Créer une briefing sécurité pour les cadres supérieurs avec NixGuard AI et les alertes Wazuh
Intermédiaire
Ceci est unSecOps, AI Summarizationworkflow d'automatisation du domainecontenant 13 nœuds.Utilise principalement des nœuds comme If, Set, Code, EmailSend, ExecuteWorkflow. Créer un bulletin de sécurité pour la direction avec NixGuard AI et les alertes Wazuh
Prérequis
- •Aucun prérequis spécial, prêt à l'emploi après importation
Nœuds utilisés (13)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29",
"name": "Exécution quotidienne à 8h",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
760,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "8af0ca21-63aa-43a0-8755-85b006590435",
"name": "Analyse du tableau d'alertes",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "7d51a628-b285-4699-9068-9bed2ceea231",
"name": "Définition de l'invite pour le résumé",
"type": "n8n-nodes-base.set",
"position": [
1460,
1600
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "Act as a senior security analyst reporting to a non-technical executive. The following is a JSON array of all high-severity security alerts from the last 24 hours.\n\nYour tasks are:\n1. Start with a single sentence summarizing the day's overall security risk (e.g., 'The security posture today is stable with minor configurable issues detected.').\n2. State the total number of critical alerts found.\n3. In 3-4 clear bullet points using Markdown, summarize the most significant activities or threat patterns observed. Focus on business impact, not technical jargon.\n4. Conclude with a single, clear recommendation (e.g., 'No immediate action required' or 'Recommend prioritizing patches for web servers.').\n\nHere is the raw alert data:\n{{ JSON.stringify($json.alerts) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"name": "Définition de la clé API & invite initiale",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "edca6750-8948-4de8-89f2-290163db7480",
"name": "Définition du briefing final",
"type": "n8n-nodes-base.set",
"position": [
1460,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "executive_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"name": "Exécuter : Obtenir les événements quotidiens comme JSON (Obtenir des insights de sécurité en temps réel avec l'intégration NixGuard RAG et Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"name": "Exécuter : Générer un résumé pour les dirigeants (Obtenir des insights de sécurité en temps réel avec l'intégration NixGuard RAG et Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1680,
1600
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"name": "Si",
"type": "n8n-nodes-base.if",
"position": [
1040,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"name": "Envoyer un email",
"type": "n8n-nodes-base.emailSend",
"position": [
1880,
1820
],
"parameters": {
"html": "={{ $json.html_summary }}",
"options": {},
"subject": "Daily AI Cyber Security Briefing"
},
"typeVersion": 2.1
},
{
"id": "4e771aef-10d4-4be8-8432-23bbf852f58f",
"name": "Aperçu du workflow1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1380,
1020
],
"parameters": {
"color": 7,
"width": 540,
"height": 340,
"content": "## 💡 Workflow Overview: Daily AI Security Briefing\n\nThis workflow automates the creation of a daily security report for non-technical executives. It uses a two-stage AI process with the **NixGuard Security Connector** workflow.\n\n1. **Stage 1 - Data Retrieval:** It calls the connector to fetch all recent security alerts, requesting the output as a structured JSON array.\n2. **Stage 2 - Summarization:** If alerts were found, it calls the connector *again*, feeding it the raw alert data and prompting it to generate a high-level, business-friendly summary.\n\nThe final report is then delivered via email."
},
"typeVersion": 1
},
{
"id": "47bb91e9-48e8-437d-a736-0f98ffcd923e",
"name": "Guide d'installation1",
"type": "n8n-nodes-base.stickyNote",
"position": [
940,
920
],
"parameters": {
"color": 7,
"width": 400,
"height": 420,
"content": "## ⚙️ 4-Step Setup Guide\n\n1. **Import Child Workflow:** Make sure you also have the `Get Real-Time Security Insights with NixGuard...` workflow in your n8n instance and that it is **activated**.\n\n2. **Set Your API Key:** In the **'Set API Key & Initial Prompt'** node, replace the placeholder with your valid NixGuard API key.\n\n3. **Check Workflow ID:** This workflow calls the child workflow by its ID (`I0nUORqYTwDFZa51`). If your ID is different, you must update it in both **Execute Workflow** nodes.\n\n4. **Configure Email:** Add your email credentials to the two **Send Email** nodes and update the recipient addresses in the `To` field."
},
"typeVersion": 1
},
{
"id": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"name": "Convertir Markdown en HTML",
"type": "n8n-nodes-base.code",
"position": [
1660,
1820
],
"parameters": {
"jsCode": "/**\n * WARNING: This is a simplified, lightweight Markdown to HTML converter.\n * It does NOT use a dedicated library and will only handle a limited subset of Markdown:\n * - Headings (h1, h2, h3)\n * - Bold text (**text**)\n * - Unordered list items (* item)\n * - Paragraphs (double newlines)\n * It will FAIL on complex cases like nested lists, tables, or code blocks.\n * For robust conversion, using the 'marked' library is strongly recommended.\n */\n\nfunction simpleMarkdownToHtml(markdown) {\n let html = markdown\n // Escape HTML to prevent injection from the input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>');\n\n // Block Elements (order matters)\n html = html\n .replace(/^### (.*$)/gim, '<h3>$1</h3>')\n .replace(/^## (.*$)/gim, '<h2>$1</h2>')\n .replace(/^# (.*$)/gim, '<h1>$1</h1>')\n .replace(/^\\* (.*$)/gim, '<li>$1</li>');\n\n // Inline Elements\n html = html\n .replace(/\\*\\*(.*?)\\*\\*/g, '<strong>$1</strong>')\n .replace(/__(.*?)__/g, '<strong>$1</strong>') // Alternative bold\n .replace(/\\*(.*?)\\*/g, '<em>$1</em>')\n .replace(/_(.*?)_/g, '<em>$1</em>'); // Alternative italics\n\n // Paragraphs and Line Breaks\n // Wrap list items in <ul>\n html = html.replace(/<li>(.|\\n)*?<li>/g, '<ul>$&');\n html = html.replace(/(<\\/li>)(?!.*<li>)/g, '$1</ul>');\n // Convert remaining newlines to <br> or wrap in <p>\n html = html.replace(/\\n/g, '<br>');\n\n return html;\n}\n\nconst markdownSummary = $input.first().json.executive_summary;\nconst htmlSummary = simpleMarkdownToHtml(markdownSummary);\n\n$input.first().json.html_summary = htmlSummary;\n\nreturn $input.all();\n"
},
"typeVersion": 2
},
{
"id": "a20f8e25-d1f8-47fb-8378-3b4479882ffc",
"name": "Guide d'installation",
"type": "n8n-nodes-base.stickyNote",
"position": [
500,
900
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"1e7172f8-c728-4640-8633-f141fd1b94c4": {
"main": [
[
{
"node": "7d51a628-b285-4699-9068-9bed2ceea231",
"type": "main",
"index": 0
}
]
]
},
"8af0ca21-63aa-43a0-8755-85b006590435": {
"main": [
[
{
"node": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"type": "main",
"index": 0
}
]
]
},
"ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29": {
"main": [
[
{
"node": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"type": "main",
"index": 0
}
]
]
},
"edca6750-8948-4de8-89f2-290163db7480": {
"main": [
[
{
"node": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"type": "main",
"index": 0
}
]
]
},
"7d51a628-b285-4699-9068-9bed2ceea231": {
"main": [
[
{
"node": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"type": "main",
"index": 0
}
]
]
},
"fab467cd-7e63-4606-9da4-a677dd7082b3": {
"main": [
[
{
"node": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"type": "main",
"index": 0
}
]
]
},
"26212ca9-51c1-49d4-9705-df7a74ba1b08": {
"main": [
[
{
"node": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"type": "main",
"index": 0
}
]
]
},
"d6cba9cd-fab4-4920-98f8-460b7002c94a": {
"main": [
[
{
"node": "8af0ca21-63aa-43a0-8755-85b006590435",
"type": "main",
"index": 0
}
]
]
},
"c5bab77f-f161-494a-adb1-de1dd53bd5c7": {
"main": [
[
{
"node": "edca6750-8948-4de8-89f2-290163db7480",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Intermédiaire - Opérations de sécurité, Résumé IA
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
Classification automatique des alertes de sécurité : NixGuard AI et routage vers Slack ou Jira
Automatiser la classification des alertes de sécurité : NixGuard AI et acheminement vers Slack ou Jira
If
Set
Code
+
If
Set
Code
19 NœudsJonathan | NEX
Opérations de sécurité
Copie Github de CyberScan
Scanner de vulnérabilités par IA basé sur Nessus, classification des risques et rapports Google Sheets
If
Set
Code
+
If
Set
Code
39 NœudsAdnan Tariq
Opérations de sécurité
Analyse automatisée d'IP gratuite
Automatisation de l'analyse IP gratuite : résumé NixGuard AI et intégration Wazuh
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NœudsJonathan | NEX
Opérations de sécurité
Analyse automatisée de l'hameçonnage et des menaces via URL
Analyse automatisée des URL de phishing et des menaces avec NixGuard AI
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NœudsJonathan | NEX
Opérations de sécurité
CYBERPULSEBlueOps_ Module 1 Copie client 1
Ingestion automatisée des sources de données CVE et IOC, avec évaluation des risques par OpenAI et alertes par e-mail
If
Code
Merge
+
If
Code
Merge
21 NœudsAdnan Tariq
Opérations de sécurité
Rapport d'équipe hebdomadaire automatisé pour les groupes WhatsApp avec résumé par Gemini AI
Rapport hebdomadaire automatisé d'équipe pour les groupes WhatsApp avec un résumé Gemini AI
If
Set
Code
+
If
Set
Code
47 NœudsJamot
Gestion de projet
Informations sur le workflow
Niveau de difficulté
Intermédiaire
Nombre de nœuds13
Catégorie2
Types de nœuds7
Description de la difficulté
Auteur
Liens externes
Voir sur n8n.io →
Partager ce workflow