基于SentinelOne威胁和MITRE分析创建详细安全工单
高级
这是一个SecOps, Multimodal AI领域的自动化工作流,包含 18 个节点。主要使用 Code, Wait, Webhook, SplitOut, HttpRequest 等节点。 基于SentinelOne威胁和MITRE分析创建详细安全工单
前置要求
- •HTTP Webhook 端点(n8n 会自动生成)
- •可能需要目标 API 的认证凭证
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"meta": {
"instanceId": "8d70623c0c9f4448eda9626cd8185192c28447e191325b0c0d94d3f40d23be3a"
},
"nodes": [
{
"id": "b43d41e4-fd97-4a54-93cd-2197da482a76",
"name": "新SentinelOne威胁",
"type": "n8n-nodes-base.webhook",
"position": [
80,
160
],
"webhookId": "3b1d201a-316f-4956-b77a-4d27b268cf1f",
"parameters": {},
"typeVersion": 2
},
{
"id": "3267f360-6fae-43e8-86dc-a0c2e037b590",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-740,
-140
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "6e7fc0ba-263e-400d-8b22-f502aff3ccf6",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
40,
-160
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "497f3698-9fff-4a06-be29-1f3bd8d54553",
"name": "便签2",
"type": "n8n-nodes-base.stickyNote",
"position": [
460,
-160
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "b238ff4e-997c-4e64-a848-5490531391be",
"name": "便签3",
"type": "n8n-nodes-base.stickyNote",
"position": [
920,
-160
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "d4f07134-ee81-443d-b19a-b2f16266775c",
"name": "便签4",
"type": "n8n-nodes-base.stickyNote",
"position": [
2380,
-140
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "3f59c053-ce4c-452c-b6fd-fb7e7874cdd2",
"name": "### 需要帮助?",
"type": "n8n-nodes-base.stickyNote",
"position": [
1480,
420
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "310c22d7-4b8f-459d-8ea2-26b16f8ba3fe",
"name": "提取威胁情报",
"type": "n8n-nodes-base.code",
"position": [
300,
160
],
"parameters": {},
"typeVersion": 2
},
{
"id": "d9088837-2371-4e06-a71d-93795b94869d",
"name": "获取Autotask用户",
"type": "n8n-nodes-base.httpRequest",
"position": [
520,
160
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "baa5b6d8-7e37-4b6b-81af-6733fc45c61c",
"name": "加载客户公司",
"type": "n8n-nodes-base.httpRequest",
"position": [
960,
160
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "332813df-6b24-497d-a53c-eb2544e0c6b7",
"name": "处理公司数据",
"type": "n8n-nodes-base.splitOut",
"position": [
1400,
160
],
"parameters": {},
"typeVersion": 1
},
{
"id": "bb2d1e70-74e1-4f09-af81-af301c852796",
"name": "检索工单字段",
"type": "n8n-nodes-base.httpRequest",
"position": [
1620,
160
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "d59eff6f-33f6-4c74-93e8-10502ee196bf",
"name": "解析字段选项",
"type": "n8n-nodes-base.code",
"position": [
1840,
160
],
"parameters": {},
"typeVersion": 2
},
{
"id": "04fb54c0-18c8-47f3-9884-e315451d02f9",
"name": "映射客户公司",
"type": "n8n-nodes-base.code",
"position": [
2280,
160
],
"parameters": {},
"typeVersion": 2
},
{
"id": "cc08de33-66e7-4cba-a4a1-08994fe496f8",
"name": "创建安全工单",
"type": "n8n-nodes-base.httpRequest",
"position": [
2500,
160
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "af7de8b1-c43c-4f9d-bc20-d7f0f63f144c",
"name": "速率限制延迟1",
"type": "n8n-nodes-base.wait",
"position": [
740,
160
],
"webhookId": "9d2aea13-8b41-45f7-a875-4042743815dd",
"parameters": {},
"typeVersion": 1.1
},
{
"id": "f1e2cb40-c74f-4533-a1af-4ee7f24c5045",
"name": "速率限制延迟2",
"type": "n8n-nodes-base.wait",
"position": [
2060,
160
],
"webhookId": "30d29da9-0ce4-4a8a-9b87-a92eee4db5ed",
"parameters": {},
"typeVersion": 1.1
},
{
"id": "47cba939-82b5-4f9c-a59a-4e7f7001dc24",
"name": "等待",
"type": "n8n-nodes-base.wait",
"position": [
1180,
160
],
"webhookId": "f240fb70-3d06-4faf-a4bc-9b62a699e198",
"parameters": {},
"typeVersion": 1.1
}
],
"pinData": {},
"connections": {
"Wait": {
"main": [
[
{
"node": "Process Company Data",
"type": "main",
"index": 0
}
]
]
},
"Map Client Company": {
"main": [
[
{
"node": "Create Security Ticket",
"type": "main",
"index": 0
}
]
]
},
"Rate Limit Delay 1": {
"main": [
[
{
"node": "Load Client Companies",
"type": "main",
"index": 0
}
]
]
},
"Rate Limit Delay 2": {
"main": [
[
{
"node": "Map Client Company",
"type": "main",
"index": 0
}
]
]
},
"Parse Field Options": {
"main": [
[
{
"node": "Rate Limit Delay 2",
"type": "main",
"index": 0
}
]
]
},
"Fetch Autotask Users": {
"main": [
[
{
"node": "Rate Limit Delay 1",
"type": "main",
"index": 0
}
]
]
},
"Process Company Data": {
"main": [
[
{
"node": "Retrieve Ticket Fields",
"type": "main",
"index": 0
}
]
]
},
"Load Client Companies": {
"main": [
[
{
"node": "Wait",
"type": "main",
"index": 0
}
]
]
},
"New SentinelOne Threat": {
"main": [
[
{
"node": "Extract Threat Intelligence",
"type": "main",
"index": 0
}
]
]
},
"Retrieve Ticket Fields": {
"main": [
[
{
"node": "Parse Field Options",
"type": "main",
"index": 0
}
]
]
},
"Extract Threat Intelligence": {
"main": [
[
{
"node": "Fetch Autotask Users",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
高级 - 安全运维, 多模态 AI
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
监控LinkedIn帖子并使用OpenAI和Airtable创建AI内容摘要
监控LinkedIn帖子并使用OpenAI和Airtable创建AI内容摘要
If
Set
Code
+10
30 节点Anna Bui
内容创作
使用OpenAI、RunwayML和ElevenLabs自动化无脸短视频
使用OpenAI、RunwayML和ElevenLabs自动化无脸短视频:从脚本到社交媒体
Set
Code
Wait
+18
56 节点LeeWei
内容创作
自动化潜在客户生成与个性化外联:Apollo、AI和Instantly.ai
自动化潜在客户生成与个性化外联:Apollo、AI和Instantly.ai
If
Set
Code
+15
166 节点Ruben AI
客户培育
使用Airtable、OpenAI和Unipile的自动化LinkedIn潜在客户生成与私信触达
使用Airtable、OpenAI和Unipile的自动化LinkedIn潜在客户生成与私信触达
If
Set
Code
+15
143 节点Ruben AI
客户培育
每日 WhatsApp 群组智能分析:GPT-4.1 分析与语音消息转录
每日 WhatsApp 群组智能分析:GPT-4.1 分析与语音消息转录
If
Set
Code
+20
52 节点Daniel Lianes
杂项
基于公司ID的Apollo数据丰富
使用Apollo、Google Sheets和Telegram基于公司ID丰富采购联系人
If
Set
Code
+9
27 节点Khaisa Studio
潜在客户开发
