CYBERPULSEBlueOps_모듈1 클라이언트 사본1
고급
이것은SecOps, AI Summarization분야의자동화 워크플로우로, 21개의 노드를 포함합니다.주로 If, Code, Merge, Switch, SplitOut 등의 노드를 사용하며. OpenAI 위험 평가 및 이메일 알림을 포함한 자동 CVE 및 IOC 데이터 소스 수집
사전 요구사항
- •대상 API의 인증 정보가 필요할 수 있음
- •Google Sheets API 인증 정보
워크플로우 미리보기
노드 연결 관계를 시각적으로 표시하며, 확대/축소 및 이동을 지원합니다
워크플로우 내보내기
다음 JSON 구성을 복사하여 n8n에 가져오면 이 워크플로우를 사용할 수 있습니다
{
"id": "FOKoHtdHL2JKFwpH",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CYBERPULSEBlueOps_Module1 client copy1",
"tags": [
{
"id": "0obxZlT9bSaIMBpV",
"name": "Threat Intake",
"createdAt": "2025-05-23T06:15:09.978Z",
"updatedAt": "2025-05-23T06:15:09.978Z"
},
{
"id": "2rUQt7xpJikyzCUP",
"name": "(ACSC E8 + ISM-Aligned)",
"createdAt": "2025-06-04T06:23:02.488Z",
"updatedAt": "2025-06-04T06:23:02.488Z"
}
],
"nodes": [
{
"id": "b9325536-f714-437d-8dc3-2dfbfd6d58a7",
"name": "⏰ Cron – 일일 트리거",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-220,
-560
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"name": "🌐 CVE 피드 가져오기",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-640
],
"parameters": {
"url": "https://gist.githubusercontent.com/gitadta/bdcb18b2450c5561a4b69ae9327383a8/raw/d9637907229a0a7e2bd6f5a5b6b2f04e6248aac1/cve-2023-26479.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"name": "🛡️ IOC 피드 가져오기",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-480
],
"parameters": {
"url": "=https://gist.githubusercontent.com/gitadta/fddb9eb942cd3494c2e187117976d430/raw/1873c10c1a375c94b8afe3eed2772045c0a66568/ioc-feed.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "080ac947-b10c-4492-8f55-79e27b9982c0",
"name": "🧠 위협 데이터 병합",
"type": "n8n-nodes-base.merge",
"position": [
220,
-560
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"name": "🧠 위협 데이터 결합",
"type": "n8n-nodes-base.code",
"position": [
220,
-360
],
"parameters": {
"jsCode": "const cve = items[0].json;\nconst iocs = items[1].json.iocs || [];\n\nreturn [\n {\n json: {\n cve,\n iocs\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "68ccba75-0a92-4cd1-8306-24daafe59333",
"name": "🧠 AI – 위험 평가",
"type": "n8n-nodes-base.code",
"position": [
220,
-180
],
"parameters": {
"jsCode": "const data = $input.all();\nreturn data.map((item, i) => {\n const baseScore = item.json.cve?.impact?.baseMetricV3?.cvssV3?.baseScore || 0;\n const aiRisk = [6.5, 9.1][i] || 5;\n const path = [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3];\n const lev = [0.93, 0.72][i] || 0.45;\n\n return {\n json: {\n ...item.json,\n aiRisk,\n path,\n lev\n }\n };\n});"
},
"typeVersion": 2
},
{
"id": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"name": "🧠 AI – 취약성 분류",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 2
},
{
"id": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"name": "🚨 ALERT – LEV 트리거",
"type": "n8n-nodes-base.if",
"position": [
220,
200
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "f170e1cc-2692-4fcc-8def-6b1e5f01af84",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "=true"
}
]
},
"looseTypeValidation": true
},
"typeVersion": 2.2
},
{
"id": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"name": "📧 알림 이메일 전송",
"type": "n8n-nodes-base.emailSend",
"position": [
420,
140
],
"webhookId": "48963cc6-c85f-4946-92bd-2c91a1a255ef",
"parameters": {
"html": "=<h2>🚨 Critical Alert</h2>\n<p>The following high-risk CVEs were identified:</p>\n<pre>{{ JSON.stringify($json.expert, null, 2) }}</pre>\n",
"options": {},
"subject": "🚨 CyberPulse Alert – Critical Vulnerabilities Detected",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
300
],
"parameters": {
"columns": {
"value": {
"IOCs": "={{ JSON.stringify($(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].iocs) }}",
"Score": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseScore }}",
"CVE_ID": "={{ $(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].cve.cve.CVE_data_meta.ID }}",
"Severity": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}",
"LEV_label": "={{ $json.expert[0].levLabel }}",
"LEV_score": "={{ $json.expert[0].levScore }}",
"timestamp": "={{ new Date().toISOString() }}",
"aiRisk_score": "={{ $json.expert[0].aiRisk }}",
"compliance_tags": "\"{{ 'ISM-0412, E8-6' }}\"",
"response_action": "={{ $json.expert[0].levLabel.toLowerCase() }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "CVE_ID",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "CVE_ID",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Severity",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Severity",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "IOCs",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "IOCs",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "aiRisk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "aiRisk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_label",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_label",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "response_action",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "response_action",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "compliance_tags",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "compliance_tags",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1LeES3AaZG1AZHFd4g2FMgZx790AP_9Qd1OsIE774R-M/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"name": "🧠 AI – 인시던트 플레이북 선택기",
"type": "n8n-nodes-base.code",
"position": [
660,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default response\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook: playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];\n"
},
"typeVersion": 2
},
{
"id": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
840,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default fallback\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"name": "🧭 응답 라우터",
"type": "n8n-nodes-base.switch",
"position": [
1020,
-180
],
"parameters": {
"rules": {
"values": [
{
"outputKey": "notify",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "04b84cf7-971d-4f6e-a4c3-4609afd67140",
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "notify"
}
]
},
"renameOutput": true
},
{
"outputKey": "monitor",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "402dbac5-1a9e-4862-a281-7dfd42cf2729",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": " monitor"
}
]
},
"renameOutput": true
},
{
"outputKey": "islolation",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "b0100303-40c4-409e-8f95-b9cab699eedd",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "isolation"
}
]
},
"renameOutput": true
}
]
},
"options": {
"ignoreCase": true
}
},
"typeVersion": 3.2
},
{
"id": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"name": "알림 이메일 전송",
"type": "n8n-nodes-base.emailSend",
"position": [
1340,
-360
],
"webhookId": "decb9f47-14ee-49f7-9317-2d52a39f97bd",
"parameters": {
"html": "=<!DOCTYPE html>\n<html>\n<head>\n <style>\n body {\n font-family: Arial, sans-serif;\n color: #333;\n }\n h2 {\n color: #b30000;\n }\n .section {\n margin-bottom: 20px;\n }\n .section-critical {\n background-color: #ffe5e5;\n padding: 15px;\n border-left: 5px solid #cc0000;\n }\n .section-iocs {\n border: 1px solid #ccc;\n border-radius: 5px;\n padding: 10px;\n }\n .section-high {\n background-color: #fff3e0;\n padding: 15px;\n border-left: 5px solid #ff9800;\n }\n .next-steps {\n background-color: #e8f5e9;\n padding: 15px;\n border-left: 5px solid #4caf50;\n }\n table {\n width: 100%;\n border-collapse: collapse;\n margin-top: 10px;\n }\n th, td {\n padding: 8px;\n border: 1px solid #999;\n text-align: left;\n }\n .comment {\n font-style: italic;\n font-size: 0.95em;\n color: #555;\n margin-top: 10px;\n }\n </style>\n</head>\n<body>\n\n<h2>🚨 Critical Alert – {{ $json.cve.cve.CVE_data_meta.ID }}</h2>\n\n<div class=\"section section-critical\">\n <p><b>📰 Summary:</b> {{ $json.cve.description.description_data[0].value }}</p>\n <p><b>📉 Severity:</b> \n <span style=\"color: \n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'CRITICAL' ? 'red' : \n $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'HIGH' ? 