Correction automatique des infections de terminal avec Wazuh, ClamAV et GPT-4
Intermédiaire
Ceci est unSecOps, AI Summarizationworkflow d'automatisation du domainecontenant 9 nœuds.Utilise principalement des nœuds comme If, Ssh, Webhook, Telegram, Agent. Correction automatique des infections de terminal avec Wazuh, ClamAV et GPT-4
Prérequis
- •Point de terminaison HTTP Webhook (généré automatiquement par n8n)
- •Token Bot Telegram
- •Clé API OpenAI
Nœuds utilisés (9)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"meta": {
"instanceId": "04efa85563ff59ae71f7bc1e4ed9a086a69f4130298a28a588ae58f08407702b",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "fb1f79ac-2b5a-4bac-8f49-9d4938ea8c9b",
"name": "Alerte Wazuh",
"type": "n8n-nodes-base.webhook",
"position": [
-640,
-112
],
"webhookId": "de0c6d77-ae71-4d78-9f10-502eaa851ce8",
"parameters": {
"path": "de0c6d77-ae71-4d78-9f10-502eaa851ce8",
"options": {
"rawBody": true
},
"httpMethod": "POST"
},
"typeVersion": 2
},
{
"id": "961ed6cb-a6b7-401f-a2b5-aaadf91ab4f1",
"name": "Aucune Opération, ne rien faire",
"type": "n8n-nodes-base.noOp",
"position": [
-112,
32
],
"parameters": {},
"typeVersion": 1
},
{
"id": "6ed0c622-e956-46da-87bb-82d96548f108",
"name": "OpenAI Modèle de Chat",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
-96,
-144
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4.1-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "Qf3yZKrzzR0LSOXm",
"name": "OpenAi account"
}
},
"typeVersion": 1.2
},
{
"id": "84cfeaa8-db3b-48be-a89d-fd2f9a3d66ec",
"name": "OpenAI Modèle de Chat1",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
304,
-48
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4.1-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "Qf3yZKrzzR0LSOXm",
"name": "OpenAi account"
}
},
"typeVersion": 1.2
},
{
"id": "b8e61b73-87fd-4511-9514-03135d34c348",
"name": "Vérifier la Haute Sévérité",
"type": "n8n-nodes-base.if",
"position": [
-416,
-112
],
"parameters": {
"options": {
"ignoreCase": true
},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "0c8dba85-ab11-4ef9-9049-d3ad934976ef",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.body.severity }}",
"rightValue": "3 high"
},
{
"id": "2a4587f8-ccae-435c-8c67-1606811538a2",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.body.rule_id }}",
"rightValue": "=52502"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "cad813f2-fb68-4e31-a85c-5732f11f4f96",
"name": "Résumer l'Alerte",
"type": "@n8n/n8n-nodes-langchain.chainSummarization",
"position": [
-192,
-368
],
"parameters": {
"options": {
"summarizationMethodAndPrompts": {
"values": {
"prompt": "Write a detailed concise summary of the following as a Senior soc analyst:\n\n\n\"{text}\"\n\n\nCONCISE SUMMARY:",
"combineMapPrompt": "=You are the Wazuh AI Assistant created by Mariskarthick. \n\nYou should act as a Senior experienced SOC Analyst\n\nYour main purpose is to run the ClamAV if wazuh siem detected a ClamAV: Virus detected alert. you have full access to the all the machines via ssh and initate a CLAM AV scan using this command sudo clamscan -r \"mention the path where the virus is detected\" --bell -i\n\nfor example: sudo clamscan -r /test --bell -i\n\nonce the scanning is done, consolidate the output of the scan and initiate a msg to stateholder via shadowArk telegram trigger\n\nyou can refer the below details:\n Wazuh detected alert Name: {{ $json.body.title }}\nFull log: {{ $json.body.text }}\n"
}
}
}
},
"typeVersion": 2.1
},
{
"id": "3c6645a6-3d16-48ec-8f35-a850244c3536",
"name": "Extraire le Chemin",
"type": "@n8n/n8n-nodes-langchain.agent",
"position": [
208,
-256
],
"parameters": {
"text": "={{ $json.output.text }}\n\nYou are the wazuh AI Assistant. your primary task is to understand the abive mentioend text and extract the path where the virus got detected on the below format:\n\nExamle: \n\ntext:\nA high-severity WAZUH alert was triggered on July 30, 2025, indicating ClamAV detected the EICAR test virus (EICAR.TEST.3.UNOFFICIAL) in the file `/test/eicar.com` on the host `shadowark`. The detection was logged by the ClamAV daemon (clamd) and confirmed repeatedly at 13:44:27, involving components such as freshclam and journald. The alert originated from IP `122.178.166.190` accessing `3aad845638746618f1a5187d93674f5f.n8n.selfmade.codes` via HTTPS.\n\noutput required:\n/test/eicar.com",
"options": {},
"promptType": "define"
},
"typeVersion": 2.1
},
{
"id": "f44a9bc0-46d4-45c3-aaaa-3bf2eb567578",
"name": "Exécuter l'Analyse Antivirus",
"type": "n8n-nodes-base.ssh",
"position": [
608,
-256
],
"parameters": {
"command": "=clamscan -r {{ $json.output }} --bell -i"
},
"credentials": {
"sshPassword": {
"id": "ounO8RvAyII5YqON",
"name": "Wazuh_Manager"
}
},
"typeVersion": 1
},
{
"id": "8858c573-ad0b-4f14-8a19-993a93f6d8ca",
"name": "Notifier les Parties Prenantes via Telegram",
"type": "n8n-nodes-base.telegram",
"position": [
816,
-272
],
"webhookId": "4f1045ae-5d81-46fc-b0ae-7146529a9700",
"parameters": {
"text": "=Notification: \n\n{{ $('Summarize Alert').item.json.output.text }}\n\n\nFollowed by the above activity, the scanning has been initiated and completed successfully. please find the below details.\n\n{{ $json.stdout }}\n\nThank you!\nMariskarthick M",
"chatId": "831690003",
"additionalFields": {}
},
"credentials": {
"telegramApi": {
"id": "kb3ymxZjowjLNhLb",
"name": "Shadowark AI"
}
},
"typeVersion": 1.2
}
],
"pinData": {},
"connections": {
"f44a9bc0-46d4-45c3-aaaa-3bf2eb567578": {
"main": [
[
{
"node": "8858c573-ad0b-4f14-8a19-993a93f6d8ca",
"type": "main",
"index": 0
}
]
]
},
"fb1f79ac-2b5a-4bac-8f49-9d4938ea8c9b": {
"main": [
[
{
"node": "b8e61b73-87fd-4511-9514-03135d34c348",
"type": "main",
"index": 0
}
]
]
},
"3c6645a6-3d16-48ec-8f35-a850244c3536": {
"main": [
[
{
"node": "f44a9bc0-46d4-45c3-aaaa-3bf2eb567578",
"type": "main",
"index": 0
}
]
]
},
"cad813f2-fb68-4e31-a85c-5732f11f4f96": {
"main": [
[
{
"node": "3c6645a6-3d16-48ec-8f35-a850244c3536",
"type": "main",
"index": 0
}
]
]
},
"6ed0c622-e956-46da-87bb-82d96548f108": {
"ai_languageModel": [
[
{
"node": "cad813f2-fb68-4e31-a85c-5732f11f4f96",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"84cfeaa8-db3b-48be-a89d-fd2f9a3d66ec": {
"ai_languageModel": [
[
{
"node": "3c6645a6-3d16-48ec-8f35-a850244c3536",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"b8e61b73-87fd-4511-9514-03135d34c348": {
"main": [
[
{
"node": "cad813f2-fb68-4e31-a85c-5732f11f4f96",
"type": "main",
"index": 0
}
],
[
{
"node": "961ed6cb-a6b7-401f-a2b5-aaadf91ab4f1",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Intermédiaire - Opérations de sécurité, Résumé IA
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
Wazuh RuleOpsX – Validation, déploiement et amélioration automatisés de la détection
Déploiement automatisé du pipeline de règles Wazuh avec GitHub, validation XML et alertes Telegram
If
Ssh
Code
+
If
Ssh
Code
14 Nœudsmariskarthick
Opérations de sécurité
IA de sécurité SOPHOS
utilisationSophos、Gemini AIetVirusTotaldeautomatisation安全警报analyse
If
Code
Webhook
+
If
Code
Webhook
9 NœudsRizky Febriyan
Opérations de sécurité
Assistant cybersécurité : GPT-4, bot Telegram et exécution de commandes
Assistant cybersécurité intégrant GPT-4, un robot Telegram et l'exécution de commandes
Telegram
Telegram Tool
Agent
+
Telegram
Telegram Tool
Agent
13 Nœudsmariskarthick
Opérations de sécurité
AI Recruiter - Analyse multiple de CV
Utiliser OpenAI GPT pour analyser la correspondance entre plusieurs CV et des descriptions de postes
If
Code
Webhook
+
If
Code
Webhook
18 NœudsMs. Phuong Nguyen (phuongntn)
Ressources Humaines
Wazuh_Alert_Investigation Copie
Automatiser le tri et le rapport des alertes Wazuh avec GPT-4o-mini et Telegram
If
Webhook
Telegram
+
If
Webhook
Telegram
6 Nœudsmariskarthick
Opérations de sécurité
Mettre à jour automatiquement les notes des transactions Amazon dans YNAB avec l'IA et Gmail
Mettre à jour automatiquement les notes de transactions Amazon dans YNAB avec IA et Gmail
If
Set
Wait
+
If
Set
Wait
30 NœudsAngel Menendez
Extraction de documents
Informations sur le workflow
Niveau de difficulté
Intermédiaire
Nombre de nœuds9
Catégorie2
Types de nœuds8
Description de la difficulté
Auteur
mariskarthick
@mariskarthickAn Opensource Enthusiast specializing in detection engineering, threat hunting, and automating security operations to accelerate threat detection and response.
Liens externes
Voir sur n8n.io →
Partager ce workflow