CYBERPULSEBlueOps_モジュール1 クライアントコピー1
上級
これはSecOps, AI Summarization分野の自動化ワークフローで、21個のノードを含みます。主にIf, Code, Merge, Switch, SplitOutなどのノードを使用。 自動CVEおよびIOCデータソース摄取、OpenAIによるリスク評価とメールアラート付き
前提条件
- •ターゲットAPIの認証情報が必要な場合あり
- •Google Sheets API認証情報
ワークフロープレビュー
ノード接続関係を可視化、ズームとパンをサポート
ワークフローをエクスポート
以下のJSON設定をn8nにインポートして、このワークフローを使用できます
{
"id": "FOKoHtdHL2JKFwpH",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CYBERPULSEBlueOps_Module1 client copy1",
"tags": [
{
"id": "0obxZlT9bSaIMBpV",
"name": "Threat Intake",
"createdAt": "2025-05-23T06:15:09.978Z",
"updatedAt": "2025-05-23T06:15:09.978Z"
},
{
"id": "2rUQt7xpJikyzCUP",
"name": "(ACSC E8 + ISM-Aligned)",
"createdAt": "2025-06-04T06:23:02.488Z",
"updatedAt": "2025-06-04T06:23:02.488Z"
}
],
"nodes": [
{
"id": "b9325536-f714-437d-8dc3-2dfbfd6d58a7",
"name": "⏰ Cron – 日次トリガー",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-220,
-560
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"name": "🌐 CVEフィード取得",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-640
],
"parameters": {
"url": "https://gist.githubusercontent.com/gitadta/bdcb18b2450c5561a4b69ae9327383a8/raw/d9637907229a0a7e2bd6f5a5b6b2f04e6248aac1/cve-2023-26479.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"name": "🛡️ IOCフィード取得",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-480
],
"parameters": {
"url": "=https://gist.githubusercontent.com/gitadta/fddb9eb942cd3494c2e187117976d430/raw/1873c10c1a375c94b8afe3eed2772045c0a66568/ioc-feed.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "080ac947-b10c-4492-8f55-79e27b9982c0",
"name": "🧠 脅威データ統合",
"type": "n8n-nodes-base.merge",
"position": [
220,
-560
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"name": "🧠 脅威データ結合",
"type": "n8n-nodes-base.code",
"position": [
220,
-360
],
"parameters": {
"jsCode": "const cve = items[0].json;\nconst iocs = items[1].json.iocs || [];\n\nreturn [\n {\n json: {\n cve,\n iocs\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "68ccba75-0a92-4cd1-8306-24daafe59333",
"name": "🧠 AI – リスク評価",
"type": "n8n-nodes-base.code",
"position": [
220,
-180
],
"parameters": {
"jsCode": "const data = $input.all();\nreturn data.map((item, i) => {\n const baseScore = item.json.cve?.impact?.baseMetricV3?.cvssV3?.baseScore || 0;\n const aiRisk = [6.5, 9.1][i] || 5;\n const path = [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3];\n const lev = [0.93, 0.72][i] || 0.45;\n\n return {\n json: {\n ...item.json,\n aiRisk,\n path,\n lev\n }\n };\n});"
},
"typeVersion": 2
},
{
"id": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"name": "🧠 AI – 脆弱性トリアージ",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 2
},
{
"id": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"name": "🚨 アラート – LEVトリガー",
"type": "n8n-nodes-base.if",
"position": [
220,
200
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "f170e1cc-2692-4fcc-8def-6b1e5f01af84",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "=true"
}
]
},
"looseTypeValidation": true
},
"typeVersion": 2.2
},
{
"id": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"name": "📧 アラートメール送信",
"type": "n8n-nodes-base.emailSend",
"position": [
420,
140
],
"webhookId": "48963cc6-c85f-4946-92bd-2c91a1a255ef",
"parameters": {
"html": "=<h2>🚨 Critical Alert</h2>\n<p>The following high-risk CVEs were identified:</p>\n<pre>{{ JSON.stringify($json.expert, null, 2) }}</pre>\n",
"options": {},
"subject": "🚨 CyberPulse Alert – Critical Vulnerabilities Detected",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"name": "Google シート",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
300
],
"parameters": {
"columns": {
"value": {
"IOCs": "={{ JSON.stringify($(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].iocs) }}",
"Score": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseScore }}",
"CVE_ID": "={{ $(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].cve.cve.CVE_data_meta.ID }}",
"Severity": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}",
"LEV_label": "={{ $json.expert[0].levLabel }}",
"LEV_score": "={{ $json.expert[0].levScore }}",
"timestamp": "={{ new Date().toISOString() }}",
"aiRisk_score": "={{ $json.expert[0].aiRisk }}",
"compliance_tags": "\"{{ 'ISM-0412, E8-6' }}\"",
"response_action": "={{ $json.expert[0].levLabel.toLowerCase() }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "CVE_ID",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "CVE_ID",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Severity",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Severity",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "IOCs",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "IOCs",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "aiRisk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "aiRisk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_label",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_label",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "response_action",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "response_action",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "compliance_tags",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "compliance_tags",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1LeES3AaZG1AZHFd4g2FMgZx790AP_9Qd1OsIE774R-M/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"name": "🧠 AI – インシデントプレイブックセレクター",
"type": "n8n-nodes-base.code",
"position": [
660,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default response\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook: playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];\n"
},
"typeVersion": 2
},
{
"id": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"name": "コード",
"type": "n8n-nodes-base.code",
"position": [
840,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default fallback\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"name": "🧭 レスポンスルーター",
"type": "n8n-nodes-base.switch",
"position": [
1020,
-180
],
"parameters": {
"rules": {
"values": [
{
"outputKey": "notify",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "04b84cf7-971d-4f6e-a4c3-4609afd67140",
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "notify"
}
]
},
"renameOutput": true
},
{
"outputKey": "monitor",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "402dbac5-1a9e-4862-a281-7dfd42cf2729",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": " monitor"
}
]
},
"renameOutput": true
},
{
"outputKey": "islolation",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "b0100303-40c4-409e-8f95-b9cab699eedd",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "isolation"
}
]
},
"renameOutput": true
}
]
},
"options": {
"ignoreCase": true
}
},
"typeVersion": 3.2
},
{
"id": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"name": "アラートメール送信",
"type": "n8n-nodes-base.emailSend",
"position": [
1340,
-360
],
"webhookId": "decb9f47-14ee-49f7-9317-2d52a39f97bd",
"parameters": {
"html": "=<!DOCTYPE html>\n<html>\n<head>\n <style>\n body {\n font-family: Arial, sans-serif;\n color: #333;\n }\n h2 {\n color: #b30000;\n }\n .section {\n margin-bottom: 20px;\n }\n .section-critical {\n background-color: #ffe5e5;\n padding: 15px;\n border-left: 5px solid #cc0000;\n }\n .section-iocs {\n border: 1px solid #ccc;\n border-radius: 5px;\n padding: 10px;\n }\n .section-high {\n background-color: #fff3e0;\n padding: 15px;\n border-left: 5px solid #ff9800;\n }\n .next-steps {\n background-color: #e8f5e9;\n padding: 15px;\n border-left: 5px solid #4caf50;\n }\n table {\n width: 100%;\n border-collapse: collapse;\n margin-top: 10px;\n }\n th, td {\n padding: 8px;\n border: 1px solid #999;\n text-align: left;\n }\n .comment {\n font-style: italic;\n font-size: 0.95em;\n color: #555;\n margin-top: 10px;\n }\n </style>\n</head>\n<body>\n\n<h2>🚨 Critical Alert – {{ $json.cve.cve.CVE_data_meta.ID }}</h2>\n\n<div class=\"section section-critical\">\n <p><b>📰 Summary:</b> {{ $json.cve.description.description_data[0].value }}</p>\n <p><b>📉 Severity:</b> \n <span style=\"color: \n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'CRITICAL' ? 'red' : \n $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'HIGH' ? 'orange' : \n 'black' }}\">\n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\n </span>\n </p>\n <p><b>📊 CVSS Score:</b> {{ $json.cve.impact.baseMetricV3.cvssV3.baseScore }}</p>\n</div>\n\n<div class=\"section section-iocs\">\n <b>📌 Indicators of Compromise (IOCs)</b>\n <table>\n <tr><th>Type</th><th>Value</th></tr>\n {{ $json.iocs.map(ioc => `<tr><td>${ioc.type}</td><td>${ioc.value}</td></tr>`).join('') }}\n </table>\n</div>\n\n<div class=\"section section-high\">\n <b>🧠 AI Risk Evaluation</b>\n <ul>\n <li><b>aiRisk Score:</b> {{ $json.aiRisk }}</li>\n <li><b>LEV Score:</b> {{ $json.lev }}</li>\n <li><b>LEV Label:</b> {{ $json.levLabel }}</li>\n <li><b>Response Assigned:</b> \n <span style=\"color: darkred;\">{{ $json.response.playbook }}</span>\n </li>\n </ul>\n <div class=\"comment\">\n 💬 Based on AI analysis, this CVE meets critical exploitability thresholds with confirmed indicators in your threat environment. Immediate action is advised.\n </div>\n</div>\n\n<div class=\"section next-steps\">\n <b>✅ Next Steps:</b>\n <ol>\n <li>Isolate affected endpoints immediately</li>\n <li>Apply latest patches for {{ $json.cve.cve.CVE_data_meta.ID }}</li>\n <li>Update threat database and notify internal stakeholders</li>\n </ol>\n</div>\n\n</body>\n</html>\n<p style=\"font-size: 11px; color: #888;\">\n <hr style=\"border: none; border-top: 1px solid #ddd; margin: 24px 0;\">\n\n<p style=\"font-size: 11px; color: #888; line-height: 1.5;\">\n 🔒 Aligned with <strong>ACSC Essential Eight</strong> & <strong>ISM 2024</strong> (Australia), and structured using the <strong>NIST Cybersecurity Framework</strong> and <strong>ISO/IEC 27001</strong> principles.<br>\n Designed for SMEs and security teams worldwide.\n</p>\n\n<p style=\"font-size: 10px; color: #aaa;\">\n This alert was automatically generated by <strong>CYBERPULSEBlueOps</strong> using n8n.\n</p>\n",
"options": {},
"subject": "=🚨 Cyber Alert: {{ $json.response.playbook.toUpperCase() }} Required",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"name": "Google シートに記録",
"type": "n8n-nodes-base.googleSheets",
"position": [
1340,
-180
],
"parameters": {
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultUrl": "",
"cachedResultName": ""
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"name": "HTTP リクエスト",
"type": "n8n-nodes-base.httpRequest",
"position": [
1340,
0
],
"parameters": {
"url": "https://edr-api.example.com/isolate",
"method": "POST",
"options": {},
"jsonBody": "={\n \"device_ip\": \"{{ $json.iocs[0].value }}\",\n \"cve_id\": \"{{ $json.cve.cve.CVE_data_meta.ID }}\",\n \"severity\": \"{{ $json.cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "Authorization"
},
{
"name": "Content-Type",
"value": "application/json"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"name": "分割",
"type": "n8n-nodes-base.splitOut",
"position": [
500,
-180
],
"parameters": {
"include": "allOtherFields",
"options": {},
"fieldToSplitOut": "iocs"
},
"typeVersion": 1
},
{
"id": "da91b5b0-a2ff-4d91-9837-eafdb1aa7ed4",
"name": "付箋",
"type": "n8n-nodes-base.stickyNote",
"position": [
1600,
-380
],
"parameters": {
"color": 7,
"width": 560,
"height": 1160,
"content": "\n🛡️ CYBERPULSEBlueOps – Module 1: Threat Feed Ingestion\n\nVersion: 1.0\nLast Updated: 2025-06-04\nAuthor: Adnan Tariq\nStatus: ✅ Production-Ready\n\n🔍 Purpose\n\nAutomates daily ingestion of CVE and IOC threat feeds, enriches and evaluates risks using AI-based triage, and routes alerts to notification, isolation, or monitoring actions. Structured to align with compliance frameworks and operational defense workflows.\n\n🔗 Data Sources\n\nCVE Feed: GitHub Gist (cve_data)\n\nIOC Feed: GitHub Gist (ioc_data)\n\nIngest frequency: Daily via Cron Trigger\n\n🧠 Key Components\n\nAI – Risk Evaluation for aiRisk scoring\n\nAI – Triage Vulnerabilities for LEV scoring & labels\n\n📘 Response Router assigns notify, monitor, or isolate\n\nLogs exported to Google Sheets with:\n\nCVE_ID, Severity, Score, IOCs\n\naiRisk_score, LEV_score, LEV_label, response_action\n\nCompliance tags: ISM-0412, E8-6\n\n✅ Compliance Alignment\n\n ACSC Essential Eight (Australia)\n\n ISM 2024 Logging Guidelines\n\n NIST Cybersecurity Framework\n\n ISO/IEC 27001 Control Mapping\n\n✉️ Output\n\nHTML emails with risk-based alert summaries\n\nGoogle Sheets row logs\n\n(Optional) HTTP isolation request via EDR API\n\n⚠️ Do not modify node structure without understanding data propagation and rule routing. All logic assumes LEV triage is the decision root."
},
"typeVersion": 1
},
{
"id": "1bae77e9-6f51-4a51-85d6-051ad1198030",
"name": "付箋1",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
-380
],
"parameters": {
"color": 7,
"width": 1080,
"height": 680,
"content": "\n🧠 What is Module 1?\nModule 1 is like a security robot that wakes up every morning, reads danger news from the internet (called CVEs and IOCs), checks how risky it is, and then tells the grown-ups what to do.\n\n🧾 Why are there 2 Google Sheet blocks?\n1️⃣ First Google Sheet:\n➡️ It writes down big dangerous alerts that need attention (like “Critical Virus Found!”).\nThis is like a red alert notebook.\n\n2️⃣ Second Google Sheet:\n➡️ It writes down everything it finds, even small stuff, in a daily logbook.\nThis is the diary of what the robot saw today.\n\n✉️ Why are there 2 Email Alerts?\n1️⃣ First Email:\n📨 Sends a special alert when something very risky happens (like an emergency siren).\nExample: \"This computer might be in big trouble!\"\n\n2️⃣ Second Email:\n📨 Sends a daily summary email with a table.\nExample: “Today I saw: 1 Critical, 1 Medium, 1 Low.”\n\n🌐 Why is there 1 HTTP Request?\n🌍 This is the robot’s panic button.\nIf the robot says, “This is too dangerous,” it can call another robot (like an EDR system) to shut down or isolate the infected computer.\n\nBut this button is optional — like only calling the fire truck when needed.\n\n💡 In Short:\n🧾 Two sheets: one for alerts, one for daily diary\n\n✉️ Two emails: one for emergency, one for daily summary\n\n🌐 One optional panic button: for calling help if danger is too high"
},
"typeVersion": 1
},
{
"id": "0a7a9166-b06d-4a48-9420-70af07392046",
"name": "付箋2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
320
],
"parameters": {
"color": 7,
"width": 580,
"height": 180,
"content": "\n📘 Module 1 Glossary – What Each Term Means\n\n• **aiRisk** – AI-generated risk score (e.g. 6.5) based on CVE severity + behavior \n• **LEV Score** – Local Exploitability score (e.g. 0.93) — how likely it affects *you* \n• **LEV Label** – Text label from LEV score (e.g. `notify`, `monitor`, `isolate`) \n• **response_action** – What the system decided to do (e.g. alert, log, isolate) \n• **IOC** – Indicator of Compromise like a suspicious IP, domain, or file hash \n• **CVE** – Known vulnerability from public sources (e.g. CVE-2023-26479)\n"
},
"typeVersion": 1
},
{
"id": "c3323b86-bb2b-4d62-9dcc-2509a1a6b893",
"name": "付箋3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
520
],
"parameters": {
"color": 7,
"width": 580,
"height": 480,
"content": "\n🛡️ Framework Integration Summary – Module 1\n\nACSC Essential Eight (Australia)\n✔ Implements daily threat monitoring and log collection, aligning with mitigation strategies like patching and application control.\n\nISM 2024 Logging Guidelines (Australia)\n✔ Logs high-risk CVEs, IOCs, and AI-evaluated actions to structured, queryable formats (Google Sheets, Emails).\n✔ Includes severity, timestamps, and response decisions — meets ISM log detail requirements.\n\nNIST Cybersecurity Framework (CSF) (US)\n✔ Aligns with:\n\nIdentify (tracking known CVEs),\n\nDetect (via AI risk analysis),\n\nRespond (action routing via LEV logic).\n\nISO/IEC 27001\n✔ Supports control A.12.4 (Event logging) and A.16 (Incident response) by providing automated alerts, logs, and response recommendations."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "b9d78a57-e42a-4b2a-92d4-30a29f06178a",
"connections": {
"2aa9749e-cf1d-49ee-8a82-b75a6a62d1af": {
"main": [
[
{
"node": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"type": "main",
"index": 0
}
]
]
},
"d5376f73-da94-4a39-9129-7f94c9b6d86c": {
"main": [
[
{
"node": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"type": "main",
"index": 0
}
]
]
},
"4123923e-bbbd-4234-8769-43dcd65cf9c8": {
"main": [
[]
]
},
"c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 0
}
]
]
},
"e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 1
}
]
]
},
"6dd8f1cf-4459-4496-b547-205da0aa2ab7": {
"main": [
[
{
"node": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"type": "main",
"index": 0
}
],
[
{
"node": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"type": "main",
"index": 0
}
],
[
{
"node": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"type": "main",
"index": 0
}
]
]
},
"2341d7f3-4f5e-4bf0-8b96-fb64c4d46344": {
"main": [
[]
]
},
"080ac947-b10c-4492-8f55-79e27b9982c0": {
"main": [
[
{
"node": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"type": "main",
"index": 0
}
]
]
},
"80c5acb7-743a-44d7-8482-a5d429a973bd": {
"main": [
[
{
"node": "68ccba75-0a92-4cd1-8306-24daafe59333",
"type": "main",
"index": 0
}
]
]
},
"b9325536-f714-437d-8dc3-2dfbfd6d58a7": {
"main": [
[
{
"node": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"type": "main",
"index": 0
},
{
"node": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"type": "main",
"index": 0
}
]
]
},
"3cbac00e-3bf1-4f68-99e2-e2027d3d2648": {
"main": [
[
{
"node": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"type": "main",
"index": 0
},
{
"node": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"type": "main",
"index": 0
}
]
]
},
"68ccba75-0a92-4cd1-8306-24daafe59333": {
"main": [
[
{
"node": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"type": "main",
"index": 0
},
{
"node": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"type": "main",
"index": 0
}
]
]
},
"9f74ff1c-57ae-48ae-989d-b27b64895c53": {
"main": [
[
{
"node": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"type": "main",
"index": 0
}
]
]
},
"6be8438a-956d-4ac6-94e5-dc22cebaa178": {
"main": [
[
{
"node": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"type": "main",
"index": 0
}
]
]
}
}
}よくある質問
このワークフローの使い方は?
上記のJSON設定コードをコピーし、n8nインスタンスで新しいワークフローを作成して「JSONからインポート」を選択、設定を貼り付けて認証情報を必要に応じて変更してください。
このワークフローはどんな場面に適していますか?
上級 - セキュリティ運用, AI要約
有料ですか?
このワークフローは完全無料です。ただし、ワークフローで使用するサードパーティサービス(OpenAI APIなど)は別途料金が発生する場合があります。
関連ワークフロー
CyberScan GitHub クローン
Nessus、リスク階層化、Google Sheetsレポートを活用したAI脆弱性スキャナー
If
Set
Code
+
If
Set
Code
39 ノードAdnan Tariq
セキュリティ運用
潜在顧客開掘とメールワーキングフロー
Google Maps、SendGrid、AIを使用してB2Bリード獲得とメールマーケティングを自動化
If
Set
Code
+
If
Set
Code
141 ノードEzema Kingsley Chibuzo
リード獲得
PCI 制御評価を自動化
Google Sheetsを使ってPCI DSSコントロールの評価とコンプライアンス追跡を自動化する
If
Set
Code
+
If
Set
Code
19 ノードAdnan Tariq
セキュリティ運用
毎日の WhatsApp グループ スマート分析:GPT-4.1 による分析と音声メッセージの transcrição
毎日の WhatsApp グループ インタラクティブ分析:GPT-4.1 分析と音声メッセージ文字起こし
If
Set
Code
+
If
Set
Code
52 ノードDaniel Lianes
その他
M5 - 自動返信ボット
自動セキュリティインシデント対応:Google Sheets、メールアラート、EDRキュレつ
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 ノードAdnan Tariq
セキュリティ運用
M4 - イベント分類器
GPT-4とGoogle Sheetsを使ってSOCチームのセキュリティインシデントを自動分類
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 ノードAdnan Tariq
セキュリティ運用
ワークフロー情報
難易度
上級
ノード数21
カテゴリー2
ノードタイプ10
作成者
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
外部リンク
n8n.ioで表示 →
このワークフローを共有