Mini SOC事件分类
中级
这是一个AI Summarization, Multimodal AI领域的自动化工作流,包含 7 个节点。主要使用 Set, Gmail, Webhook, OpenAi 等节点。 自动化安全事件分类:GPT-4o-mini和Gmail通知
前置要求
- •Google 账号和 Gmail API 凭证
- •HTTP Webhook 端点(n8n 会自动生成)
- •OpenAI API Key
使用的节点 (7)
工作流预览
可视化展示节点连接关系,支持缩放和平移
导出工作流
复制以下 JSON 配置到 n8n 导入,即可使用此工作流
{
"id": "9R3de4CVLxlzUZuO",
"meta": {
"instanceId": "146ab8f1ce0cef4bd9c6b91db262ad7cd77638e200455d5838ba053a27e415bc",
"templateCredsSetupCompleted": true
},
"name": "Mini SOC 事件分类",
"tags": [],
"nodes": [
{
"id": "a9c71043-da13-45b2-954a-93f2e6c3832d",
"name": "Webhook",
"type": "n8n-nodes-base.webhook",
"position": [
0,
0
],
"webhookId": "6e4fa508-b160-4373-bf80-e3e0e485024e",
"parameters": {
"path": "mini-triage",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 2.1
},
{
"id": "68cf1b53-2710-4218-a3b7-9f9a842a7b2e",
"name": "分类处理",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
448,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the SOC Classifier. Output VALID JSON only with keys:\n{\n \"incident_type\": \"creds|malware|network|data|cloud|other\",\n \"severity\": \"P0|P1|P2|P3\",\n \"urgency\": \"now|today|this_week\",\n \"short_title\": \"≤12 words\",\n \"why\": \"≤50 words\"\n}\nRules:\n- Prefer \"cloud\" if resource_type looks like cloud infra (e.g., AwsS3Bucket, SecurityGroup, IAM).\n- If title contains \"public\", \"exposed\", \"leak\" → data|cloud depending on resource.\n- If unclear, return \"other\" and P3, but try to use title/description before giving up.\n- Be conservative with P0.\n\nExamples:\nInput: {\"title\":\"S3 bucket public READ\",\"description\":\"ACL allows public READ\",\"resource_type\":\"AwsS3Bucket\"}\nOutput: {\"incident_type\":\"cloud\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Public S3 read\",\"why\":\"Public READ on bucket risks data exposure.\"}\n\nInput: {\"title\":\"Multiple failed logins\",\"description\":\"probable credential stuffing\"}\nOutput: {\"incident_type\":\"creds\",\"severity\":\"P2\",\"urgency\":\"today\",\"short_title\":\"Credential stuffing suspected\",\"why\":\"Repeated failures indicate attack; monitor & protect accounts.\"}\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxTFkzmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "11785568-2cdb-4541-98b8-f9ae659a0f3d",
"name": "发送消息",
"type": "n8n-nodes-base.gmail",
"position": [
1152,
0
],
"webhookId": "21bf3d3a-363f-48dd-9f63-00d1796bea6b",
"parameters": {
"sendTo": "test5@gmail.com",
"message": "=<h3>\n {{ $('Classify').item.json.message.content.short_title }}\n ({{ $('Classify').item.json.message.content.severity }})\n</h3>\n\n<p>\n <b>Type:</b> {{ $('Classify').item.json.message.content.incident_type }}\n | \n <b>Resource Name:</b> {{ $('Clean_Finding').item.json.resource_id }}\n</p>\n\n<p>\n <b>Account:</b> {{ $('Clean_Finding').item.json.account_id }}\n</p>\n\n<p>\n <b>Urgency:</b> {{ $('Classify').item.json.message.content.urgency }}\n</p>\n\n<p>\n <b>Why:</b> {{ $('Classify').item.json.message.content.why }}\n</p>\n\n<p><b>Next Actions</b></p>\n<ol>\n <li>{{ $json.message.content.next_actions[0] }}</li>\n <li>{{ $json.message.content.next_actions[1] }}</li>\n <li>{{ $json.message.content.next_actions[2] }}</li>\n</ol>\n\n<p>\n <b>Owner:</b> {{ $json.message.content.owner_hint }} <br/>\n <b>Success:</b> {{ $json.message.content.success_criteria }}\n</p>\n",
"options": {},
"subject": "={{ $('Classify').item.json.message.content.short_title }}- {{ $('Clean_Finding').item.json.resource_id }} in {{ $('Clean_Finding').item.json.account_id }}"
},
"credentials": {
"gmailOAuth2": {
"id": "08JLRuwZ9XXXSVk",
"name": "Gmail account"
}
},
"typeVersion": 2.1
},
{
"id": "b2de9927-f64c-4a41-83f2-fb41e6d8d9e8",
"name": "计划",
"type": "@n8n/n8n-nodes-langchain.openAi",
"position": [
800,
0
],
"parameters": {
"modelId": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini",
"cachedResultName": "GPT-4O-MINI"
},
"options": {
