Wazuh_Alert_Investigation 副本
中级
这是一个SecOps, AI Summarization领域的自动化工作流,包含 6 个节点。主要使用 If, Webhook, Telegram, LmChatOpenAi, ChainSummarization 等节点。 使用 GPT-4o-mini 和 Telegram 自动化 Wazuh 告警分诊和报告
前置要求
- •HTTP Webhook 端点(n8n 会自动生成)
- •Telegram Bot Token
- •OpenAI API Key
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "",
"meta": {
"instanceId": "",
"templateCredsSetupCompleted": true
},
"name": "Wazuh_Alert_Investigation 副本",
"tags": [
{
"id": "",
"name": "Github",
"createdAt": "2025-07-08T08:24:29.609Z",
"updatedAt": "2025-07-08T08:24:29.609Z"
}
],
"nodes": [
{
"id": "",
"name": "如果",
"type": "n8n-nodes-base.if",
"position": [
240,
-20
],
"parameters": {
"options": {
"ignoreCase": true
},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.body.severity }}",
"rightValue": "1 low"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "",
"name": "Wazuh 警报",
"type": "n8n-nodes-base.webhook",
"position": [
-20,
-20
],
"webhookId": "",
"parameters": {
"path": "",
"options": {
"rawBody": true
},
"httpMethod": "POST"
},
"typeVersion": 2
},
{
"id": "",
"name": "无操作",
"type": "n8n-nodes-base.noOp",
"position": [
260,
200
],
"parameters": {},
"typeVersion": 1
},
{
"id": "",
"name": "调查摘要",
"type": "@n8n/n8n-nodes-langchain.chainSummarization",
"position": [
540,
-40
],
"parameters": {
"options": {
"summarizationMethodAndPrompts": {
"values": {
"prompt": "You are the experinced SOC AI Analyst designed by Mariskarthick M, Analyse the following and provide the detailed investigation with the below mentioned format.\n\n\"{text}\"\n\nconicise summary",
"combineMapPrompt": "You are the experinced SOC AI Analyst designed by Mariskarthick M, Analyse the following and provide the detailed investigation with the below mentioned format.\n\n#Analyse:\n{{ $json.body.all_fields.full_log }}\n\n#Format:\nAlert Name: \nAlert Description: (describe about that alert)\nMitre Tactic & Technique\nImpacted Scope: Source IP, Destiantion IP, Host Machine\n\nExternal Artificats Reputation check:\n\nAnalysis:\n\nSecurity Recommendations.\n\nPlease make the investigation report in organized way and each fields line by line.\n {{ $json.body }}"
}
}
}
},
"typeVersion": 2.1
},
{
"id": "",
"name": "SOC 团队",
"type": "n8n-nodes-base.telegram",
"position": [
920,
-20
],
"webhookId": "",
"parameters": {
"text": "={{ \n $json.output.text\n .replaceAll('\\\\', '') // Remove escape slashes\n .replaceAll('*', '') // Remove Markdown stars\n .replaceAll('#', '') // Remove Markdown headers\n .replaceAll('_', '') // Remove underscores\n .replaceAll('[', '') // Remove leftover brackets\n .replaceAll(']', '') // Remove closing brackets\n .replaceAll('(', '(') // Retain parentheses\n .replaceAll(')', ')')\n .replaceAll('`', '') // Remove backticks\n .replaceAll(' ', ' ') // Extra space trim\n .replaceAll('\\n\\n', '\\n') // Collapse double newlines\n .replaceAll('\\n ', '\\n') // Remove leading spaces on lines\n .replaceAll(' - ', ' — ') // Optional: replace dash with em dash for clarity\n .trim()\n}}\n",
"chatId": "",
"additionalFields": {
"appendAttribution": true
}
},
"credentials": {
"telegramApi": {
"id": "",
"name": ""
}
},
"typeVersion": 1.2
},
{
"id": "717713de-4a80-4b51-910c-3b6a588e2f56",
"name": "定制 AI 模型",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
560,
200
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"id": "",
"name": "OpenAi account"
}
},
"typeVersion": 1.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "2f2786be-474f-4ab6-a41e-391e7427d022",
"connections": {
"If": {
"main": [
[
{
"node": "Investigation Summarization",
"type": "main",
"index": 0
}
],
[
{
"node": "No Operations",
"type": "main",
"index": 0
}
]
]
},
"Wazuh Alert": {
"main": [
[
{
"node": "If",
"type": "main",
"index": 0
}
]
]
},
"Customized AI Model": {
"ai_languageModel": [
[
{
"node": "Investigation Summarization",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Investigation Summarization": {
"main": [
[
{
"node": "SOC Team",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维, AI 摘要总结
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
使用Wazuh、ClamAV和GPT-4自动修复终端感染
使用Wazuh、ClamAV和GPT-4自动修复终端感染
If
Ssh
Webhook
+5
9 节点mariskarthick
安全运维
Wazuh RuleOpsX – 自动验证、部署与提升检测能力
使用GitHub、XML验证和Telegram警报自动部署Wazuh规则管道
If
Ssh
Code
+4
14 节点mariskarthick
安全运维
AI安防SOPHOS
使用Sophos、Gemini AI和VirusTotal的自动化安全警报分析
If
Code
Webhook
+5
9 节点Rizky Febriyan
安全运维
网络安全助手:GPT-4、Telegram机器人及命令执行
集成GPT-4、Telegram机器人和命令执行功能的网络安全助手
Telegram
Telegram Tool
Agent
+7
13 节点mariskarthick
安全运维
Bug 问题
基于Gemini的AI驱动Bug追踪,集成GitHub Issues和Telegram提醒
If
Set
Gmail
+7
16 节点Rully Saputra
项目管理
AI招聘官 - 多简历分析器
使用OpenAI GPT分析多份简历与职位描述的匹配度
If
Code
Webhook
+7
18 节点Ms. Phuong Nguyen (phuongntn)
人力资源
工作流信息
难度等级
中级
节点数量6
分类2
节点类型6
作者
mariskarthick
@mariskarthickAn Opensource Enthusiast specializing in detection engineering, threat hunting, and automating security operations to accelerate threat detection and response.
外部链接
在 n8n.io 查看 →
分享此工作流