Crear ticket único de Jira desde alertas de Splunk
Intermedio
Este es unSecOpsflujo de automatización del dominio deautomatización que contiene 11 nodos.Utiliza principalmente nodos como If, Set, Jira, Webhook. Crear tickets únicos de Jira desde alertas de Splunk
Requisitos previos
- •Punto final de HTTP Webhook (n8n generará automáticamente)
Nodos utilizados (11)
Categoría
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"id": "uD31xU0VYjogxWoY",
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"name": "Create_Unique_Jira_tickets_from_Splunk_alerts",
"tags": [
{
"id": "GCHVocImoXoEVnzP",
"name": "🛠️ In progress",
"createdAt": "2023-10-31T02:17:21.618Z",
"updatedAt": "2023-10-31T02:17:21.618Z"
},
{
"id": "QPJKatvLSxxtrE8U",
"name": "Secops",
"createdAt": "2023-10-31T02:15:11.396Z",
"updatedAt": "2023-10-31T02:15:11.396Z"
}
],
"nodes": [
{
"id": "3f9fa220-1966-4478-b7db-c39056564c9d",
"name": "Disparador Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
-640,
320
],
"webhookId": "f2a52578-2fef-40a6-a7ff-e03f6b751a02",
"parameters": {
"path": "f2a52578-2fef-40a6-a7ff-e03f6b751a02",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 1
},
{
"id": "375ac47e-7975-45cb-b7c1-cef1c7fca701",
"name": "Agregar comentario al ticket",
"type": "n8n-nodes-base.jira",
"position": [
240,
520
],
"parameters": {
"comment": "=Timestamp: {{ $('Set Host Name').item.json.body.timestamp }}\nDescription: {{ $('Set Host Name').item.json.body.description }}",
"options": {},
"issueKey": "={{ $json.key }}",
"resource": "issueComment"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "a5dea875-6adf-4d18-aeb9-5fe31a0ebfae",
"name": "Buscar ticket",
"type": "n8n-nodes-base.jira",
"position": [
-200,
320
],
"parameters": {
"options": {
"jql": "=splunkhostname ~ \"{{ $json['splunk-host-name'] }}\" "
},
"operation": "getAll"
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1,
"alwaysOutputData": true
},
{
"id": "3dac410e-1e37-463d-9aba-bc6abf3889f7",
"name": "Establecer nombre del host",
"type": "n8n-nodes-base.set",
"position": [
-420,
320
],
"parameters": {
"values": {
"string": [
{
"name": "splunk-host-name",
"value": "={{ $json.body.inputs.A.key['host.name'].replace(/[^a-zA-Z0-9 ]/g, '') }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "465ec3b0-dd16-482e-b4b6-f8ed91fbb11b",
"name": "SI el ticket no existe",
"type": "n8n-nodes-base.if",
"position": [
20,
320
],
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.key }}",
"operation": "isEmpty"
}
]
}
},
"typeVersion": 1
},
{
"id": "1315b76b-39fc-4fd3-9a45-a91e5e873874",
"name": "Nota adhesiva",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1120,
-26.960531840248223
],
"parameters": {
"width": 643.8620281403546,
"height": 537.944771288002,
"content": "\n## Webhook Node \nTo setup your webhook integration for Splunk, first ensure that splunk is setup to send alerts to a webhook by visiting the [Setup Guide here](https://docs.splunk.com/observability/en/admin/notif-services/webhook.html). You will copy the n8n webhook url opening the webhook node below. \n- **Form Access URLs**:\n - **Execute Mode**: `https://n8n.domain.com/webhook/test/webhookpath` - Use this to execute the workflow interactively within the n8n canvas. Hit the 'Execute Workflow' button to see real-time execution results. We have pinned data in the webhook node to make testing easier. \n - **Silent Mode**: `https://n8n.domain.com/webhook/webhookpath` - Use this for background execution without canvas updates. Results will be logged silently and can be reviewed in the 'Executions' tab."
