NixGuard AIとWazuhアラートを使用したエグゼクティブセキュリティブリーフィング
中級
これはSecOps, AI Summarization分野の自動化ワークフローで、13個のノードを含みます。主にIf, Set, Code, EmailSend, ExecuteWorkflowなどのノードを使用。 NixGuard AIとWazuhアラートを使ってエグゼクティブセキュリティブリーフィングを作成する
前提条件
- •特別な前提条件なし、インポートしてすぐに使用可能
ワークフロープレビュー
ノード接続関係を可視化、ズームとパンをサポート
ワークフローをエクスポート
以下のJSON設定をn8nにインポートして、このワークフローを使用できます
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29",
"name": "毎日8:00に実行",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
760,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "8af0ca21-63aa-43a0-8755-85b006590435",
"name": "アラート配列を解析",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "7d51a628-b285-4699-9068-9bed2ceea231",
"name": "要約用プロンプトを設定",
"type": "n8n-nodes-base.set",
"position": [
1460,
1600
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "Act as a senior security analyst reporting to a non-technical executive. The following is a JSON array of all high-severity security alerts from the last 24 hours.\n\nYour tasks are:\n1. Start with a single sentence summarizing the day's overall security risk (e.g., 'The security posture today is stable with minor configurable issues detected.').\n2. State the total number of critical alerts found.\n3. In 3-4 clear bullet points using Markdown, summarize the most significant activities or threat patterns observed. Focus on business impact, not technical jargon.\n4. Conclude with a single, clear recommendation (e.g., 'No immediate action required' or 'Recommend prioritizing patches for web servers.').\n\nHere is the raw alert data:\n{{ JSON.stringify($json.alerts) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"name": "APIキーと初期プロンプトを設定",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "edca6750-8948-4de8-89f2-290163db7480",
"name": "最終ブリーフィングを設定",
"type": "n8n-nodes-base.set",
"position": [
1460,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "executive_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"name": "実行: 日次イベントをJSONとして取得(NixGuard RAGとWazuh統合によるリアルタイムセキュリティインサイトの取得)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"name": "実行: 経営層向け要約を生成(NixGuard RAGとWazuh統合によるリアルタイムセキュリティインサイトの取得)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1680,
1600
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"name": "条件分岐",
"type": "n8n-nodes-base.if",
"position": [
1040,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"name": "メール送信",
"type": "n8n-nodes-base.emailSend",
"position": [
1880,
1820
],
"parameters": {
"html": "={{ $json.html_summary }}",
"options": {},
"subject": "Daily AI Cyber Security Briefing"
},
"typeVersion": 2.1
},
{
"id": "4e771aef-10d4-4be8-8432-23bbf852f58f",
"name": "ワークフロー概要1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1380,
1020
],
"parameters": {
"color": 7,
"width": 540,
"height": 340,
"content": "## 💡 Workflow Overview: Daily AI Security Briefing\n\nThis workflow automates the creation of a daily security report for non-technical executives. It uses a two-stage AI process with the **NixGuard Security Connector** workflow.\n\n1. **Stage 1 - Data Retrieval:** It calls the connector to fetch all recent security alerts, requesting the output as a structured JSON array.\n2. **Stage 2 - Summarization:** If alerts were found, it calls the connector *again*, feeding it the raw alert data and prompting it to generate a high-level, business-friendly summary.\n\nThe final report is then delivered via email."
},
"typeVersion": 1
},
{
"id": "47bb91e9-48e8-437d-a736-0f98ffcd923e",
"name": "セットアップガイド1",
"type": "n8n-nodes-base.stickyNote",
"position": [
940,
920
],
"parameters": {
"color": 7,
"width": 400,
"height": 420,
"content": "## ⚙️ 4-Step Setup Guide\n\n1. **Import Child Workflow:** Make sure you also have the `Get Real-Time Security Insights with NixGuard...` workflow in your n8n instance and that it is **activated**.\n\n2. **Set Your API Key:** In the **'Set API Key & Initial Prompt'** node, replace the placeholder with your valid NixGuard API key.\n\n3. **Check Workflow ID:** This workflow calls the child workflow by its ID (`I0nUORqYTwDFZa51`). If your ID is different, you must update it in both **Execute Workflow** nodes.\n\n4. **Configure Email:** Add your email credentials to the two **Send Email** nodes and update the recipient addresses in the `To` field."
},
"typeVersion": 1
},
{
"id": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"name": "MarkdownをHTMLに変換",
"type": "n8n-nodes-base.code",
"position": [
1660,
1820
],
"parameters": {
"jsCode": "/**\n * WARNING: This is a simplified, lightweight Markdown to HTML converter.\n * It does NOT use a dedicated library and will only handle a limited subset of Markdown:\n * - Headings (h1, h2, h3)\n * - Bold text (**text**)\n * - Unordered list items (* item)\n * - Paragraphs (double newlines)\n * It will FAIL on complex cases like nested lists, tables, or code blocks.\n * For robust conversion, using the 'marked' library is strongly recommended.\n */\n\nfunction simpleMarkdownToHtml(markdown) {\n let html = markdown\n // Escape HTML to prevent injection from the input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>');\n\n // Block Elements (order matters)\n html = html\n .replace(/^### (.*$)/gim, '<h3>$1</h3>')\n .replace(/^## (.*$)/gim, '<h2>$1</h2>')\n .replace(/^# (.*$)/gim, '<h1>$1</h1>')\n .replace(/^\\* (.*$)/gim, '<li>$1</li>');\n\n // Inline Elements\n html = html\n .replace(/\\*\\*(.*?)\\*\\*/g, '<strong>$1</strong>')\n .replace(/__(.*?)__/g, '<strong>$1</strong>') // Alternative bold\n .replace(/\\*(.*?)\\*/g, '<em>$1</em>')\n .replace(/_(.*?)_/g, '<em>$1</em>'); // Alternative italics\n\n // Paragraphs and Line Breaks\n // Wrap list items in <ul>\n html = html.replace(/<li>(.|\\n)*?<li>/g, '<ul>$&');\n html = html.replace(/(<\\/li>)(?!.*<li>)/g, '$1</ul>');\n // Convert remaining newlines to <br> or wrap in <p>\n html = html.replace(/\\n/g, '<br>');\n\n return html;\n}\n\nconst markdownSummary = $input.first().json.executive_summary;\nconst htmlSummary = simpleMarkdownToHtml(markdownSummary);\n\n$input.first().json.html_summary = htmlSummary;\n\nreturn $input.all();\n"
},
"typeVersion": 2
},
{
"id": "a20f8e25-d1f8-47fb-8378-3b4479882ffc",
"name": "セットアップガイド",
"type": "n8n-nodes-base.stickyNote",
"position": [
500,
900
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"1e7172f8-c728-4640-8633-f141fd1b94c4": {
"main": [
[
{
"node": "7d51a628-b285-4699-9068-9bed2ceea231",
"type": "main",
"index": 0
}
]
]
},
"8af0ca21-63aa-43a0-8755-85b006590435": {
"main": [
[
{
"node": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"type": "main",
"index": 0
}
]
]
},
"ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29": {
"main": [
[
{
"node": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"type": "main",
"index": 0
}
]
]
},
"edca6750-8948-4de8-89f2-290163db7480": {
"main": [
[
{
"node": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"type": "main",
"index": 0
}
]
]
},
"7d51a628-b285-4699-9068-9bed2ceea231": {
"main": [
[
{
"node": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"type": "main",
"index": 0
}
]
]
},
"fab467cd-7e63-4606-9da4-a677dd7082b3": {
"main": [
[
{
"node": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"type": "main",
"index": 0
}
]
]
},
"26212ca9-51c1-49d4-9705-df7a74ba1b08": {
"main": [
[
{
"node": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"type": "main",
"index": 0
}
]
]
},
"d6cba9cd-fab4-4920-98f8-460b7002c94a": {
"main": [
[
{
"node": "8af0ca21-63aa-43a0-8755-85b006590435",
"type": "main",
"index": 0
}
]
]
},
"c5bab77f-f161-494a-adb1-de1dd53bd5c7": {
"main": [
[
{
"node": "edca6750-8948-4de8-89f2-290163db7480",
"type": "main",
"index": 0
}
]
]
}
}
}よくある質問
このワークフローの使い方は?
上記のJSON設定コードをコピーし、n8nインスタンスで新しいワークフローを作成して「JSONからインポート」を選択、設定を貼り付けて認証情報を必要に応じて変更してください。
このワークフローはどんな場面に適していますか?
中級 - セキュリティ運用, AI要約
有料ですか?
このワークフローは完全無料です。ただし、ワークフローで使用するサードパーティサービス(OpenAI APIなど)は別途料金が発生する場合があります。
関連ワークフロー
自動安全アラート分類:NixGuard AIおよびSlackやJiraへのルーティング
NixGuard AIによる自動セキュリティアラート分類:SlackまたはJiraへのルーティング
If
Set
Code
+
If
Set
Code
19 ノードJonathan | NEX
セキュリティ運用
CyberScan GitHub クローン
Nessus、リスク階層化、Google Sheetsレポートを活用したAI脆弱性スキャナー
If
Set
Code
+
If
Set
Code
39 ノードAdnan Tariq
セキュリティ運用
自動化された無料IP分析
自動化された無料IP分析:NixGuard AI要約とWazuhの統合
Set
Slack
Webhook
+
Set
Slack
Webhook
8 ノードJonathan | NEX
セキュリティ運用
URLフィッシングと脅威の自動解析
NixGuard AIを使用して、URLフィッシングと脅威分析を自動化
Set
Slack
Webhook
+
Set
Slack
Webhook
8 ノードJonathan | NEX
セキュリティ運用
CYBERPULSEBlueOps_モジュール1 クライアントコピー1
自動CVEおよびIOCデータソース摄取、OpenAIによるリスク評価とメールアラート付き
If
Code
Merge
+
If
Code
Merge
21 ノードAdnan Tariq
セキュリティ運用
Gemini AIによる要約機能を使った週次チームレポート(WhatsAppグループ)
Gemini AIを使って要約した自動化された週次WhatsAppグループチームレポート
If
Set
Code
+
If
Set
Code
47 ノードJamot
プロジェクト管理
