Wazuh RuleOpsX – 自动验证、部署与提升检测能力
中级
这是一个SecOps, Multimodal AI领域的自动化工作流,包含 14 个节点。主要使用 If, Ssh, Code, Telegram, HttpRequest 等节点。 使用GitHub、XML验证和Telegram警报自动部署Wazuh规则管道
前置要求
- •Telegram Bot Token
- •可能需要目标 API 的认证凭证
- •GitHub Personal Access Token
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "ycZ4TnsQsex77CYk",
"meta": {
"instanceId": "04efa85563ff59ae71f7bc1e4ed9a086a69f4130298a28a588ae58f08407702b",
"templateCredsSetupCompleted": true
},
"name": "Wazuh RuleOpsX – 自动验证、部署与提升检测能力",
"tags": [],
"nodes": [
{
"id": "4dc3a66e-3caa-4f98-8bd0-39ac49a2c6cd",
"name": "GitHub触发器",
"type": "n8n-nodes-base.githubTrigger",
"position": [
-848,
-48
],
"webhookId": "7a8eda35-c338-4421-232-86340c4a4f1c",
"parameters": {},
"typeVersion": 1
},
{
"id": "33ab571c-aed9-4713-8b3f-6b958ac24604",
"name": "提取变更文件",
"type": "n8n-nodes-base.code",
"position": [
-400,
-144
],
"parameters": {},
"typeVersion": 2
},
{
"id": "1059c81d-c8df-4823-b8f3-b5fb6196686a",
"name": "下载规则",
"type": "n8n-nodes-base.httpRequest",
"position": [
-176,
-144
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "96ab9e75-66b0-4bd5-822f-489a326ec127",
"name": "上传文件",
"type": "n8n-nodes-base.ssh",
"position": [
48,
-144
],
"parameters": {},
"typeVersion": 1
},
{
"id": "46fd91e3-8b95-4cff-b93a-132b4a730295",
"name": "❌ 失败消息",
"type": "n8n-nodes-base.telegram",
"position": [
1392,
-144
],
"webhookId": "fd7c2740-b855-4890-815b-6f48dfd86dd0",
"parameters": {},
"typeVersion": 1.2
},
{
"id": "aacc31f6-4b99-48f0-96bf-8a22243f9a06",
"name": "✅ 成功消息",
"type": "n8n-nodes-base.telegram",
"position": [
1392,
-336
],
"webhookId": "e7e69fdc-49d8-4160-aa95-62fc69f5ad5b",
"parameters": {},
"typeVersion": 1.2
},
{
"id": "0c078ecb-0155-4682-bb26-72ec53dcc2c2",
"name": "重启Wazuh_manager",
"type": "n8n-nodes-base.ssh",
"position": [
944,
-240
],
"parameters": {},
"typeVersion": 1
},
{
"id": "dc1a2dd9-042b-4a48-b888-a4c191d135b9",
"name": "部署规则中",
"type": "n8n-nodes-base.ssh",
"position": [
720,
-240
],
"parameters": {},
"typeVersion": 1
},
{
"id": "6dc9b783-45ab-4dfd-a09a-bf1d6a7db54a",
"name": "规则验证",
"type": "n8n-nodes-base.ssh",
"position": [
272,
-144
],
"parameters": {},
"typeVersion": 1
},
{
"id": "405115db-ece3-4bfd-bc69-4f942322322a130",
"name": "规则部署失败",
"type": "n8n-nodes-base.telegram",
"position": [
720,
-48
],
"webhookId": "de6c1056-9aea-41ab-98df-b9269ba8d77f",
"parameters": {},
"typeVersion": 1.2
},
{
"id": "d64b8fa3-ffa7-4437-a8af-4e8476cf01c8",
"name": "无操作,不执行任何动作",
"type": "n8n-nodes-base.noOp",
"position": [
-400,
48
],
"parameters": {},
"typeVersion": 1
},
{
"id": "f2cb2437-2703-499f-aebf-bbeaccc3b290",
"name": "有效部署提交",
"type": "n8n-nodes-base.if",
"position": [
-624,
-48
],
"parameters": {},
"typeVersion": 2.2
},
{
"id": "f9ec8d14-25a7-483f-b879-781e70b89d80",
"name": "规则验证检查",
"type": "n8n-nodes-base.if",
"position": [
496,
-144
],
"parameters": {},
"typeVersion": 2.2
},
{
"id": "6db2dc61-776a-4fb8-9c78-2c4b54e9b1ea",
"name": "最终确认检查",
"type": "n8n-nodes-base.if",
"position": [
1168,
-240
],
"parameters": {},
"typeVersion": 2.2
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "348e2496-9d89-4395-9e3c-e6f3e640ffd6",
"connections": {
"Download Rule": {
"main": [
[
{
"node": "Upload a file",
"type": "main",
"index": 0
}
]
]
},
"Upload a file": {
"main": [
[
{
"node": "Rule Validation",
"type": "main",
"index": 0
}
]
]
},
"Github Trigger": {
"main": [
[
{
"node": "Valid Commit for Deployment",
"type": "main",
"index": 0
}
]
]
},
"Rule Validation": {
"main": [
[
{
"node": "Rule Validation check",
"type": "main",
"index": 0
}
]
]
},
"Deploying the Rules": {
"main": [
[
{
"node": "Restart Wazuh_manager",
"type": "main",
"index": 0
}
]
]
},
"Extract Changed Files": {
"main": [
[
{
"node": "Download Rule",
"type": "main",
"index": 0
}
]
]
},
"Restart Wazuh_manager": {
"main": [
[
{
"node": "Final Confirmation check",
"type": "main",
"index": 0
}
]
]
},
"Rule Validation check": {
"main": [
[
{
"node": "Deploying the Rules",
"type": "main",
"index": 0
}
],
[
{
"node": "Rules deployment failed",
"type": "main",
"index": 0
}
]
]
},
"Final Confirmation check": {
"main": [
[
{
"node": "✅ Success Message",
"type": "main",
"index": 0
}
],
[
{
"node": "❌ Failure Message",
"type": "main",
"index": 0
}
]
]
},
"Valid Commit for Deployment": {
"main": [
[
{
"node": "Extract Changed Files",
"type": "main",
"index": 0
}
],
[
{
"node": "No Operation, do nothing",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - 安全运维, 多模态 AI
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
使用Wazuh、ClamAV和GPT-4自动修复终端感染
使用Wazuh、ClamAV和GPT-4自动修复终端感染
If
Ssh
Webhook
+5
9 节点mariskarthick
安全运维
Wazuh_Alert_Investigation 副本
使用 GPT-4o-mini 和 Telegram 自动化 Wazuh 告警分诊和报告
If
Webhook
Telegram
+3
6 节点mariskarthick
安全运维
Telegram AI歌词学习机器人 — 翻译、摘要、词汇
Telegram AI歌词学习机器人 — 翻译、摘要、词汇
If
Set
Code
+7
30 节点Raphael De Carvalho Florencio
内容创作
✨🩷自动化社交媒体内容发布工厂 + 系统提示组合
基于动态系统提示和GPT-4o的AI驱动多平台社交媒体内容工厂
If
Set
Code
+20
100 节点Amit Mehta
内容创作
基于 AI、社交媒体和 WhatsApp 链接的自动化本地商业线索生成器
使用 AI、社交媒体和 WhatsApp 链接自动生成本地商业线索
If
Code
Limit
+9
29 节点Budi SJ
潜在客户开发
基于Notion和Telegram的自动化SSL证书监控与续期
使用Notion和Telegram实现SSL证书的自动化监控与续期
If
Set
Ssh
+10
21 节点Frank Chen
安全运维
工作流信息
难度等级
中级
节点数量14
分类2
节点类型7
作者
mariskarthick
@mariskarthickAn Open-source enthusiast driving next-gen Detection Engineering, Threat Hunting, and SOC Automation — turning ideas into tools that empower security teams to detect and respond faster than ever.
外部链接
在 n8n.io 查看 →
分享此工作流