'orange' : \n 'black' }}\">\n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\n </span>\n </p>\n <p><b>📊 CVSS Score:</b> {{ $json.cve.impact.baseMetricV3.cvssV3.baseScore }}</p>\n</div>\n\n<div class=\"section section-iocs\">\n <b>📌 Indicators of Compromise (IOCs)</b>\n <table>\n <tr><th>Type</th><th>Value</th></tr>\n {{ $json.iocs.map(ioc => `<tr><td>${ioc.type}</td><td>${ioc.value}</td></tr>`).join('') }}\n </table>\n</div>\n\n<div class=\"section section-high\">\n <b>🧠 AI Risk Evaluation</b>\n <ul>\n <li><b>aiRisk Score:</b> {{ $json.aiRisk }}</li>\n <li><b>LEV Score:</b> {{ $json.lev }}</li>\n <li><b>LEV Label:</b> {{ $json.levLabel }}</li>\n <li><b>Response Assigned:</b> \n <span style=\"color: darkred;\">{{ $json.response.playbook }}</span>\n </li>\n </ul>\n <div class=\"comment\">\n 💬 Based on AI analysis, this CVE meets critical exploitability thresholds with confirmed indicators in your threat environment. Immediate action is advised.\n </div>\n</div>\n\n<div class=\"section next-steps\">\n <b>✅ Next Steps:</b>\n <ol>\n <li>Isolate affected endpoints immediately</li>\n <li>Apply latest patches for {{ $json.cve.cve.CVE_data_meta.ID }}</li>\n <li>Update threat database and notify internal stakeholders</li>\n </ol>\n</div>\n\n</body>\n</html>\n<p style=\"font-size: 11px; color: #888;\">\n <hr style=\"border: none; border-top: 1px solid #ddd; margin: 24px 0;\">\n\n<p style=\"font-size: 11px; color: #888; line-height: 1.5;\">\n 🔒 Aligned with <strong>ACSC Essential Eight</strong> & <strong>ISM 2024</strong> (Australia), and structured using the <strong>NIST Cybersecurity Framework</strong> and <strong>ISO/IEC 27001</strong> principles.<br>\n Designed for SMEs and security teams worldwide.\n</p>\n\n<p style=\"font-size: 10px; color: #aaa;\">\n This alert was automatically generated by <strong>CYBERPULSEBlueOps</strong> using n8n.\n</p>\n",
"options": {},
"subject": "=🚨 Cyber Alert: {{ $json.response.playbook.toUpperCase() }} Required",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"name": "Google 시트에 로깅",
"type": "n8n-nodes-base.googleSheets",
"position": [
1340,
-180
],
"parameters": {
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultUrl": "",
"cachedResultName": ""
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"name": "HTTP 요청",
"type": "n8n-nodes-base.httpRequest",
"position": [
1340,
0
],
"parameters": {
"url": "https://edr-api.example.com/isolate",
"method": "POST",
"options": {},
"jsonBody": "={\n \"device_ip\": \"{{ $json.iocs[0].value }}\",\n \"cve_id\": \"{{ $json.cve.cve.CVE_data_meta.ID }}\",\n \"severity\": \"{{ $json.cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "Authorization"
},
{
"name": "Content-Type",
"value": "application/json"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"name": "분할",
"type": "n8n-nodes-base.splitOut",
"position": [
500,
-180
],
"parameters": {
"include": "allOtherFields",
"options": {},
"fieldToSplitOut": "iocs"
},
"typeVersion": 1
},
{
"id": "da91b5b0-a2ff-4d91-9837-eafdb1aa7ed4",
"name": "스티커 노트",
"type": "n8n-nodes-base.stickyNote",
"position": [
1600,
-380
],
"parameters": {
"color": 7,
"width": 560,
"height": 1160,
"content": "\n🛡️ CYBERPULSEBlueOps – Module 1: Threat Feed Ingestion\n\nVersion: 1.0\nLast Updated: 2025-06-04\nAuthor: Adnan Tariq\nStatus: ✅ Production-Ready\n\n🔍 Purpose\n\nAutomates daily ingestion of CVE and IOC threat feeds, enriches and evaluates risks using AI-based triage, and routes alerts to notification, isolation, or monitoring actions. Structured to align with compliance frameworks and operational defense workflows.\n\n🔗 Data Sources\n\nCVE Feed: GitHub Gist (cve_data)\n\nIOC Feed: GitHub Gist (ioc_data)\n\nIngest frequency: Daily via Cron Trigger\n\n🧠 Key Components\n\nAI – Risk Evaluation for aiRisk scoring\n\nAI – Triage Vulnerabilities for LEV scoring & labels\n\n📘 Response Router assigns notify, monitor, or isolate\n\nLogs exported to Google Sheets with:\n\nCVE_ID, Severity, Score, IOCs\n\naiRisk_score, LEV_score, LEV_label, response_action\n\nCompliance tags: ISM-0412, E8-6\n\n✅ Compliance Alignment\n\n ACSC Essential Eight (Australia)\n\n ISM 2024 Logging Guidelines\n\n NIST Cybersecurity Framework\n\n ISO/IEC 27001 Control Mapping\n\n✉️ Output\n\nHTML emails with risk-based alert summaries\n\nGoogle Sheets row logs\n\n(Optional) HTTP isolation request via EDR API\n\n⚠️ Do not modify node structure without understanding data propagation and rule routing. All logic assumes LEV triage is the decision root."
},
"typeVersion": 1
},
{
"id": "1bae77e9-6f51-4a51-85d6-051ad1198030",
"name": "스티커 노트1",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
-380
],
"parameters": {
"color": 7,
"width": 1080,
"height": 680,
"content": "\n🧠 What is Module 1?\nModule 1 is like a security robot that wakes up every morning, reads danger news from the internet (called CVEs and IOCs), checks how risky it is, and then tells the grown-ups what to do.\n\n🧾 Why are there 2 Google Sheet blocks?\n1️⃣ First Google Sheet:\n➡️ It writes down big dangerous alerts that need attention (like “Critical Virus Found!”).\nThis is like a red alert notebook.\n\n2️⃣ Second Google Sheet:\n➡️ It writes down everything it finds, even small stuff, in a daily logbook.\nThis is the diary of what the robot saw today.\n\n✉️ Why are there 2 Email Alerts?\n1️⃣ First Email:\n📨 Sends a special alert when something very risky happens (like an emergency siren).\nExample: \"This computer might be in big trouble!\"\n\n2️⃣ Second Email:\n📨 Sends a daily summary email with a table.\nExample: “Today I saw: 1 Critical, 1 Medium, 1 Low.”\n\n🌐 Why is there 1 HTTP Request?\n🌍 This is the robot’s panic button.\nIf the robot says, “This is too dangerous,” it can call another robot (like an EDR system) to shut down or isolate the infected computer.\n\nBut this button is optional — like only calling the fire truck when needed.\n\n💡 In Short:\n🧾 Two sheets: one for alerts, one for daily diary\n\n✉️ Two emails: one for emergency, one for daily summary\n\n🌐 One optional panic button: for calling help if danger is too high"
},
"typeVersion": 1
},
{
"id": "0a7a9166-b06d-4a48-9420-70af07392046",
"name": "스티커 노트2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
320
],
"parameters": {
"color": 7,
"width": 580,
"height": 180,
"content": "\n📘 Module 1 Glossary – What Each Term Means\n\n• **aiRisk** – AI-generated risk score (e.g. 6.5) based on CVE severity + behavior \n• **LEV Score** – Local Exploitability score (e.g. 0.93) — how likely it affects *you* \n• **LEV Label** – Text label from LEV score (e.g. `notify`, `monitor`, `isolate`) \n• **response_action** – What the system decided to do (e.g. alert, log, isolate) \n• **IOC** – Indicator of Compromise like a suspicious IP, domain, or file hash \n• **CVE** – Known vulnerability from public sources (e.g. CVE-2023-26479)\n"
},
"typeVersion": 1
},
{
"id": "c3323b86-bb2b-4d62-9dcc-2509a1a6b893",
"name": "스티커 노트3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
520
],
"parameters": {
"color": 7,
"width": 580,
"height": 480,
"content": "\n🛡️ Framework Integration Summary – Module 1\n\nACSC Essential Eight (Australia)\n✔ Implements daily threat monitoring and log collection, aligning with mitigation strategies like patching and application control.\n\nISM 2024 Logging Guidelines (Australia)\n✔ Logs high-risk CVEs, IOCs, and AI-evaluated actions to structured, queryable formats (Google Sheets, Emails).\n✔ Includes severity, timestamps, and response decisions — meets ISM log detail requirements.\n\nNIST Cybersecurity Framework (CSF) (US)\n✔ Aligns with:\n\nIdentify (tracking known CVEs),\n\nDetect (via AI risk analysis),\n\nRespond (action routing via LEV logic).\n\nISO/IEC 27001\n✔ Supports control A.12.4 (Event logging) and A.16 (Incident response) by providing automated alerts, logs, and response recommendations."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "b9d78a57-e42a-4b2a-92d4-30a29f06178a",
"connections": {
"2aa9749e-cf1d-49ee-8a82-b75a6a62d1af": {
"main": [
[
{
"node": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"type": "main",
"index": 0
}
]
]
},
"d5376f73-da94-4a39-9129-7f94c9b6d86c": {
"main": [
[
{
"node": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"type": "main",
"index": 0
}
]
]
},
"4123923e-bbbd-4234-8769-43dcd65cf9c8": {
"main": [
[]
]
},
"c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 0
}
]
]
},
"e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 1
}
]
]
},
"6dd8f1cf-4459-4496-b547-205da0aa2ab7": {
"main": [
[
{
"node": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"type": "main",
"index": 0
}
],
[
{
"node": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"type": "main",
"index": 0
}
],
[
{
"node": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"type": "main",
"index": 0
}
]
]
},
"2341d7f3-4f5e-4bf0-8b96-fb64c4d46344": {
"main": [
[]
]
},
"080ac947-b10c-4492-8f55-79e27b9982c0": {
"main": [
[
{
"node": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"type": "main",
"index": 0
}
]
]
},
"80c5acb7-743a-44d7-8482-a5d429a973bd": {
"main": [
[
{
"node": "68ccba75-0a92-4cd1-8306-24daafe59333",
"type": "main",
"index": 0
}
]
]
},
"b9325536-f714-437d-8dc3-2dfbfd6d58a7": {
"main": [
[
{
"node": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"type": "main",
"index": 0
},
{
"node": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"type": "main",
"index": 0
}
]
]
},
"3cbac00e-3bf1-4f68-99e2-e2027d3d2648": {
"main": [
[
{
"node": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"type": "main",
"index": 0
},
{
"node": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"type": "main",
"index": 0
}
]
]
},
"68ccba75-0a92-4cd1-8306-24daafe59333": {
"main": [
[
{
"node": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"type": "main",
"index": 0
},
{
"node": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"type": "main",
"index": 0
}
]
]
},
"9f74ff1c-57ae-48ae-989d-b27b64895c53": {
"main": [
[
{
"node": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"type": "main",
"index": 0
}
]
]
},
"6be8438a-956d-4ac6-94e5-dc22cebaa178": {
"main": [
[
{
"node": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"type": "main",
"index": 0
}
]
]
}
}
}자주 묻는 질문
이 워크플로우를 어떻게 사용하나요?
위의 JSON 구성 코드를 복사하여 n8n 인스턴스에서 새 워크플로우를 생성하고 "JSON에서 가져오기"를 선택한 후, 구성을 붙여넣고 필요에 따라 인증 설정을 수정하세요.
이 워크플로우는 어떤 시나리오에 적합한가요?
고급 - 보안 운영, AI 요약
유료인가요?
이 워크플로우는 완전히 무료이며 직접 가져와 사용할 수 있습니다. 다만, 워크플로우에서 사용하는 타사 서비스(예: OpenAI API)는 사용자 직접 비용을 지불해야 할 수 있습니다.
관련 워크플로우 추천
CyberScan Github 복사본
Nessus, 리스크 등급 및 Google Sheets 보고서 기반 AI 취약점 스캐너
If
Set
Code
+
If
Set
Code
39 노드Adnan Tariq
보안 운영
리드 생성 및 이메일 워크플로
Google 지도, SendGrid 및 AI를 사용한 B2B 잠재 고객 개발 및 이메일 마케팅 자동화
If
Set
Code
+
If
Set
Code
141 노드Ezema Kingsley Chibuzo
리드 생성
PCI 통제 평가 자동화
Google Sheets를 사용한 PCI DSS 통제 평가 및 규정 준수 추적 자동화
If
Set
Code
+
If
Set
Code
19 노드Adnan Tariq
보안 운영
매일 WhatsApp 그룹 지능형 분석: GPT-4.1 분석 및 음성 메시지 변환
매일 WhatsApp 그룹 지능 분석: GPT-4.1 분석 및 음성 메시지 트랜스크립션
If
Set
Code
+
If
Set
Code
52 노드Daniel Lianes
기타
M5 - 자동 응답기
보안 인시던트 대응 자동화: Google Sheets, 메일 경고 및 EDR 격리
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 노드Adnan Tariq
보안 운영
M4 - 이벤트 분류기
GPT-4와 Google Sheets로 SOC 팀 보안 인시던트 자동 분류
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 노드Adnan Tariq
보안 운영
워크플로우 정보
난이도
고급
노드 수21
카테고리2
노드 유형10
저자
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
외부 링크
n8n.io에서 보기 →
이 워크플로우 공유