"temperature": 0.2
},
"messages": {
"values": [
{
"role": "system",
"content": "You are the Remediation Planner. Based on the classifier output and original finding, return VALID JSON:\n{\n \"next_actions\": [\"step 1\", \"step 2\", \"step 3\"],\n \"owner_hint\": \"who should act first (e.g., Cloud On-Call, IAM, EDR)\",\n \"success_criteria\": \"what proves it's resolved\"\n}\nKeep it to 3 atomic steps max. No speculation.\n"
},
{
"content": "=Classifier:\n```json\n{{$node[\"Classify\"].json}}\n{{$node[\"Webhook\"].json}}\n\n"
}
]
},
"jsonOutput": true
},
"credentials": {
"openAiApi": {
"id": "fYx3byxXXXXmN2m2",
"name": "OpenAi account"
}
},
"typeVersion": 1.8
},
{
"id": "34aa6438-b428-4720-90b7-89c25bf16619",
"name": "清理发现项",
"type": "n8n-nodes-base.set",
"position": [
224,
0
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "d9f10bb7-9869-4f49-a44d-3ca7beb3e0e9",
"name": "Title",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Title }}"
},
{
"id": "df567881-cff9-40b3-acf1-d3e4b6499802",
"name": "Description",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Description }}"
},
{
"id": "86a3f987-3bbe-4e16-8964-403b435f89cf",
"name": "account_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].AwsAccountId }}"
},
{
"id": "4ca89192-e879-435e-89c8-4e66a1e4ab77",
"name": "resource_id",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Id }}"
},
{
"id": "9823717a-0340-4787-8d1c-b3fc118ad675",
"name": "resource_type",
"type": "string",
"value": "={{ $json.body.detail.findings[0].Resources[0].Type }}"
},
{
"id": "061b1afc-f74b-4743-9dab-55cb16fa061c",
"name": "updated_at",
"type": "string",
"value": "={{$json.detail?.findings?.[0]?.UpdatedAt || new Date().toISOString()}}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "8f1880b6-bc09-4cc1-b587-9e4b92146927",
"name": "便签",
"type": "n8n-nodes-base.stickyNote",
"position": [
-480,
-64
],
"parameters": {
"color": 4,
"width": 384,
"height": 336,
"content": "📥 入口"
},
"typeVersion": 1
},
{
"id": "37bc3107-c1ac-4386-817c-95a0009cf9c0",
"name": "便签1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-464,
304
],
"parameters": {
"color": 6,
"width": 336,
"height": 128,
"content": "✉️ 电子邮件与安全"
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"executionOrder": "v1"
},
"versionId": "39333a9c-5775-4440-aca6-0532fe50e307",
"connections": {
"Plan": {
"main": [
[
{
"node": "Send a message",
"type": "main",
"index": 0
}
]
]
},
"Webhook": {
"main": [
[
{
"node": "Clean_Finding",
"type": "main",
"index": 0
}
]
]
},
"Classify": {
"main": [
[
{
"node": "Plan",
"type": "main",
"index": 0
}
]
]
},
"Clean_Finding": {
"main": [
[
{
"node": "Classify",
"type": "main",
"index": 0
}
]
]
}
}
}常见问题
如何使用这个工作流?
复制上方的 JSON 配置代码,在您的 n8n 实例中创建新工作流并选择「从 JSON 导入」,粘贴配置后根据需要修改凭证设置即可。
这个工作流适合什么场景?
中级 - AI 摘要总结, 多模态 AI
需要付费吗?
本工作流完全免费,您可以直接导入使用。但请注意,工作流中使用的第三方服务(如 OpenAI API)可能需要您自行付费。
相关工作流推荐
AI分类处理的安全中心警报
使用GPT-4.1 Mini分类AWS安全配置错误并向Gmail发送警报
If
Set
Code
+6
12 节点Calistus Christian
安全运维
每日商业新闻
使用OpenAI和Gmail从多个RSS源生成每日商业新闻摘要
If
Code
Gmail
+7
15 节点Calistus Christian
市场调研
CVE-Monitor by ca7ai
将NVD整理的安全CVE摘要与AI优化总结发送到Gmail
Code
Gmail
Http Request
+3
8 节点Calistus Christian
AI 摘要总结
GRC模块3:供应商风险评估器
使用 AI、Google Sheets 和邮件提醒自动化供应商风险评估
If
Set
Gmail
+4
7 节点Adnan Tariq
AI 摘要总结
AI驱动的链接检查器
使用 urlscan.io 和 GPT-4o mini 扫描 URL 安全威胁
Wait
Gmail
Webhook
+3
7 节点Calistus Christian
安全运维
带AI的URL检查器生产版
网站运行时间监控(GPT-4分析和Gmail通知)
If
Gmail
Webhook
+3
9 节点Calistus Christian
开发运维
工作流信息
难度等级
中级
节点数量7
分类2
节点类型5
作者
Calistus Christian
@ca7aiAutomation strategist and AI workflow architect creating intelligent, agent-driven processes that streamline operations. I build advanced n8n solutions integrating AI, cloud services, and real-time data orchestration for scalable impact. Explore my free workflows to get started. Premium, custom-built solutions are also available. Connect with me on LinkedIn for tailored automation expertise.
外部链接
在 n8n.io 查看 →
分享此工作流