8
n8n 中文网amn8n.com

使用NixGuard AI和Wazuh警报创建高管安全简报

中级

这是一个SecOps, AI Summarization领域的自动化工作流,包含 13 个节点。主要使用 If, Set, Code, EmailSend, ExecuteWorkflow 等节点。 使用NixGuard AI和Wazuh警报创建高管安全简报

前置要求
  • 无特殊前置要求,导入即可使用
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
  "meta": {
    "instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
    "templateCredsSetupCompleted": true
  },
  "nodes": [
    {
      "id": "ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29",
      "name": "每天上午 8 点运行",
      "type": "n8n-nodes-base.scheduleTrigger",
      "position": [
        760,
        1380
      ],
      "parameters": {
        "rule": {
          "interval": [
            {
              "field": "hours"
            }
          ]
        }
      },
      "typeVersion": 1.1
    },
    {
      "id": "8af0ca21-63aa-43a0-8755-85b006590435",
      "name": "解析警报数组",
      "type": "n8n-nodes-base.code",
      "position": [
        760,
        1620
      ],
      "parameters": {
        "jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n  const alerts = JSON.parse(jsonString);\n  \n  // Check if the result is a non-empty array.\n  if (Array.isArray(alerts) && alerts.length > 0) {\n    // Success! Pass the alerts to the next node.\n    return [{ json: { alerts } }];\n  }\n} catch (e) {\n  // This will catch errors if the cleaned string is still not valid JSON.\n  console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n  console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
      },
      "typeVersion": 2
    },
    {
      "id": "7d51a628-b285-4699-9068-9bed2ceea231",
      "name": "设置摘要提示",
      "type": "n8n-nodes-base.set",
      "position": [
        1460,
        1600
      ],
      "parameters": {
        "values": {
          "string": [
            {
              "name": "chatInput",
              "value": "Act as a senior security analyst reporting to a non-technical executive. The following is a JSON array of all high-severity security alerts from the last 24 hours.\n\nYour tasks are:\n1. Start with a single sentence summarizing the day's overall security risk (e.g., 'The security posture today is stable with minor configurable issues detected.').\n2. State the total number of critical alerts found.\n3. In 3-4 clear bullet points using Markdown, summarize the most significant activities or threat patterns observed. Focus on business impact, not technical jargon.\n4. Conclude with a single, clear recommendation (e.g., 'No immediate action required' or 'Recommend prioritizing patches for web servers.').\n\nHere is the raw alert data:\n{{ JSON.stringify($json.alerts) }}"
            },
            {
              "name": "apiKey",
              "value": ""
            }
          ]
        },
        "options": {}
      },
      "typeVersion": 2
    },
    {
      "id": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
      "name": "设置 API 密钥和初始提示",
      "type": "n8n-nodes-base.set",
      "position": [
        980,
        1380
      ],
      "parameters": {
        "values": {
          "string": [
            {
              "name": "apiKey",
              "value": ""
            },
            {
              "name": "chatInput",
              "value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
            }
          ]
        },
        "options": {}
      },
      "typeVersion": 2
    },
    {
      "id": "edca6750-8948-4de8-89f2-290163db7480",
      "name": "设置最终简报",
      "type": "n8n-nodes-base.set",
      "position": [
        1460,
        1820
      ],
      "parameters": {
        "values": {
          "string": [
            {
              "name": "executive_summary",
              "value": "={{ $json.output }}"
            }
          ]
        },
        "options": {}
      },
      "typeVersion": 2
    },
    {
      "id": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
      "name": "执行:获取每日事件为 JSON(使用 NixGuard RAG 和 Wazuh 集成获取实时安全洞察)",
      "type": "n8n-nodes-base.executeWorkflow",
      "position": [
        1220,
        1380
      ],
      "parameters": {
        "options": {},
        "workflowId": {
          "__rl": true,
          "mode": "list",
          "value": "I0nUORqYTwDFZa51",
          "cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
        },
        "workflowInputs": {
          "value": {},
          "schema": [],
          "mappingMode": "defineBelow",
          "matchingColumns": [],
          "attemptToConvertTypes": false,
          "convertFieldsToString": true
        }
      },
      "typeVersion": 1.2
    },
    {
      "id": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
      "name": "执行:生成执行摘要(使用 NixGuard RAG 和 Wazuh 集成获取实时安全洞察)",
      "type": "n8n-nodes-base.executeWorkflow",
      "position": [
        1680,
        1600
      ],
      "parameters": {
        "options": {},
        "workflowId": {
          "__rl": true,
          "mode": "list",
          "value": "I0nUORqYTwDFZa51",
          "cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
        },
        "workflowInputs": {
          "value": {},
          "schema": [],
          "mappingMode": "defineBelow",
          "matchingColumns": [],
          "attemptToConvertTypes": false,
          "convertFieldsToString": true
        }
      },
      "typeVersion": 1.2
    },
    {
      "id": "1e7172f8-c728-4640-8633-f141fd1b94c4",
      "name": "如果",
      "type": "n8n-nodes-base.if",
      "position": [
        1040,
        1620
      ],
      "parameters": {
        "options": {},
        "conditions": {
          "options": {
            "version": 2,
            "leftValue": "",
            "caseSensitive": true,
            "typeValidation": "strict"
          },
          "combinator": "and",
          "conditions": [
            {
              "id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
              "operator": {
                "type": "array",
                "operation": "exists",
                "singleValue": true
              },
              "leftValue": "={{ $json.alerts }}",
              "rightValue": ""
            }
          ]
        }
      },
      "typeVersion": 2.2
    },
    {
      "id": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
      "name": "发送邮件",
      "type": "n8n-nodes-base.emailSend",
      "position": [
        1880,
        1820
      ],
      "parameters": {
        "html": "={{ $json.html_summary }}",
        "options": {},
        "subject": "Daily AI Cyber Security Briefing"
      },
      "typeVersion": 2.1
    },
    {
      "id": "4e771aef-10d4-4be8-8432-23bbf852f58f",
      "name": "工作流概述",
      "type": "n8n-nodes-base.stickyNote",
      "position": [
        1380,
        1020
      ],
      "parameters": {
        "color": 7,
        "width": 540,
        "height": 340,
        "content": "## 💡 工作流概述:每日 AI 安全简报"
      },
      "typeVersion": 1
    },
    {
      "id": "47bb91e9-48e8-437d-a736-0f98ffcd923e",
      "name": "设置指南",
      "type": "n8n-nodes-base.stickyNote",
      "position": [
        940,
        920
      ],
      "parameters": {
        "color": 7,
        "width": 400,
        "height": 420,
        "content": "## ⚙️ 4 步设置指南"
      },
      "typeVersion": 1
    },
    {
      "id": "fab467cd-7e63-4606-9da4-a677dd7082b3",
      "name": "将 Markdown 转换为 HTML",
      "type": "n8n-nodes-base.code",
      "position": [
        1660,
        1820
      ],
      "parameters": {
        "jsCode": "/**\n * WARNING: This is a simplified, lightweight Markdown to HTML converter.\n * It does NOT use a dedicated library and will only handle a limited subset of Markdown:\n * - Headings (h1, h2, h3)\n * - Bold text (**text**)\n * - Unordered list items (* item)\n * - Paragraphs (double newlines)\n * It will FAIL on complex cases like nested lists, tables, or code blocks.\n * For robust conversion, using the 'marked' library is strongly recommended.\n */\n\nfunction simpleMarkdownToHtml(markdown) {\n  let html = markdown\n    // Escape HTML to prevent injection from the input\n    .replace(/&/g, '&')\n    .replace(/</g, '<')\n    .replace(/>/g, '>');\n\n  // Block Elements (order matters)\n  html = html\n    .replace(/^### (.*$)/gim, '<h3>$1</h3>')\n    .replace(/^## (.*$)/gim, '<h2>$1</h2>')\n    .replace(/^# (.*$)/gim, '<h1>$1</h1>')\n    .replace(/^\\* (.*$)/gim, '<li>$1</li>');\n\n  // Inline Elements\n  html = html\n    .replace(/\\*\\*(.*?)\\*\\*/g, '<strong>$1</strong>')\n    .replace(/__(.*?)__/g, '<strong>$1</strong>') // Alternative bold\n    .replace(/\\*(.*?)\\*/g, '<em>$1</em>')\n    .replace(/_(.*?)_/g, '<em>$1</em>'); // Alternative italics\n\n  // Paragraphs and Line Breaks\n  // Wrap list items in <ul>\n  html = html.replace(/<li>(.|\\n)*?<li>/g, '<ul>$&');\n  html = html.replace(/(<\\/li>)(?!.*<li>)/g, '$1</ul>');\n  // Convert remaining newlines to <br> or wrap in <p>\n  html = html.replace(/\\n/g, '<br>');\n\n  return html;\n}\n\nconst markdownSummary = $input.first().json.executive_summary;\nconst htmlSummary = simpleMarkdownToHtml(markdownSummary);\n\n$input.first().json.html_summary = htmlSummary;\n\nreturn $input.all();\n"
      },
      "typeVersion": 2
    },
    {
      "id": "a20f8e25-d1f8-47fb-8378-3b4479882ffc",
      "name": "设置指南",
      "type": "n8n-nodes-base.stickyNote",
      "position": [
        500,
        900
      ],
      "parameters": {
        "color": 7,
        "width": 400,
        "height": 440,
        "content": "## 开始使用"
      },
      "typeVersion": 1
    }
  ],
  "pinData": {},
  "connections": {
    "If": {
      "main": [
        [
          {
            "node": "Set Prompt for Summary",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Parse Alert Array": {
      "main": [
        [
          {
            "node": "If",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Run Daily at 8 AM": {
      "main": [
        [
          {
            "node": "Set API Key & Initial Prompt",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Set Final Briefing": {
      "main": [
        [
          {
            "node": "Convert Markdown to HTML",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Set Prompt for Summary": {
      "main": [
        [
          {
            "node": "Execute: Generate Executive Summary (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Convert Markdown to HTML": {
      "main": [
        [
          {
            "node": "Send Email",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Set API Key & Initial Prompt": {
      "main": [
        [
          {
            "node": "Execute: Get Daily Events as JSON (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Execute: Get Daily Events as JSON (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)": {
      "main": [
        [
          {
            "node": "Parse Alert Array",
            "type": "main",
            "index": 0
          }
        ]
      ]
    },
    "Execute: Generate Executive Summary (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)": {
      "main": [
        [
          {
            "node": "Set Final Briefing",
            "type": "main",
            "index": 0
          }
        ]
      ]
    }
  }
}
常见问题

如何使用这个工作流?

复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。

这个工作流适合什么场景?

中级 - 安全运维, AI 摘要总结

需要付费吗?

本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。

工作流信息
难度等级
中级
节点数量13
分类2
节点类型7
难度说明

适合有一定经验的用户,包含 6-15 个节点的中等复杂度工作流

作者
Jonathan | NEX

Jonathan | NEX

@nex

Engineer, Builder, AI enthusiast

外部链接
在 n8n.io 查看

分享此工作流