},
"typeVersion": 1
},
{
"id": "636425b9-a11f-4891-aa00-2f3c42956c01",
"name": "Crear ticket",
"type": "n8n-nodes-base.jira",
"position": [
240,
160
],
"parameters": {
"project": {
"__rl": true,
"mode": "list",
"value": "10001",
"cachedResultName": "Service Desk"
},
"summary": "=Splunk Alert for host {{ $('Set Host Name').item.json.body.inputs.A.key[\"host.name\"] }}: {{ $('Set Host Name').item.json.body.description }}",
"issueType": {
"__rl": true,
"mode": "list",
"value": "10004",
"cachedResultName": "[System] Incident"
},
"additionalFields": {
"description": "={{ $('Set Host Name').item.json.body.description }}\n\n{{ $('Set Host Name').item.json.body.messageBody }}",
"customFieldsUi": {
"customFieldsValues": [
{
"fieldId": {
"__rl": true,
"mode": "id",
"value": "customfield_10063"
},
"fieldValue": "={{ $('Webhook').item.json[\"body\"][\"inputs\"][\"A\"][\"key\"][\"host.name\"].replace(/[^a-zA-Z0-9 ]/g, '') }}"
}
]
}
}
},
"credentials": {
"jiraSoftwareCloudApi": {
"id": "OYvpDV2Q42eY6iyA",
"name": "Alex Jira Cloud"
}
},
"typeVersion": 1
},
{
"id": "47af8bdb-e0da-4923-8f0a-05deb86ac1b3",
"name": "Nota adhesiva1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
98.72468966845895
],
"parameters": {
"width": 401.99970102055784,
"height": 413.43480804607805,
"content": "\n## Normalize Hostname \nTo ensure no special characters are passed into jira and create issues, this set node removes special characters from the `splunk-host-name` and uses that to search and create tickets. This host name is saved as a custom field. "
},
"typeVersion": 1
},
{
"id": "c0bf09e6-ca08-4db6-aff0-a6528a8fb03b",
"name": "Nota adhesiva2",
"type": "n8n-nodes-base.stickyNote",
"position": [
180,
-21.934709587377256
],
"parameters": {
"width": 401.99970102055784,
"height": 348.38243930996134,
"content": "\n## Create a new ticket\nThis creates a new ticket in your Prjoect and issue type. Ensure to update these values to ensure it works correctly. "
},
"typeVersion": 1
},
{
"id": "a175e343-83ed-4442-94df-7e7027b8c687",
"name": "Nota adhesiva3",
"type": "n8n-nodes-base.stickyNote",
"position": [
180,
340
],
"parameters": {
"width": 401.99970102055784,
"height": 341.08777742613927,
"content": "\n## Add Ticket Comment\nThis adds the alert as a comment in the existing ticket, to ensure the data is not duplicated. "
},
"typeVersion": 1
},
{
"id": "09143b8c-a4ce-4791-8937-3333d24b6e01",
"name": "Nota adhesiva4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-40,
100.50445897107033
],
"parameters": {
"width": 193.6032856277124,
"height": 415.27445353029793,
"content": "## Check if ticket found\nThis checks `$json.key` to see if the value was found, and route accordingly."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {
"Webhook": [
{
"json": {
"body": {
"tip": null,
"rule": "n8n-test",
"inputs": {
"A": {
"key": {
"os.type": "linux",
"host.name": "n8n-enterprise-demo",
"sf_metric": "cpu.utilization"
},
"value": "0.1670342357065173",
"fragment": "data('cpu.utilization').publish(label='A')"
},
"_S2": {
"value": "0.2",
"fragment": "threshold(0.2)"
}
},
"status": "ok",
"detector": "n8n-test",
"imageUrl": "https://static.eu0.signalfx.com/signed/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJjb20uc2lnbmFsZnguYXBwIiwiZXhwIjoxNjk0NjE0NjI2LCJpSWQiOiJGNVZBcTEwQUVBQSIsIm9JZCI6IkY1V0JKZ2lBSUFBIiwiYlQiOiJlbmQifQ.udzyF5-HqKyV_EMRmT51EtgECK9g-wanl8nx_MH0i9Q/async",
"severity": "Critical",
"eventType": "F5Vx1EuAAKc__F5V-TcTAEJ8__n8n-test",
"sf_schema": 2,
"timestamp": "2023-09-06T14:17:00Z",
"detectorId": "F5V-TcTAEJ8",
"incidentId": "F5VAq10AEAA",
"runbookUrl": null,
"description": "The value of cpu.utilization is above 0.2.",
"detectorUrl": "https://app.eu0.signalfx.com/#/detector/F5V-TcTAEJ8/edit?incidentId=F5VAq10AEAA&is=ok",
"messageBody": "Rule \"n8n-test\" in detector \"n8n-test\" cleared at Wed, 6 Sep 2023 14:17:00 GMT.\n\nCurrent signal value for n8n.test: 0.1670342357065173\n\nSignal details:\n{sf_metric=cpu.utilization, host.name=n8n-enterprise-demo, os.type=linux}",
"messageTitle": "Back to normal: n8n-test (n8n-test)",
"statusExtended": "ok",
"detectOnCondition": "when(A > threshold(0.2))",
"originatingMetric": "cpu.utilization",
"triggeredWhileMuted": false
},
"query": {},
"params": {},
"headers": {
"host": "internal.users.n8n.cloud",
"x-real-ip": "10.255.0.2",
"user-agent": "Apache-HttpClient/4.5.14 (Java/1.8.0_372)",
"content-type": "application/json; charset=utf-8",
"content-length": "1366",
"accept-encoding": "gzip,deflate",
"x-forwarded-for": "10.255.0.2",
"x-forwarded-host": "internal.users.n8n.cloud",
"x-forwarded-port": "443",
"x-forwarded-proto": "https",
"x-forwarded-server": "e591fa1c2d01"
}
}
}
]
},
"settings": {
"executionOrder": "v1"
},
"versionId": "3985cac2-7f23-4d27-b826-0edfb0544b58",
"connections": {
"Webhook": {
"main": [
[
{
"node": "3dac410e-1e37-463d-9aba-bc6abf3889f7",
"type": "main",
"index": 0
}
]
]
},
"a5dea875-6adf-4d18-aeb9-5fe31a0ebfae": {
"main": [
[
{
"node": "465ec3b0-dd16-482e-b4b6-f8ed91fbb11b",
"type": "main",
"index": 0
}
]
]
},
"3dac410e-1e37-463d-9aba-bc6abf3889f7": {
"main": [
[
{
"node": "a5dea875-6adf-4d18-aeb9-5fe31a0ebfae",
"type": "main",
"index": 0
}
]
]
},
"465ec3b0-dd16-482e-b4b6-f8ed91fbb11b": {
"main": [
[
{
"node": "636425b9-a11f-4891-aa00-2f3c42956c01",
"type": "main",
"index": 0
}
],
[
{
"node": "375ac47e-7975-45cb-b7c1-cef1c7fca701",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Intermedio - Operaciones de seguridad
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
Convertidor de CSV a JSON (manejo de errores y notificaciones en Slack)
Convertidor de CSV a JSON con manejo de errores y notificaciones de Slack
If
Set
Code
+
If
Set
Code
18 Nodosn8n Team
Ingeniería
Generador de imágenes de IA a partir de texto basado en fal.ai
Generador de imágenes de IA a partir de texto basado en la plataforma fal.ai
If
Wait
Webhook
+
If
Wait
Webhook
12 Nodosn8n Team
Analizar y clasificar contenido de sospechosos de correos electrónicos con ChatGPT
Usar ChatGPT para analizar y clasificar contenido de correos sospechosos
If
Set
Code
+
If
Set
Code
25 NodosAngel Menendez
Inteligencia Artificial
Analizar encabezados de Gmail para detectar reputación de IP y suplantación de identidad
Analizar encabezados de Gmail para detectar reputación de IP y phishing
If
Set
Code
+
If
Set
Code
40 NodosAngel Menendez
Operaciones de seguridad
Analizar encabezados de Outlook para detectar reputación de IP y suplantación de identidad
Analizar encabezados de Outlook para detectar reputación de IP y phishing
If
Set
Code
+
If
Set
Code
41 NodosAngel Menendez
Operaciones de seguridad
Flujo de trabajo del cliente OIDC
Verificar la identidad del usuario en flujos de trabajo con OpenID Connect
If
Set
Code
+
If
Set
Code
15 Nodosplease-open.it
Bloques de construcción
Información del flujo de trabajo
Nivel de dificultad
Intermedio
Número de nodos11
Categoría1
Tipos de nodos5
Descripción de la dificultad
Autor
n8n Team
@n8n-teamMeet the official n8n team. We specialize in building workflows that transform intricate tasks into seamless operations.
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo