CYBERPULSEBlueOps_ Módulo 1 Copia de cliente 1
Avanzado
Este es unSecOps, AI Summarizationflujo de automatización del dominio deautomatización que contiene 21 nodos.Utiliza principalmente nodos como If, Code, Merge, Switch, SplitOut. Ingesta automática de fuentes de datos CVE e IOC, con evaluación de riesgos de OpenAI y alertas por correo
Requisitos previos
- •Pueden requerirse credenciales de autenticación para la API de destino
- •Credenciales de API de Google Sheets
Nodos utilizados (21)
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"id": "FOKoHtdHL2JKFwpH",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CYBERPULSEBlueOps_Module1 client copy1",
"tags": [
{
"id": "0obxZlT9bSaIMBpV",
"name": "Threat Intake",
"createdAt": "2025-05-23T06:15:09.978Z",
"updatedAt": "2025-05-23T06:15:09.978Z"
},
{
"id": "2rUQt7xpJikyzCUP",
"name": "(ACSC E8 + ISM-Aligned)",
"createdAt": "2025-06-04T06:23:02.488Z",
"updatedAt": "2025-06-04T06:23:02.488Z"
}
],
"nodes": [
{
"id": "b9325536-f714-437d-8dc3-2dfbfd6d58a7",
"name": "⏰ Cron – Activador Diario",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-220,
-560
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"name": "🌐 Obtener Fuente CVE",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-640
],
"parameters": {
"url": "https://gist.githubusercontent.com/gitadta/bdcb18b2450c5561a4b69ae9327383a8/raw/d9637907229a0a7e2bd6f5a5b6b2f04e6248aac1/cve-2023-26479.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"name": "🛡️ Obtener Fuente IOC",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-480
],
"parameters": {
"url": "=https://gist.githubusercontent.com/gitadta/fddb9eb942cd3494c2e187117976d430/raw/1873c10c1a375c94b8afe3eed2772045c0a66568/ioc-feed.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "080ac947-b10c-4492-8f55-79e27b9982c0",
"name": "🧠 Fusionar Datos de Amenazas",
"type": "n8n-nodes-base.merge",
"position": [
220,
-560
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"name": "🧠 Combinar Datos de Amenazas",
"type": "n8n-nodes-base.code",
"position": [
220,
-360
],
"parameters": {
"jsCode": "const cve = items[0].json;\nconst iocs = items[1].json.iocs || [];\n\nreturn [\n {\n json: {\n cve,\n iocs\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "68ccba75-0a92-4cd1-8306-24daafe59333",
"name": "🧠 AI – Evaluación de Riesgos",
"type": "n8n-nodes-base.code",
"position": [
220,
-180
],
"parameters": {
"jsCode": "const data = $input.all();\nreturn data.map((item, i) => {\n const baseScore = item.json.cve?.impact?.baseMetricV3?.cvssV3?.baseScore || 0;\n const aiRisk = [6.5, 9.1][i] || 5;\n const path = [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3];\n const lev = [0.93, 0.72][i] || 0.45;\n\n return {\n json: {\n ...item.json,\n aiRisk,\n path,\n lev\n }\n };\n});"
},
"typeVersion": 2
},
{
"id": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"name": "🧠 AI – Clasificar Vulnerabilidades",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 2
},
{
"id": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"name": "🚨 ALERTA – Activador LEV",
"type": "n8n-nodes-base.if",
"position": [
220,
200
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "f170e1cc-2692-4fcc-8def-6b1e5f01af84",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "=true"
}
]
},
"looseTypeValidation": true
},
"typeVersion": 2.2
},
{
"id": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"name": "📧 Enviar Correo de Alerta",
"type": "n8n-nodes-base.emailSend",
"position": [
420,
140
],
"webhookId": "48963cc6-c85f-4946-92bd-2c91a1a255ef",
"parameters": {
"html": "=<h2>🚨 Critical Alert</h2>\n<p>The following high-risk CVEs were identified:</p>\n<pre>{{ JSON.stringify($json.expert, null, 2) }}</pre>\n",
"options": {},
"subject": "🚨 CyberPulse Alert – Critical Vulnerabilities Detected",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
300
],
"parameters": {
"columns": {
"value": {
"IOCs": "={{ JSON.stringify($(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].iocs) }}",
"Score": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseScore }}",
"CVE_ID": "={{ $(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].cve.cve.CVE_data_meta.ID }}",
"Severity": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}",
"LEV_label": "={{ $json.expert[0].levLabel }}",
"LEV_score": "={{ $json.expert[0].levScore }}",
"timestamp": "={{ new Date().toISOString() }}",
"aiRisk_score": "={{ $json.expert[0].aiRisk }}",
"compliance_tags": "\"{{ 'ISM-0412, E8-6' }}\"",
"response_action": "={{ $json.expert[0].levLabel.toLowerCase() }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "CVE_ID",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "CVE_ID",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Severity",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Severity",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "IOCs",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "IOCs",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "aiRisk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "aiRisk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_label",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_label",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "response_action",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "response_action",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "compliance_tags",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "compliance_tags",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1LeES3AaZG1AZHFd4g2FMgZx790AP_9Qd1OsIE774R-M/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"name": "🧠 AI – Selector de Playbook de Incidentes",
"type": "n8n-nodes-base.code",
"position": [
660,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default response\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook: playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];\n"
},
"typeVersion": 2
},
{
"id": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
840,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default fallback\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"name": "🧭 Enrutador de Respuesta",
"type": "n8n-nodes-base.switch",
"position": [
1020,
-180
],
"parameters": {
"rules": {
"values": [
{
"outputKey": "notify",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "04b84cf7-971d-4f6e-a4c3-4609afd67140",
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "notify"
}
]
},
"renameOutput": true
},
{
"outputKey": "monitor",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "402dbac5-1a9e-4862-a281-7dfd42cf2729",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": " monitor"
}
]
},
"renameOutput": true
},
{
"outputKey": "islolation",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "b0100303-40c4-409e-8f95-b9cab699eedd",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "isolation"
}
]
},
"renameOutput": true
}
]
},
"options": {
"ignoreCase": true
}
},
"typeVersion": 3.2
},
{
"id": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"name": "Enviar Correo de Alerta",
"type": "n8n-nodes-base.emailSend",
"position": [
1340,
-360
],
"webhookId": "decb9f47-14ee-49f7-9317-2d52a39f97bd",
"parameters": {
"html": "=<!DOCTYPE html>\n<html>\n<head>\n <style>\n body {\n font-family: Arial, sans-serif;\n color: #333;\n }\n h2 {\n color: #b30000;\n }\n .section {\n margin-bottom: 20px;\n }\n .section-critical {\n background-color: #ffe5e5;\n padding: 15px;\n border-left: 5px solid #cc0000;\n }\n .section-iocs {\n border: 1px solid #ccc;\n border-radius: 5px;\n padding: 10px;\n }\n .section-high {\n background-color: #fff3e0;\n padding: 15px;\n border-left: 5px solid #ff9800;\n }\n .next-steps {\n background-color: #e8f5e9;\n padding: 15px;\n border-left: 5px solid #4caf50;\n }\n table {\n width: 100%;\n border-collapse: collapse;\n margin-top: 10px;\n }\n th, td {\n padding: 8px;\n border: 1px solid #999;\n text-align: left;\n }\n .comment {\n font-style: italic;\n font-size: 0.95em;\n color: #555;\n margin-top: 10px;\n }\n </style>\n</head>\n<body>\n\n<h2>🚨 Critical Alert – {{ $json.cve.cve.CVE_data_meta.ID }}</h2>\n\n<div class=\"section section-critical\">\n <p><b>📰 Summary:</b> {{ $json.cve.description.description_data[0].value }}</p>\n <p><b>📉 Severity:</b> \n <span style=\"color: \n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'CRITICAL' ? 'red' : \n $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'HIGH' ? 'orange' : \n 'black' }}\">\n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\n </span>\n </p>\n <p><b>📊 CVSS Score:</b> {{ $json.cve.impact.baseMetricV3.cvssV3.baseScore }}</p>\n</div>\n\n<div class=\"section section-iocs\">\n <b>📌 Indicators of Compromise (IOCs)</b>\n <table>\n <tr><th>Type</th><th>Value</th></tr>\n {{ $json.iocs.map(ioc => `<tr><td>${ioc.type}</td><td>${ioc.value}</td></tr>`).join('') }}\n </table>\n</div>\n\n<div class=\"section section-high\">\n <b>🧠 AI Risk Evaluation</b>\n <ul>\n <li><b>aiRisk Score:</b> {{ $json.aiRisk }}</li>\n <li><b>LEV Score:</b> {{ $json.lev }}</li>\n <li><b>LEV Label:</b> {{ $json.levLabel }}</li>\n <li><b>Response Assigned:</b> \n <span style=\"color: darkred;\">{{ $json.response.playbook }}</span>\n </li>\n </ul>\n <div class=\"comment\">\n 💬 Based on AI analysis, this CVE meets critical exploitability thresholds with confirmed indicators in your threat environment. Immediate action is advised.\n </div>\n</div>\n\n<div class=\"section next-steps\">\n <b>✅ Next Steps:</b>\n <ol>\n <li>Isolate affected endpoints immediately</li>\n <li>Apply latest patches for {{ $json.cve.cve.CVE_data_meta.ID }}</li>\n <li>Update threat database and notify internal stakeholders</li>\n </ol>\n</div>\n\n</body>\n</html>\n<p style=\"font-size: 11px; color: #888;\">\n <hr style=\"border: none; border-top: 1px solid #ddd; margin: 24px 0;\">\n\n<p style=\"font-size: 11px; color: #888; line-height: 1.5;\">\n 🔒 Aligned with <strong>ACSC Essential Eight</strong> & <strong>ISM 2024</strong> (Australia), and structured using the <strong>NIST Cybersecurity Framework</strong> and <strong>ISO/IEC 27001</strong> principles.<br>\n Designed for SMEs and security teams worldwide.\n</p>\n\n<p style=\"font-size: 10px; color: #aaa;\">\n This alert was automatically generated by <strong>CYBERPULSEBlueOps</strong> using n8n.\n</p>\n",
"options": {},
"subject": "=🚨 Cyber Alert: {{ $json.response.playbook.toUpperCase() }} Required",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"name": "Registrar en Hoja Google",
"type": "n8n-nodes-base.googleSheets",
"position": [
1340,
-180
],
"parameters": {
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultUrl": "",
"cachedResultName": ""
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"name": "HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"position": [
1340,
0
],
"parameters": {
"url": "https://edr-api.example.com/isolate",
"method": "POST",
"options": {},
"jsonBody": "={\n \"device_ip\": \"{{ $json.iocs[0].value }}\",\n \"cve_id\": \"{{ $json.cve.cve.CVE_data_meta.ID }}\",\n \"severity\": \"{{ $json.cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "Authorization"
},
{
"name": "Content-Type",
"value": "application/json"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"name": "Dividir Salida",
"type": "n8n-nodes-base.splitOut",
"position": [
500,
-180
],
"parameters": {
"include": "allOtherFields",
"options": {},
"fieldToSplitOut": "iocs"
},
"typeVersion": 1
},
{
"id": "da91b5b0-a2ff-4d91-9837-eafdb1aa7ed4",
"name": "Nota Adhesiva",
"type": "n8n-nodes-base.stickyNote",
"position": [
1600,
-380
],
"parameters": {
"color": 7,
"width": 560,
"height": 1160,
"content": "\n🛡️ CYBERPULSEBlueOps – Module 1: Threat Feed Ingestion\n\nVersion: 1.0\nLast Updated: 2025-06-04\nAuthor: Adnan Tariq\nStatus: ✅ Production-Ready\n\n🔍 Purpose\n\nAutomates daily ingestion of CVE and IOC threat feeds, enriches and evaluates risks using AI-based triage, and routes alerts to notification, isolation, or monitoring actions. Structured to align with compliance frameworks and operational defense workflows.\n\n🔗 Data Sources\n\nCVE Feed: GitHub Gist (cve_data)\n\nIOC Feed: GitHub Gist (ioc_data)\n\nIngest frequency: Daily via Cron Trigger\n\n🧠 Key Components\n\nAI – Risk Evaluation for aiRisk scoring\n\nAI – Triage Vulnerabilities for LEV scoring & labels\n\n📘 Response Router assigns notify, monitor, or isolate\n\nLogs exported to Google Sheets with:\n\nCVE_ID, Severity, Score, IOCs\n\naiRisk_score, LEV_score, LEV_label, response_action\n\nCompliance tags: ISM-0412, E8-6\n\n✅ Compliance Alignment\n\n ACSC Essential Eight (Australia)\n\n ISM 2024 Logging Guidelines\n\n NIST Cybersecurity Framework\n\n ISO/IEC 27001 Control Mapping\n\n✉️ Output\n\nHTML emails with risk-based alert summaries\n\nGoogle Sheets row logs\n\n(Optional) HTTP isolation request via EDR API\n\n⚠️ Do not modify node structure without understanding data propagation and rule routing. All logic assumes LEV triage is the decision root."
},
"typeVersion": 1
},
{
"id": "1bae77e9-6f51-4a51-85d6-051ad1198030",
"name": "Nota Adhesiva1",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
-380
],
"parameters": {
"color": 7,
"width": 1080,
"height": 680,
"content": "\n🧠 What is Module 1?\nModule 1 is like a security robot that wakes up every morning, reads danger news from the internet (called CVEs and IOCs), checks how risky it is, and then tells the grown-ups what to do.\n\n🧾 Why are there 2 Google Sheet blocks?\n1️⃣ First Google Sheet:\n➡️ It writes down big dangerous alerts that need attention (like “Critical Virus Found!”).\nThis is like a red alert notebook.\n\n2️⃣ Second Google Sheet:\n➡️ It writes down everything it finds, even small stuff, in a daily logbook.\nThis is the diary of what the robot saw today.\n\n✉️ Why are there 2 Email Alerts?\n1️⃣ First Email:\n📨 Sends a special alert when something very risky happens (like an emergency siren).\nExample: \"This computer might be in big trouble!\"\n\n2️⃣ Second Email:\n📨 Sends a daily summary email with a table.\nExample: “Today I saw: 1 Critical, 1 Medium, 1 Low.”\n\n🌐 Why is there 1 HTTP Request?\n🌍 This is the robot’s panic button.\nIf the robot says, “This is too dangerous,” it can call another robot (like an EDR system) to shut down or isolate the infected computer.\n\nBut this button is optional — like only calling the fire truck when needed.\n\n💡 In Short:\n🧾 Two sheets: one for alerts, one for daily diary\n\n✉️ Two emails: one for emergency, one for daily summary\n\n🌐 One optional panic button: for calling help if danger is too high"
},
"typeVersion": 1
},
{
"id": "0a7a9166-b06d-4a48-9420-70af07392046",
"name": "Nota Adhesiva2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
320
],
"parameters": {
"color": 7,
"width": 580,
"height": 180,
"content": "\n📘 Module 1 Glossary – What Each Term Means\n\n• **aiRisk** – AI-generated risk score (e.g. 6.5) based on CVE severity + behavior \n• **LEV Score** – Local Exploitability score (e.g. 0.93) — how likely it affects *you* \n• **LEV Label** – Text label from LEV score (e.g. `notify`, `monitor`, `isolate`) \n• **response_action** – What the system decided to do (e.g. alert, log, isolate) \n• **IOC** – Indicator of Compromise like a suspicious IP, domain, or file hash \n• **CVE** – Known vulnerability from public sources (e.g. CVE-2023-26479)\n"
},
"typeVersion": 1
},
{
"id": "c3323b86-bb2b-4d62-9dcc-2509a1a6b893",
"name": "Nota Adhesiva3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
520
],
"parameters": {
"color": 7,
"width": 580,
"height": 480,
"content": "\n🛡️ Framework Integration Summary – Module 1\n\nACSC Essential Eight (Australia)\n✔ Implements daily threat monitoring and log collection, aligning with mitigation strategies like patching and application control.\n\nISM 2024 Logging Guidelines (Australia)\n✔ Logs high-risk CVEs, IOCs, and AI-evaluated actions to structured, queryable formats (Google Sheets, Emails).\n✔ Includes severity, timestamps, and response decisions — meets ISM log detail requirements.\n\nNIST Cybersecurity Framework (CSF) (US)\n✔ Aligns with:\n\nIdentify (tracking known CVEs),\n\nDetect (via AI risk analysis),\n\nRespond (action routing via LEV logic).\n\nISO/IEC 27001\n✔ Supports control A.12.4 (Event logging) and A.16 (Incident response) by providing automated alerts, logs, and response recommendations."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "b9d78a57-e42a-4b2a-92d4-30a29f06178a",
"connections": {
"2aa9749e-cf1d-49ee-8a82-b75a6a62d1af": {
"main": [
[
{
"node": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"type": "main",
"index": 0
}
]
]
},
"d5376f73-da94-4a39-9129-7f94c9b6d86c": {
"main": [
[
{
"node": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"type": "main",
"index": 0
}
]
]
},
"4123923e-bbbd-4234-8769-43dcd65cf9c8": {
"main": [
[]
]
},
"c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 0
}
]
]
},
"e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 1
}
]
]
},
"6dd8f1cf-4459-4496-b547-205da0aa2ab7": {
"main": [
[
{
"node": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"type": "main",
"index": 0
}
],
[
{
"node": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"type": "main",
"index": 0
}
],
[
{
"node": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"type": "main",
"index": 0
}
]
]
},
"2341d7f3-4f5e-4bf0-8b96-fb64c4d46344": {
"main": [
[]
]
},
"080ac947-b10c-4492-8f55-79e27b9982c0": {
"main": [
[
{
"node": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"type": "main",
"index": 0
}
]
]
},
"80c5acb7-743a-44d7-8482-a5d429a973bd": {
"main": [
[
{
"node": "68ccba75-0a92-4cd1-8306-24daafe59333",
"type": "main",
"index": 0
}
]
]
},
"b9325536-f714-437d-8dc3-2dfbfd6d58a7": {
"main": [
[
{
"node": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"type": "main",
"index": 0
},
{
"node": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"type": "main",
"index": 0
}
]
]
},
"3cbac00e-3bf1-4f68-99e2-e2027d3d2648": {
"main": [
[
{
"node": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"type": "main",
"index": 0
},
{
"node": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"type": "main",
"index": 0
}
]
]
},
"68ccba75-0a92-4cd1-8306-24daafe59333": {
"main": [
[
{
"node": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"type": "main",
"index": 0
},
{
"node": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"type": "main",
"index": 0
}
]
]
},
"9f74ff1c-57ae-48ae-989d-b27b64895c53": {
"main": [
[
{
"node": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"type": "main",
"index": 0
}
]
]
},
"6be8438a-956d-4ac6-94e5-dc22cebaa178": {
"main": [
[
{
"node": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Avanzado - Operaciones de seguridad, Resumen de IA
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
Copia de CyberScan Github
Escáner de vulnerabilidades basado en AI, con Nessus, clasificación de riesgos y informes de Google Sheets
If
Set
Code
+
If
Set
Code
39 NodosAdnan Tariq
Operaciones de seguridad
Desarrollo de leads y flujos de correo electrónico
Usar Google Maps, SendGrid e IA para automatizar el desarrollo de leads B2B y el marketing por correo electrónico
If
Set
Code
+
If
Set
Code
141 NodosEzema Kingsley Chibuzo
Generación de leads
Evaluación automatizada de controles PCI
Automatizar la evaluación y el seguimiento de controles PCI DSS con Google Sheets
If
Set
Code
+
If
Set
Code
19 NodosAdnan Tariq
Operaciones de seguridad
Análisis inteligente diario de grupos de WhatsApp: Análisis con GPT-4.1 y transcripción de mensajes de voz
Análisis inteligente diario de grupos de WhatsApp: análisis con GPT-4.1 y transcripción de mensajes de voz
If
Set
Code
+
If
Set
Code
52 NodosDaniel Lianes
Varios
M5 - Respondedor automático
Automatización de la respuesta a incidentes de seguridad: Google Sheets, alertas por correo electrónico y aislamiento por EDR
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 NodosAdnan Tariq
Operaciones de seguridad
M4 - Clasificador de eventos
Usar GPT-4 y Google Sheets para clasificar automáticamente eventos de seguridad para el equipo SOC
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 NodosAdnan Tariq
Operaciones de seguridad
Información del flujo de trabajo
Nivel de dificultad
Avanzado
Número de nodos21
Categoría2
Tipos de nodos10
Descripción de la dificultad
Autor
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo