Classification automatique des alertes de sécurité : NixGuard AI et routage vers Slack ou Jira
Avancé
Ceci est unSecOps, AI Summarizationworkflow d'automatisation du domainecontenant 19 nœuds.Utilise principalement des nœuds comme If, Set, Code, Slack, Switch. Automatiser la classification des alertes de sécurité : NixGuard AI et acheminement vers Slack ou Jira
Prérequis
- •Token Bot Slack ou URL Webhook
Nœuds utilisés (19)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "40fb885c-9077-447c-a236-2262ff465d29",
"name": "Exécution Quotidienne à 8h",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
740,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"name": "Analyser le Tableau d'Alertes",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"name": "Définir l'Invite pour le Résumé",
"type": "n8n-nodes-base.set",
"position": [
1380,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "=Act as a senior security analyst reporting to a non-technical executive. Analyze the following JSON array of all high-severity security alerts from the last 24 hours.\n\nYour response MUST be a single, valid JSON object and nothing else. Do not include any text before or after the JSON, and do not wrap it in Markdown code fences (```json).\n\nYour output must strictly adhere to the following structure:\n{\n \"ai_priority\": \"<'Critical' | 'High' | 'Medium' | 'Low'>\",\n \"ai_summary\": \"<A single sentence summarizing the day's overall security risk.>\",\n \"total_critical_alerts\": <Total number of alerts with 'critical' severity>,\n \"key_observations\": [\n \"<Bulleted summary of the most significant activities or threat patterns, focused on business impact.>\",\n \"<Another bulleted summary point.>\",\n \"<And another, if necessary.>\"\n ],\n \"recommendation\": \"<A single, clear, actionable recommendation.>\"\n}\n\nHere is the raw alert data:\n{{ JSON.stringify($json) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"name": "Définir la Clé API & l'Invite Initiale",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"name": "Exécuter : Obtenir les Événements Quotidiens comme JSON (Obtenir des Informations de Sécurité en Temps Réel avec NixGuard RAG et l'Intégration Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"name": "Si",
"type": "n8n-nodes-base.if",
"position": [
980,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "f066f0e6-fa5d-4ab6-9d0c-0b6b5f9bb269",
"name": "Vue d'Ensemble du Workflow",
"type": "n8n-nodes-base.stickyNote",
"position": [
720,
1060
],
"parameters": {
"color": 7,
"width": 520,
"height": 260,
"content": "## 💡 Workflow Overview\n\nThis workflow acts as an automated SOC analyst. It receives security alerts from & uses **NixGuard's AI** to analyze and prioritize them, and then routes them to the correct **Slack** channel based on the AI-assigned priority.\n\n**Use Case:** Eliminate alert fatigue by automatically distinguishing between critical threats that need immediate attention and informational logs that can be reviewed later."
},
"typeVersion": 1
},
{
"id": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"name": "Extraire la Priorité IA et le Résumé",
"type": "n8n-nodes-base.set",
"position": [
1160,
2040
],
"parameters": {
"values": {
"string": [
{
"name": "ai_priority",
"value": "={{ $json.ai_priority }}"
},
{
"name": "ai_summary",
"value": "={{ $json.ai_summary }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"name": "Exécuter : Générer le Message Slack (Obtenir des Informations de Sécurité en Temps Réel avec NixGuard RAG et l'Intégration Wazuh)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
760,
2040
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "93849a07-6c84-4abc-b5f3-0025e0625187",
"name": "Modifier les Champs",
"type": "n8n-nodes-base.set",
"position": [
1200,
1600
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "7e0725fd-e9b4-4564-808a-708f6e8ecafa",
"name": "output",
"type": "array",
"value": "={{ $json.alerts }}"
}
]
},
"includeOtherFields": "={{ false }}"
},
"typeVersion": 3.4
},
{
"id": "4a49a959-6a27-410b-9a66-798480eb3612",
"name": "Analyser et Diviser les Alertes",
"type": "n8n-nodes-base.code",
"position": [
760,
1840
],
"parameters": {
"jsCode": "try {\n const alerts = $input.first().json.output;\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Return a separate item for each alert.\n // The .map() function transforms the array of alert objects\n // into an array of n8n items, which splits the execution.\n return alerts.map(alert => ({ json: alert }));\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly stop this branch of the workflow.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"name": "Agréger",
"type": "n8n-nodes-base.aggregate",
"position": [
1200,
1820
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData",
"destinationFieldName": "output"
},
"typeVersion": 1
},
{
"id": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"name": "Filtrer les Alertes Importantes (Niveau > 7)",
"type": "n8n-nodes-base.if",
"position": [
960,
1840
],
"parameters": {
"conditions": {
"number": [
{
"value1": "={{ $json.level }}",
"value2": 7,
"operation": "largerEqual"
}
]
}
},
"typeVersion": 1
},
{
"id": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"name": "Publier l'Alerte CRITIQUE vers Slack",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
1800
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"name": "Publier l'Alerte ÉLEVÉE vers Slack",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2040
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"name": "Publier l'Alerte INFO vers Slack",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2260
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"name": "Analyser la Réponse IA JSON",
"type": "n8n-nodes-base.code",
"position": [
960,
2040
],
"parameters": {
"jsCode": "// Get the AI response. Your previous node used a complex path,\n// we assume the final AI string is here. Adjust if needed.\n// For example, it might be in $input.first().json.output or similar.\nconst rawOutput = $input.first().json.output;\n\nconst jsonString = rawOutput;\n\ntry {\n // Parse the cleaned JSON string\n const parsedResponse = JSON.parse(jsonString);\n // Add the parsed fields to the n8n item.\n // This merges the new data with any existing data from the input.\n return [{ \n json: {\n ...$input.first().json,\n ...parsedResponse \n }\n }];\n\n} catch (e) {\n console.error(\"Failed to parse AI JSON response:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n // Return an empty item to indicate failure and stop the flow if desired.\n return [];\n}\n"
},
"typeVersion": 2
},
{
"id": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"name": "Commutateur",
"type": "n8n-nodes-base.switch",
"position": [
1380,
2020
],
"parameters": {
"rules": {
"values": [
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Critical"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1be5b449-70dd-4bfe-91da-9ce25b523a74",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "High"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1dd6239e-c965-4e06-85d9-4a8ad9f06287",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Info"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "c019ac34-3196-49f1-8bdb-d399ff989103",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Low"
}
]
}
}
]
},
"options": {}
},
"typeVersion": 3.2
},
{
"id": "5190c963-d8b8-446d-ace5-403d93b91432",
"name": "Guide de Configuration 1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1300,
880
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"40caac74-9e6c-4387-bc52-3bbe31e98481": {
"main": [
[
{
"node": "93849a07-6c84-4abc-b5f3-0025e0625187",
"type": "main",
"index": 0
}
]
]
},
"17359ba5-d1b1-42a6-bdfd-ab93be0fe857": {
"main": [
[
{
"node": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"type": "main",
"index": 0
}
],
[
{
"node": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"type": "main",
"index": 0
}
],
[
{
"node": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"type": "main",
"index": 0
}
],
[]
]
},
"c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b": {
"main": [
[
{
"node": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"type": "main",
"index": 0
}
]
]
},
"93849a07-6c84-4abc-b5f3-0025e0625187": {
"main": [
[
{
"node": "4a49a959-6a27-410b-9a66-798480eb3612",
"type": "main",
"index": 0
}
]
]
},
"e5f01889-2ae6-4563-8f34-836f1556e1f0": {
"main": [
[
{
"node": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"type": "main",
"index": 0
}
]
]
},
"40fb885c-9077-447c-a236-2262ff465d29": {
"main": [
[
{
"node": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"type": "main",
"index": 0
}
]
]
},
"4a49a959-6a27-410b-9a66-798480eb3612": {
"main": [
[
{
"node": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"type": "main",
"index": 0
}
]
]
},
"f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e": {
"main": [
[
{
"node": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"type": "main",
"index": 0
}
]
]
},
"6a3c2d13-ea2c-4a21-8063-cee59b220746": {
"main": [
[
{
"node": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"type": "main",
"index": 0
}
]
]
},
"d27114b8-536c-4937-8af0-b6a4e0d20d9f": {
"main": [
[
{
"node": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"type": "main",
"index": 0
}
]
]
},
"c8cac8b0-dac8-42ed-bb38-9daba321de8e": {
"main": [
[
{
"node": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"type": "main",
"index": 0
}
]
]
},
"079081a2-6e54-44cc-aee9-a00a34f545ef": {
"main": [
[
{
"node": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"type": "main",
"index": 0
}
]
]
},
"d047a378-b41a-4652-83e8-85ed0e87a2d9": {
"main": [
[
{
"node": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"type": "main",
"index": 0
}
]
]
},
"0adc2f21-8480-4749-9f0c-ef05b46b8b29": {
"main": [
[
{
"node": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Avancé - Opérations de sécurité, Résumé IA
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
Créer une briefing sécurité pour les cadres supérieurs avec NixGuard AI et les alertes Wazuh
Créer un bulletin de sécurité pour la direction avec NixGuard AI et les alertes Wazuh
If
Set
Code
+
If
Set
Code
13 NœudsJonathan | NEX
Opérations de sécurité
Analyse automatisée d'IP gratuite
Automatisation de l'analyse IP gratuite : résumé NixGuard AI et intégration Wazuh
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NœudsJonathan | NEX
Opérations de sécurité
Analyse automatisée de l'hameçonnage et des menaces via URL
Analyse automatisée des URL de phishing et des menaces avec NixGuard AI
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NœudsJonathan | NEX
Opérations de sécurité
Rapport d'équipe hebdomadaire automatisé pour les groupes WhatsApp avec résumé par Gemini AI
Rapport hebdomadaire automatisé d'équipe pour les groupes WhatsApp avec un résumé Gemini AI
If
Set
Code
+
If
Set
Code
47 NœudsJamot
Gestion de projet
基于AIde会议研究与每日议程(Google日历、Attio CRMetSlack)
基于AIde会议研究与每日议程:utilisationGoogle日历、Attio CRMetSlack
If
Set
Code
+
If
Set
Code
30 NœudsHarry Siggins
Résumé IA
Préparation automatisée de réunion
Préparation automatique de réunions du calendrier vers Slack via Attio CRM avec GPT-5 et Gemini Research
If
Set
Code
+
If
Set
Code
39 NœudsHarry Siggins
Résumé IA
Informations sur le workflow
Niveau de difficulté
Avancé
Nombre de nœuds19
Catégorie2
Types de nœuds9
Description de la difficulté
Auteur
Liens externes
Voir sur n8n.io →
Partager ce workflow