Crear un informe de seguridad para ejecutivos usando NixGuard AI y alertas de Wazuh
Intermedio
Este es unSecOps, AI Summarizationflujo de automatización del dominio deautomatización que contiene 13 nodos.Utiliza principalmente nodos como If, Set, Code, EmailSend, ExecuteWorkflow. Usar NixGuard AI y alertas de Wazuh para crear informes de seguridad para ejecutivos
Requisitos previos
- •No hay requisitos previos especiales, puede importar y usarlo directamente
Nodos utilizados (13)
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29",
"name": "Ejecutar diariamente a las 8 AM",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
760,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "8af0ca21-63aa-43a0-8755-85b006590435",
"name": "Analizar matriz de alertas",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "7d51a628-b285-4699-9068-9bed2ceea231",
"name": "Establecer prompt para resumen",
"type": "n8n-nodes-base.set",
"position": [
1460,
1600
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "Act as a senior security analyst reporting to a non-technical executive. The following is a JSON array of all high-severity security alerts from the last 24 hours.\n\nYour tasks are:\n1. Start with a single sentence summarizing the day's overall security risk (e.g., 'The security posture today is stable with minor configurable issues detected.').\n2. State the total number of critical alerts found.\n3. In 3-4 clear bullet points using Markdown, summarize the most significant activities or threat patterns observed. Focus on business impact, not technical jargon.\n4. Conclude with a single, clear recommendation (e.g., 'No immediate action required' or 'Recommend prioritizing patches for web servers.').\n\nHere is the raw alert data:\n{{ JSON.stringify($json.alerts) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"name": "Establecer clave API y prompt inicial",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "edca6750-8948-4de8-89f2-290163db7480",
"name": "Establecer informe final",
"type": "n8n-nodes-base.set",
"position": [
1460,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "executive_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"name": "Ejecutar: Obtener eventos diarios como JSON (Obtener información de seguridad en tiempo real con NixGuard RAG e integración de Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"name": "Ejecutar: Generar resumen ejecutivo (Obtener información de seguridad en tiempo real con NixGuard RAG e integración de Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1680,
1600
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"name": "Si",
"type": "n8n-nodes-base.if",
"position": [
1040,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"name": "Enviar correo electrónico",
"type": "n8n-nodes-base.emailSend",
"position": [
1880,
1820
],
"parameters": {
"html": "={{ $json.html_summary }}",
"options": {},
"subject": "Daily AI Cyber Security Briefing"
},
"typeVersion": 2.1
},
{
"id": "4e771aef-10d4-4be8-8432-23bbf852f58f",
"name": "Descripción general del flujo de trabajo 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1380,
1020
],
"parameters": {
"color": 7,
"width": 540,
"height": 340,
"content": "## 💡 Workflow Overview: Daily AI Security Briefing\n\nThis workflow automates the creation of a daily security report for non-technical executives. It uses a two-stage AI process with the **NixGuard Security Connector** workflow.\n\n1. **Stage 1 - Data Retrieval:** It calls the connector to fetch all recent security alerts, requesting the output as a structured JSON array.\n2. **Stage 2 - Summarization:** If alerts were found, it calls the connector *again*, feeding it the raw alert data and prompting it to generate a high-level, business-friendly summary.\n\nThe final report is then delivered via email."
},
"typeVersion": 1
},
{
"id": "47bb91e9-48e8-437d-a736-0f98ffcd923e",
"name": "Guía de configuración 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
940,
920
],
"parameters": {
"color": 7,
"width": 400,
"height": 420,
"content": "## ⚙️ 4-Step Setup Guide\n\n1. **Import Child Workflow:** Make sure you also have the `Get Real-Time Security Insights with NixGuard...` workflow in your n8n instance and that it is **activated**.\n\n2. **Set Your API Key:** In the **'Set API Key & Initial Prompt'** node, replace the placeholder with your valid NixGuard API key.\n\n3. **Check Workflow ID:** This workflow calls the child workflow by its ID (`I0nUORqYTwDFZa51`). If your ID is different, you must update it in both **Execute Workflow** nodes.\n\n4. **Configure Email:** Add your email credentials to the two **Send Email** nodes and update the recipient addresses in the `To` field."
},
"typeVersion": 1
},
{
"id": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"name": "Convertir Markdown a HTML",
"type": "n8n-nodes-base.code",
"position": [
1660,
1820
],
"parameters": {
"jsCode": "/**\n * WARNING: This is a simplified, lightweight Markdown to HTML converter.\n * It does NOT use a dedicated library and will only handle a limited subset of Markdown:\n * - Headings (h1, h2, h3)\n * - Bold text (**text**)\n * - Unordered list items (* item)\n * - Paragraphs (double newlines)\n * It will FAIL on complex cases like nested lists, tables, or code blocks.\n * For robust conversion, using the 'marked' library is strongly recommended.\n */\n\nfunction simpleMarkdownToHtml(markdown) {\n let html = markdown\n // Escape HTML to prevent injection from the input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>');\n\n // Block Elements (order matters)\n html = html\n .replace(/^### (.*$)/gim, '<h3>$1</h3>')\n .replace(/^## (.*$)/gim, '<h2>$1</h2>')\n .replace(/^# (.*$)/gim, '<h1>$1</h1>')\n .replace(/^\\* (.*$)/gim, '<li>$1</li>');\n\n // Inline Elements\n html = html\n .replace(/\\*\\*(.*?)\\*\\*/g, '<strong>$1</strong>')\n .replace(/__(.*?)__/g, '<strong>$1</strong>') // Alternative bold\n .replace(/\\*(.*?)\\*/g, '<em>$1</em>')\n .replace(/_(.*?)_/g, '<em>$1</em>'); // Alternative italics\n\n // Paragraphs and Line Breaks\n // Wrap list items in <ul>\n html = html.replace(/<li>(.|\\n)*?<li>/g, '<ul>$&');\n html = html.replace(/(<\\/li>)(?!.*<li>)/g, '$1</ul>');\n // Convert remaining newlines to <br> or wrap in <p>\n html = html.replace(/\\n/g, '<br>');\n\n return html;\n}\n\nconst markdownSummary = $input.first().json.executive_summary;\nconst htmlSummary = simpleMarkdownToHtml(markdownSummary);\n\n$input.first().json.html_summary = htmlSummary;\n\nreturn $input.all();\n"
},
"typeVersion": 2
},
{
"id": "a20f8e25-d1f8-47fb-8378-3b4479882ffc",
"name": "Guía de configuración",
"type": "n8n-nodes-base.stickyNote",
"position": [
500,
900
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"1e7172f8-c728-4640-8633-f141fd1b94c4": {
"main": [
[
{
"node": "7d51a628-b285-4699-9068-9bed2ceea231",
"type": "main",
"index": 0
}
]
]
},
"8af0ca21-63aa-43a0-8755-85b006590435": {
"main": [
[
{
"node": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"type": "main",
"index": 0
}
]
]
},
"ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29": {
"main": [
[
{
"node": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"type": "main",
"index": 0
}
]
]
},
"edca6750-8948-4de8-89f2-290163db7480": {
"main": [
[
{
"node": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"type": "main",
"index": 0
}
]
]
},
"7d51a628-b285-4699-9068-9bed2ceea231": {
"main": [
[
{
"node": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"type": "main",
"index": 0
}
]
]
},
"fab467cd-7e63-4606-9da4-a677dd7082b3": {
"main": [
[
{
"node": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"type": "main",
"index": 0
}
]
]
},
"26212ca9-51c1-49d4-9705-df7a74ba1b08": {
"main": [
[
{
"node": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"type": "main",
"index": 0
}
]
]
},
"d6cba9cd-fab4-4920-98f8-460b7002c94a": {
"main": [
[
{
"node": "8af0ca21-63aa-43a0-8755-85b006590435",
"type": "main",
"index": 0
}
]
]
},
"c5bab77f-f161-494a-adb1-de1dd53bd5c7": {
"main": [
[
{
"node": "edca6750-8948-4de8-89f2-290163db7480",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Intermedio - Operaciones de seguridad, Resumen de IA
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
Clasificación automática de alertas de seguridad: NixGuard AI y enrutar a Slack o Jira
Automatización de la clasificación de alertas de seguridad: NixGuard IA y enrutamiento a Slack o Jira
If
Set
Code
+
If
Set
Code
19 NodosJonathan | NEX
Operaciones de seguridad
Copia de CyberScan Github
Escáner de vulnerabilidades basado en AI, con Nessus, clasificación de riesgos y informes de Google Sheets
If
Set
Code
+
If
Set
Code
39 NodosAdnan Tariq
Operaciones de seguridad
Análisis automatizado de IP gratuita
Análisis automático de IP gratuita: Resumen de NixGuard AI e integración con Wazuh
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodosJonathan | NEX
Operaciones de seguridad
Análisis automático de phishing y amenazas desde URL
Análisis automatizado de URL de phishing y amenazas con NixGuard AI
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodosJonathan | NEX
Operaciones de seguridad
CYBERPULSEBlueOps_ Módulo 1 Copia de cliente 1
Ingesta automática de fuentes de datos CVE e IOC, con evaluación de riesgos de OpenAI y alertas por correo
If
Code
Merge
+
If
Code
Merge
21 NodosAdnan Tariq
Operaciones de seguridad
Informe semanal automatizado del equipo de grupos de WhatsApp con resumen de Gemini AI
Informe semanal automatizado del equipo en grupos de WhatsApp con resumen de Gemini AI
If
Set
Code
+
If
Set
Code
47 NodosJamot
Gestión de proyectos
Información del flujo de trabajo
Nivel de dificultad
Intermedio
Número de nodos13
Categoría2
Tipos de nodos7
Descripción de la dificultad
Autor
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo