Classification des événements Mini SOC
Intermédiaire
Ceci est unAI Summarization, Multimodal AIworkflow d'automatisation du domainecontenant 7 nœuds.Utilise principalement des nœuds comme Set, Gmail, Webhook, OpenAi. Automatiser la classification des incidents de sécurité : GPT-4o-mini et notifications par Gmail
Prérequis
- •Compte Google et informations d'identification Gmail API
- •Point de terminaison HTTP Webhook (généré automatiquement par n8n)
- •Clé API OpenAI
Nœuds utilisés (7)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"id": "9R3de4CVLxlzUZuO",
"meta": {
"instanceId": "146ab8f1ce0cef4bd9c6b91db262ad7cd77638e200455d5838ba053a27e415bc",
"templateCredsSetupCompleted": true
},
"name": "Mini SOC Triage",
"tags": [],
"nodes": [
{
"id": "a9c71043-da13-45b2-954a-93f2e6c3832d",
"name": "Déclencheur Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
0,
0
],
"webhookId": "6e4fa508-b160-4373-bf80-e3e0e485024e",
"parameters": {
"path": "mini-triage",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 2.1
},
{
"id": "68cf1b53-2710-4218-a3b7-9f9a842a7b2e",
"name": "Classer",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
448,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the SOC Classifier. Output VALID JSON only with keys:\n{\n \"incident_type\": \"creds|malware|network|data|cloud|other\",\n \"severity\": \"P0|P1|P2|P3\",\n \"urgency\": \"now|today|this_week\",\n \"short_title\": \"≤12 words\",\n \"why\": \"≤50 words\"\n}\nRules:\n- Prefer \"cloud\" if resource_type looks like cloud infra (e.g., AwsS3Bucket, SecurityGroup, IAM).\n- If title contains \"public\", \"exposed\", \"leak\" → data|cloud depending on resource.\n- If unclear, return \"other\" and P3, but try to use title/description before giving up.\n- Be conservative with P0.\n\nExamples:\nInput: {\"title\":\"S3 bucket public READ\",\"description\":\"ACL allows public READ\",\"resource_type\":\"AwsS3Bucket\"}\nOutput: {\"incident_type\":\"cloud\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Public S3 read\",\"why\":\"Public READ on bucket risks data exposure.\"}\n\nInput: {\"title\":\"Multiple failed logins\",\"description\":\"probable credential stuffing\"}\nOutput: {\"incident_type\":\"creds\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Credential stuffing suspected\",\"why\":\"Repeated failures indicate attack; monitor & protect accounts.\"}\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxTFkzmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "11785568-2cdb-4541-98b8-f9ae659a0f3d",
"name": "Envoyer un message",
"type": "n8n-nodes-base.gmail",
"position": [
1152,
0
],
"webhookId": "21bf3d3a-363f-48dd-9f63-00d1796bea6b",
"parameters": {
"sendTo": "test5@gmail.com",
"message": "=<h3>\n {{ $('Classify').item.json.message.content.short_title }}\n ({{ $('Classify').item.json.message.content.severity }})\n</h3>\n\n<p>\n <b>Type:</b> {{ $('Classify').item.json.message.content.incident_type }}\n | \n <b>Resource Name:</b> {{ $('Clean_Finding').item.json.resource_id }}\n</p>\n\n<p>\n <b>Account:</b> {{ $('Clean_Finding').item.json.account_id }}\n</p>\n\n<p>\n <b>Urgency:</b> {{ $('Classify').item.json.message.content.urgency }}\n</p>\n\n<p>\n <b>Why:</b> {{ $('Classify').item.json.message.content.why }}\n</p>\n\n<p><b>Next Actions</b></p>\n<ol>\n <li>{{ $json.message.content.next_actions[0] }}</li>\n <li>{{ $json.message.content.next_actions[1] }}</li>\n <li>{{ $json.message.content.next_actions[2] }}</li>\n</ol>\n\n<p>\n <b>Owner:</b> {{ $json.message.content.owner_hint }} <br/>\n <b>Success:</b> {{ $json.message.content.success_criteria }}\n</p>\n",
"options": {},
"subject": "={{ $('Classify').item.json.message.content.short_title }}- {{ $('Clean_Finding').item.json.resource_id }} in {{ $('Clean_Finding').item.json.account_id }}"
},
"credentials": {
"gmailOAuth2": {
"id": "08JLRuwZ9XXXSVk",
"name": "Gmail account"
}
},
"typeVersion": 2.1
},
{
"id": "b2de9927-f64c-4a41-83f2-fb41e6d8d9e8",
"name": "Planifier",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
800,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the Remediation Planner. Based on the classifier output and original finding, return VALID JSON:\n{\n \"next_actions\": [\"step 1\", \"step 2\", \"step 3\"],\n \"owner_hint\": \"who should act first (e.g., Cloud On-Call, IAM, EDR)\",\n \"success_criteria\": \"what proves it's resolved\"\n}\nKeep it to 3 atomic steps max. No speculation.\n"
},
{
"content": "=Classifier:\n```json\n{{$node[\"Classify\"].json}}\n{{$node[\"Webhook\"].json}}\n\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxXXXXmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "34aa6438-b428-4720-90b7-89c25bf16619",
"name": "Nettoyer_Finding",
"type": "n8n-nodes-base.set",
"position": [
224,
0
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "d9f10bb7-9869-4f49-a44d-3ca7beb3e0e9",
"name": "Title",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Title }}"
},
{
"id": "df567881-cff9-40b3-acf1-d3e4b6499802",
"name": "Description",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Description }}"
},
{
"id": "86a3f987-3bbe-4e16-8964-403b435f89cf",
"name": "account_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].AwsAccountId }}"
},
{
"id": "4ca89192-e879-435e-89c8-4e66a1e4ab77",
"name": "resource_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Id }}"
},
{
"id": "9823717a-0340-4787-8d1c-b3fc118ad675",
"name": "resource_type",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Type }}"
},
{
"id": "061b1afc-f74b-4743-9dab-55cb16fa061c",
"name": "updated_at",
"type": "string",
"value": "={{$json.detail?.findings?.[0]?.UpdatedAt || new Date().toISOString()}}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "8f1880b6-bc09-4cc1-b587-9e4b92146927",
"name": "Note adhésive",
"type": "n8n-nodes-base.stickyNote",
"position": [
-480,
-64
],
"parameters": {
"color": 4,
"width": 384,
"height": 336,
"content": "📥 ENTRY \n\nSend a POST to /mini-triage to get started!\n\nExample:\n\ncurl -X POST \"$YOUR_WEBHOOK_URL\" \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"detail\": {\n \"findings\": [{\n \"Title\": \"Multiple failed logins\",\n \"Description\": \"probable credential stuffing\",\n \"AwsAccountId\": \"111111111111\",\n \"Resources\": [{ \"Id\": \"user:alice@example.com\", \"Type\": \"AwsIamUser\" }]\n }]\n }\n }'\n"
},
"typeVersion": 1
},
{
"id": "37bc3107-c1ac-4386-817c-95a0009cf9c0",
"name": "Note adhésive1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-464,
304
],
"parameters": {
"color": 6,
"width": 336,
"height": 128,
"content": "✉️ EMAIL & SECURITY\n \nSubject = <short_title> - <resource_id> in <account_id> \nReplace with your email/SMTP \nKeep creds in n8n Credentials, not nodes"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "39333a9c-5775-4440-aca6-0532fe50e307",
"connections": {
"b2de9927-f64c-4a41-83f2-fb41e6d8d9e8": {
"main": [
[
{
"node": "11785568-2cdb-4541-98b8-f9ae659a0f3d",
"type": "main",
"index": 0
}
]
]
},
"Webhook": {
"main": [
[
{
"node": "34aa6438-b428-4720-90b7-89c25bf16619",
"type": "main",
"index": 0
}
]
]
},
"68cf1b53-2710-4218-a3b7-9f9a842a7b2e": {
"main": [
[
{
"node": "b2de9927-f64c-4a41-83f2-fb41e6d8d9e8",
"type": "main",
"index": 0
}
]
]
},
"34aa6438-b428-4720-90b7-89c25bf16619": {
"main": [
[
{
"node": "68cf1b53-2710-4218-a3b7-9f9a842a7b2e",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Intermédiaire - Résumé IA, IA Multimodale
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
Actualités commerciales quotidiennes
Générer un résumé quotidien des actualités business à partir de multiples sources RSS avec OpenAI et Gmail
If
Code
Gmail
+
If
Code
Gmail
15 NœudsCalistus Christian
Étude de marché
Module GRC 3 : Évaluateur de risques fournisseurs
Automatiser l'évaluation des risques des fournisseurs avec AI, Google Sheets et des rappels par e-mail
If
Set
Gmail
+
If
Set
Gmail
7 NœudsAdnan Tariq
Résumé IA
Analyseur d'écart de contenu concurrentiel : mappage automatisé des thèmes de sites web
Analyser les écarts de contenu concurrentiel avec Gemini AI, Apify et Google Sheets
If
Set
Code
+
If
Set
Code
30 NœudsMychel Garzon
Divers
Système automatisé de classification et de réponse aux e-mails avec Gmail, GPT et des tableaux
Système automatisé de classification et de réponse aux e-mails avec Gmail, GPT et des feuilles de calcul
Set
Gmail
Error Trigger
+
Set
Gmail
Error Trigger
35 NœudsSergio Afonso
Résumé IA
Actualités de sécurité quotidiennes
Briefing technologique et cybersécurité quotidien : RSS, OpenAI GPT-4o et Gmail
If
Code
Gmail
+
If
Code
Gmail
19 NœudsCalistus Christian
Productivité personnelle
Analyse intelligente quotidienne des groupes WhatsApp : Analyse GPT-4.1 et transcription des messages vocaux
Analyse intelligente des groupes WhatsApp quotidiens : analyse GPT-4.1 et transcription des messages vocaux
If
Set
Code
+
If
Set
Code
52 NœudsDaniel Lianes
Divers
Informations sur le workflow
Niveau de difficulté
Intermédiaire
Nombre de nœuds7
Catégorie2
Types de nœuds5
Description de la difficulté
Auteur
Calistus Christian
@ca7aiAutomation strategist and AI workflow architect creating intelligent, agent-driven processes that streamline operations. I build advanced n8n solutions integrating AI, cloud services, and real-time data orchestration for scalable impact. Explore my free workflows to get started. Premium, custom-built solutions are also available. Connect with me on LinkedIn for tailored automation expertise.
Liens externes
Voir sur n8n.io →
Partager ce workflow