche Sicherheitsnachrichten
Täglicher Technologie- und Cyber-Sicherheits-Briefing: RSS, OpenAI GPT-4o und Gmail
If
Code
Gmail
+
If
Code
Gmail
19 NodesCalistus Christian
Persönliche Produktivität
Tägliche intelligente Analyse der WhatsApp-Gruppen: GPT-4.1-Analyse und Transkription von Sprachnachrichten
Tägliche intelligente Analyse von WhatsApp-Gruppen: GPT-4.1-Analyse und Transkription von Sprachnachrichten
If
Set
Code
+
If
Set
Code
52 NodesDaniel Lianes
Verschiedenes
Workflow-Informationen
Schwierigkeitsgrad
Fortgeschritten
Anzahl der Nodes7
Kategorie2
Node-Typen5
Autor
Calistus Christian
@ca7aiAutomation strategist and AI workflow architect creating intelligent, agent-driven processes that streamline operations. I build advanced n8n solutions integrating AI, cloud services, and real-time data orchestration for scalable impact. Explore my free workflows to get started. Premium, custom-built solutions are also available. Connect with me on LinkedIn for tailored automation expertise.
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen