通过NixGuard RAG和Wazuh集成获取实时安全洞察
中级
这是一个SecOps领域的自动化工作流,包含 15 个节点。主要使用 Set, Code, Merge, Aggregate, HttpRequest 等节点。 通过NixGuard RAG和Wazuh集成获取实时安全洞察
前置要求
- •可能需要目标 API 的认证凭证
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "I0nUORqYTwDFZa51",
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a"
},
"name": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration",
"tags": [
{
"id": "q7fiN9zbxrNmsNbT",
"name": "NixGuard",
"createdAt": "2025-06-10T17:12:53.669Z",
"updatedAt": "2025-06-10T17:12:53.669Z"
},
{
"id": "CaOFkWRRUPhl5zch",
"name": "NEX",
"createdAt": "2025-06-10T17:12:57.408Z",
"updatedAt": "2025-06-10T17:12:57.408Z"
},
{
"id": "pQg0XfRi6hFoyuVB",
"name": "Wazuh",
"createdAt": "2025-06-10T17:13:00.952Z",
"updatedAt": "2025-06-10T17:13:00.952Z"
},
{
"id": "nBFKoKp6KIhjRaEn",
"name": "Security",
"createdAt": "2025-06-10T17:13:09.106Z",
"updatedAt": "2025-06-10T17:13:09.106Z"
},
{
"id": "to1DVLh70D0WBlIi",
"name": "Cybersecurity",
"createdAt": "2025-06-10T17:13:17.593Z",
"updatedAt": "2025-06-10T17:13:17.593Z"
}
],
"nodes": [
{
"id": "dc94efb5-91a0-4d2b-9cd0-e72b1e97498d",
"name": "当收到聊天消息时",
"type": "@n8n/n8n-nodes-langchain.chatTrigger",
"disabled": true,
"position": [
-400,
-80
],
"webhookId": "ec75b9db-22e6-4bb3-88c1-66afced7d2e5",
"parameters": {
"options": {}
},
"typeVersion": 1.1
},
{
"id": "de233ffa-d892-4b6a-997f-5a7af8b51db8",
"name": "执行工作流触发器",
"type": "n8n-nodes-base.executeWorkflowTrigger",
"position": [
-400,
100
],
"parameters": {},
"typeVersion": 1
},
{
"id": "ce9d6961-8cf9-435b-9ba9-88cc043ac60f",
"name": "Send Request to NixGuard API",
"type": "n8n-nodes-base.httpRequest",
"position": [
640,
120
],
"parameters": {
"url": "https://nix.thenex.world",
"method": "POST",
"options": {},
"sendBody": true,
"jsonHeaders": "{\"Content-Type\": \"application/json\"}",
"sendHeaders": true,
"bodyParameters": {
"parameters": [
{
"name": "apiKey",
"value": "={{ $json.apiKey }}"
},
{
"name": "prompt",
"value": "={{ $json.chatInput }}"
}
]
},
"specifyHeaders": "json"
},
"typeVersion": 4.2
},
{
"id": "aa084f8f-8f81-4079-a61a-3f3772ed351a",
"name": "Format API Response",
"type": "n8n-nodes-base.set",
"position": [
780,
340
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "e41e3031-3669-432b-a669-8ece63e0a2a4",
"name": "content",
"type": "string",
"value": "={{ $json.content }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "b3bb011b-cf24-4c9e-b4aa-20f6718cc798",
"name": "Prepare Final Output",
"type": "n8n-nodes-base.code",
"position": [
940,
280
],
"parameters": {
"jsCode": "const output = items[0].json.content;\n\nreturn [{json: {output}}];"
},
"typeVersion": 2
},
{
"id": "283c8732-fe9e-4e85-83f4-9ff00241b08b",
"name": "Parse NixGuard Response",
"type": "n8n-nodes-base.code",
"position": [
620,
400
],
"parameters": {
"jsCode": "const nixResponse = JSON.parse($input.first().json.data);\nconst nixResult = nixResponse.result;\n\nreturn nixResponse;"
},
"typeVersion": 2
},
{
"id": "1bd49a13-db15-45ac-8d83-3a198b6d401c",
"name": "Merge Input Data",
"type": "n8n-nodes-base.merge",
"position": [
160,
-20
],
"parameters": {},
"typeVersion": 3
},
{
"id": "60ce604d-a084-4895-9c3b-37ff29f98fd4",
"name": "Aggregate Security Data",
"type": "n8n-nodes-base.aggregate",
"position": [
320,
40
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData"
},
"typeVersion": 1
},
{
"id": "9835ff41-0cae-491f-aade-2e8981c10232",
"name": "Combine Security Data",
"type": "n8n-nodes-base.code",
"position": [
480,
80
],
"parameters": {
"jsCode": "\n// Combine properties from both objects into a single object \nconst combinedObject = Object.assign({}, ...$input.first().json.data); \n// Return the combined object as a single item \nreturn [combinedObject];"
},
"typeVersion": 2
},
{
"id": "9df08e53-a3df-434b-ba8e-909bfae11d24",
"name": "Prepare API Request Data",
"type": "n8n-nodes-base.set",
"disabled": true,
"position": [
-200,
-80
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "78b78cf7-943f-4f4f-91c5-c71efeb7d78a",
"name": "apiKey",
"type": "string",
"value": ""
},
{
"id": "0ee0f3f2-2954-414b-a701-4ca14e3c5be2",
"name": "sessionId",
"type": "string",
"value": "={{ $json.sessionId }}"
},
{
"id": "a0f7d4d4-0ac7-474e-b87a-b87536f5e303",
"name": "action",
"type": "string",
"value": "={{ $json.action }}"
},
{
"id": "3d047460-d218-4408-aa7a-466f55a5de24",
"name": "chatInput",
"type": "string",
"value": "={{ $json.chatInput }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "1a040e52-30fb-4556-ac2c-71f173075d89",
"name": "Data Aggregation",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
140
],
"parameters": {
"color": 7,
"width": 400,
"height": 340,
"content": "## Data Aggregation\n\nThis section combines multiple security data sources:\n1. **Merge Input Data**: Combines triggers from different sources\n2. **Aggregate Security Data**: Consolidates security events\n3. **Combine Security Data**: Creates unified request payload\n\n### Use Cases:\n- Correlate Wazuh alerts with NixGuard insights\n- Combine multiple security queries\n- Process batch security events"
},
"typeVersion": 1
},
{
"id": "a4d8b9d0-84e2-4732-ac67-85985343a67c",
"name": "设置指南",
"type": "n8n-nodes-base.stickyNote",
"position": [
-860,
320
],
"parameters": {
"color": 7,
"width": 400,
"height": 420,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n- Access to Wazuh security data (if integrating)\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
},
{
"id": "a94e8519-9783-4b2f-8ca9-e3e571784e40",
"name": "Workflow Overview1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-960,
-80
],
"parameters": {
"color": 7,
"width": 500,
"height": 380,
"content": "## NixGuard Security Connector Workflow\n\nThis workflow integrates NixGuard's RAG (Retrieval-Augmented Generation) with Wazuh security data to provide real-time security insights.\n\n### Key Features:\n- Processes security queries through NixGuard's AI\n- Combines multiple security data sources\n- Returns actionable security insights\n\n### Authentication:\nRequires valid API key for NixGuard endpoint (configured in 'Prepare API Request Data' node)."
},
"typeVersion": 1
},
{
"id": "69fd8854-8025-462f-b078-73b86803a8c7",
"name": "API Request Explanation1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
500
],
"parameters": {
"color": 7,
"width": 400,
"height": 380,
"content": "## API Request Configuration\n\nThis node sends the security query to NixGuard's API endpoint with:\n- Proper authentication headers\n- Formatted request body\n- Required content type\n\n### Configuration:\n1. Set your NixGuard API endpoint URL\n2. Ensure headers include `Content-Type: application/json`\n3. Body contains:\n - `apiKey`: Your NixGuard API key\n - `prompt`: The security query/input"
},
"typeVersion": 1
},
{
"id": "b4d557c8-6db5-42d6-bf6a-6edbe4c84dec",
"name": "Response Processing1",
"type": "n8n-nodes-base.stickyNote",
"position": [
800,
500
],
"parameters": {
"color": 7,
"width": 400,
"height": 320,
"content": "## Response Processing\n\nThis section handles the NixGuard API response:\n1. **Parse NixGuard Response**: Converts JSON string to object\n2. **Format API Response**: Extracts relevant content\n3. **Prepare Final Output**: Structures output for end users\n\n### Error Handling:\n- Invalid responses will trigger error paths\n- Ensure proper error handling in subsequent workflows"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "130b7c1c-428f-45c4-934c-14653965820d",
"connections": {
"Merge Input Data": {
"main": [
[
{
"node": "Aggregate Security Data",
"type": "main",
"index": 0
}
]
]
},
"Format API Response": {
"main": [
[
{
"node": "Prepare Final Output",
"type": "main",
"index": 0
}
]
]
},
"Combine Security Data": {
"main": [
[
{
"node": "Send Request to NixGuard API",
"type": "main",
"index": 0
}
]
]
},
"Aggregate Security Data": {
"main": [
[
{
"node": "Combine Security Data",
"type": "main",
"index": 0
}
]
]
},
"Parse NixGuard Response": {
"main": [
[
{
"node": "Format API Response",
"type": "main",
"index": 0
}
]
]
},
"Execute Workflow Trigger": {
"main": [
[
{
"node": "Merge Input Data",
"type": "main",
"index": 0
}
]
]
},
"Prepare API Request Data": {
"main": [
[
{
"node": "Merge Input Data",
"type": "main",
"index": 0
}
]
]
},
"When chat message received": {
"main": [
[
{
"node": "Prepare API Request Data",
"type": "main",
"index": 0
}
]
]
},
"Send Request to NixGuard API": {
"main": [
[
{
"node": "Parse NixGuard Response",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
自动化安全警报分类:NixGuard AI并路由到Slack或Jira
自动化安全警报分类:NixGuard AI并路由到Slack或Jira
If
Set
Code
+6
19 节点Jonathan | NEX
安全运维
基于Voyage-Context-3嵌入和MongoDB Atlas的文档问答系统
基于Voyage-Context-3嵌入和MongoDB Atlas的文档问答系统
Set
Code
Wait
+18
53 节点Jimleuk
工程
在可视化参考库中探索n8n节点
在可视化参考库中探索n8n节点
If
Ftp
Set
+93
113 节点I versus AI
其他
⚡📽️ 终极AI驱动的YouTube摘要与分析聊天机器人
⚡📽️ 用于YouTube摘要与分析的全能AI聊天机器人
Set
Code
Merge
+11
29 节点Joseph LePage
人工智能
分析Gmail邮件头以检测IP信誉和欺骗
分析Gmail邮件头以检测IP信誉和欺骗
If
Set
Code
+9
40 节点Angel Menendez
安全运维
分析Outlook邮件头以检测IP信誉和欺骗
分析Outlook邮件头以检测IP信誉和欺骗
If
Set
Code
+9
41 节点Angel Menendez
安全运维
