带RSS源的自动化漏洞新闻摘要
中级
这是一个SecOps领域的自动化工作流,包含 7 个节点。主要使用 If, Code, Slack, RssFeedReadTrigger 等节点。 使用RSS源和Slack通知监控CISA关键漏洞警报
前置要求
- •Slack Bot Token 或 Webhook URL
分类
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "9AQd9r6sPeEbpy2a",
"meta": {
"instanceId": "a287613f1596da776459594685fbf4e2b4a12124f80ab8c8772f5e37bff103ae",
"templateCredsSetupCompleted": true
},
"name": "带 RSS 源的自动化漏洞新闻摘要",
"tags": [],
"nodes": [
{
"id": "bf19314a-9ce9-4ecf-9674-4e2d6c75a6ca",
"name": "CISA KEV 列表",
"type": "n8n-nodes-base.rssFeedReadTrigger",
"position": [
0,
0
],
"parameters": {
"feedUrl": "https://www.cisa.gov/rss/advisories/known-exploited-vulnerabilities.xml",
"pollTimes": {
"item": [
{
"mode": "everyMinute"
},
{
"hour": 12
}
]
}
},
"typeVersion": 1
},
{
"id": "0d146f40-12ff-41e1-8447-8ffac5ce96dc",
"name": "格式化漏洞警报",
"type": "n8n-nodes-base.code",
"position": [
224,
0
],
"parameters": {
"jsCode": "const vulnerabilityTitle = $json.title;\nconst vulnerabilityLink = $json.link;\nconst vulnerabilityDescription = $json.description.replace(/(<([^>]+)>)/ig, '').slice(0, 300) + '...'; // Strip HTML, truncate\n\n// You can add logic here to parse specific details if they are consistently structured in the RSS description.\n// For example, extracting CVE ID if it's always in a specific format.\n\nreturn [{\n json: {\n ...$json, // Keep original data if needed\n alertMessage: `🚨 *New Known Exploited Vulnerability!* 🚨\\n\\n*Title:* ${vulnerabilityTitle}\\n*Summary:* ${vulnerabilityDescription}\\n*Learn More:* ${vulnerabilityLink}\\n\\n_Action Required: Review and assess impact._`\n }\n}];"
},
"typeVersion": 2
},
{
"id": "825444b4-b8d1-44e3-a61a-74380919f8a9",
"name": "是否为关键漏洞?",
"type": "n8n-nodes-base.if",
"position": [
448,
0
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "54899a2f-daf0-48f2-9705-ea819ae75857",
"operator": {
"type": "string",
"operation": "contains"
},
"leftValue": "={{ $json.title.toLowerCase() }}",
"rightValue": "\"critical\""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "75c8738b-0f46-4cb6-a9a0-c3ffb2a91e0b",
"name": "发送关键警报",
"type": "n8n-nodes-base.slack",
"position": [
672,
-96
],
"webhookId": "5cd5dc11-6961-44f9-81dc-21c99c52865c",
"parameters": {
"text": "={{ $json.alertMessage }}",
"user": {
"__rl": true,
"mode": "id",
"value": "[YOUR_SECURITY_TEAM_SLACK_CHANNEL_ID]"
},
"select": "user",
"otherOptions": {}
},
"credentials": {
"slackApi": {
"id": "AFKF0YsguyhsagR0",
"name": "temp"
}
},
"typeVersion": 2.3
},
{
"id": "47984814-c736-45f2-8b20-03aa252dd853",
"name": "无操作,不执行任何操作",
"type": "n8n-nodes-base.noOp",
"position": [
672,
96
],
"parameters": {},
"typeVersion": 1
},
{
"id": "64aa387e-1cd2-4004-b691-a9803fcbf312",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-48,
-192
],
"parameters": {
"color": 3,
"width": 928,
"height": 480,
"content": "# 工作流"
},
"typeVersion": 1
},
{
"id": "8a13ab3a-b055-40cc-bad2-4875d03aba4b",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-48,
352
],
"parameters": {
"color": 5,
"width": 928,
"height": 864,
"content": "# 🚨 自动化漏洞新闻摘要 📰"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "3a4bc78e-d50e-49b1-aa84-6932c968dd63",
"connections": {
"CISA KEV List": {
"main": [
[
{
"node": "Format Vulnerability Alert",
"type": "main",
"index": 0
}
]
]
},
"Format Vulnerability Alert": {
"main": [
[
{
"node": "Is Critical Vulnerability?",
"type": "main",
"index": 0
}
]
]
},
"Is Critical Vulnerability?": {
"main": [
[
{
"node": "Send Critical Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "No Operation, do nothing",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
简单网络安全品牌/漏洞提及监控器
监控X平台网络安全品牌提及并发送警报到Slack
If
Code
Slack
+4
8 节点Marth
安全运维
带Slack的自动化文件完整性检查
使用SSH监控远程服务器文件完整性并发送Slack警报
If
Ssh
Code
+4
8 节点Marth
安全运维
基于Slack的自动化域名/IP黑名单监控
使用Slack警报监控AbuseIPDB黑名单中的域名和IP
If
Code
Slack
+3
7 节点Marth
安全运维
使用HIBP API的自动化数据泄露监控
使用HIBP API监控邮箱数据泄露并发送Slack警报
If
Code
Slack
+3
7 节点Marth
安全运维
带Slack的简单日志异常检测器
监控安全日志中的失败登录尝试并通过Slack发送警报
If
Code
Slack
+3
7 节点Marth
安全运维
SSL/TLS证书到期监控与Slack告警
带Slack告警的SSL/TLS证书到期监控
If
Code
Slack
+3
7 节点Marth
安全运维
工作流信息
难度等级
中级
节点数量7
分类1
节点类型6
作者
Marth
@marthSimplifying Business with Smart Automation. I create and share user-friendly, highly efficient n8n workflow templates for SMEs, focusing on digital marketing, sales, and operational excellence. Get ready to automate, innovate, and elevate your business. Connect me on Linkedin for custom solutions.
外部链接
在 n8n.io 查看 →
分享此工作流