M3 - 端点风险聚合器
中级
这是一个SecOps领域的自动化工作流,包含 9 个节点。主要使用 Cron, Merge, Function, HttpRequest, GoogleSheets 等节点。 使用EDR、漏洞数据和Google Sheets聚合端点安全风险评分
前置要求
- •可能需要目标 API 的认证凭证
- •Google Sheets API 凭证
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "H2HCZMMXmK78wDkA",
"meta": {
"instanceId": "6feff41aadeb8409737e26476f9d0a45f95eec6a9c16afff8ef87a662455b6df"
},
"name": "M3 - 端点风险聚合器",
"tags": [],
"nodes": [
{
"id": "14fe3db0-79b1-48f7-b511-cf9673606a8d",
"name": "⏰ 定时触发器 - 每日",
"type": "n8n-nodes-base.cron",
"position": [
0,
0
],
"parameters": {},
"typeVersion": 1
},
{
"id": "6bc84d47-2c24-4f8e-ac67-bd0791073866",
"name": "🛡 获取 EDR 日志",
"type": "n8n-nodes-base.httpRequest",
"position": [
220,
0
],
"parameters": {},
"typeVersion": 1
},
{
"id": "47589ec4-9d8f-48b6-aa02-8cb9ec2bf26c",
"name": "🗃 获取文件完整性日志",
"type": "n8n-nodes-base.httpRequest",
"position": [
220,
400
],
"parameters": {},
"typeVersion": 1
},
{
"id": "68d90599-7f4e-43dd-b603-0a62228adb3a",
"name": "🧬 获取漏洞数据",
"type": "n8n-nodes-base.httpRequest",
"position": [
220,
200
],
"parameters": {},
"typeVersion": 1
},
{
"id": "80f9847c-87fc-4e22-a2c5-8bec50b9be91",
"name": "🔀 合并端点信号",
"type": "n8n-nodes-base.merge",
"position": [
420,
140
],
"parameters": {},
"typeVersion": 1
},
{
"id": "e4a1d4c4-f9cb-48e4-8532-0d15a76860f0",
"name": "🔀 合并 + FIM 日志",
"type": "n8n-nodes-base.merge",
"position": [
420,
360
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "ecf40cba-8067-428b-a780-d7e56d7397c1",
"name": "🧠 风险评分计算器",
"type": "n8n-nodes-base.function",
"position": [
220,
580
],
"parameters": {},
"typeVersion": 1
},
{
"id": "dae4094a-6907-4183-ba11-8c433d4c1356",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
580
],
"parameters": {},
"typeVersion": 4.5
},
{
"id": "767a6b21-e2a6-4c16-ba73-ee40d4c91770",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-340,
220
],
"parameters": {
"content": ""
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "1a3b8c62-b45a-40b8-a216-ca2523bcb866",
"connections": {
"🛡 Get EDR Logs": {
"main": [
[
{
"node": "🔀 Merge Endpoint Signals",
"type": "main",
"index": 0
}
]
]
},
"🔀 Merge + FIM Logs": {
"main": [
[
{
"node": "🧠 Risk Score Calculator",
"type": "main",
"index": 0
}
]
]
},
"⏰ Cron Trigger – Daily": {
"main": [
[
{
"node": "🛡 Get EDR Logs",
"type": "main",
"index": 0
}
]
]
},
"🧠 Risk Score Calculator": {
"main": [
[
{
"node": "Google Sheets",
"type": "main",
"index": 0
}
]
]
},
"🔀 Merge Endpoint Signals": {
"main": [
[
{
"node": "🔀 Merge + FIM Logs",
"type": "main",
"index": 0
}
]
]
},
"🧬 Get Vulnerability Data": {
"main": [
[
{
"node": "🔀 Merge Endpoint Signals",
"type": "main",
"index": 1
}
]
]
},
"🗃 Get File Integrity Logs": {
"main": [
[
{
"node": "🔀 Merge + FIM Logs",
"type": "main",
"index": 1
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
M2 - 资产丰富引擎
使用Google表格和邮件提醒将CVE威胁匹配到内部资产
Cron
Merge
Function
+3
10 节点Adnan Tariq
安全运维
CyberScan Github 副本
基于 Nessus、风险分级和 Google Sheets 报告的 AI 漏洞扫描器
If
Set
Code
+8
39 节点Adnan Tariq
安全运维
CYBERPULSEBlueOps_模块1 客户端副本1
自动CVE和IOC数据源摄取,含OpenAI风险评估和邮件警报
If
Code
Merge
+7
21 节点Adnan Tariq
安全运维
M6 - 仪表盘和报告
Google表格、AI风险分析和邮件警报的实时安全威胁仪表盘
If
Code
Merge
+7
21 节点Adnan Tariq
安全运维
M4 - 事件分类器
使用GPT-4和Google Sheets为SOC团队自动分类安全事件
Set
Http Request
Google Sheets
+2
6 节点Adnan Tariq
安全运维
自动化 PCI 控制评估
使用Google Sheets自动化PCI DSS控制评估与合规性跟踪
If
Set
Code
+5
19 节点Adnan Tariq
安全运维
工作流信息
难度等级
中级
节点数量9
分类1
节点类型6
作者
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
外部链接
在 n8n.io 查看 →
分享此工作流