Erstellung von Management-Sicherheits-Newslettern mit NixGuard KI und Wazuh-Alarmen
Fortgeschritten
Dies ist ein SecOps, AI Summarization-Bereich Automatisierungsworkflow mit 13 Nodes. Hauptsächlich werden If, Set, Code, EmailSend, ExecuteWorkflow und andere Nodes verwendet. Executive-Sicherheitsbericht mit NixGuard AI und Wazuh-Alarmen erstellen
Voraussetzungen
- •Keine besonderen Voraussetzungen, sofort nach Import nutzbar
Verwendete Nodes (13)
Kategorie
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29",
"name": "Täglich um 8 Uhr ausführen",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
760,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "8af0ca21-63aa-43a0-8755-85b006590435",
"name": "Alarm-Array parsen",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "7d51a628-b285-4699-9068-9bed2ceea231",
"name": "Prompt für Zusammenfassung setzen",
"type": "n8n-nodes-base.set",
"position": [
1460,
1600
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "Act as a senior security analyst reporting to a non-technical executive. The following is a JSON array of all high-severity security alerts from the last 24 hours.\n\nYour tasks are:\n1. Start with a single sentence summarizing the day's overall security risk (e.g., 'The security posture today is stable with minor configurable issues detected.').\n2. State the total number of critical alerts found.\n3. In 3-4 clear bullet points using Markdown, summarize the most significant activities or threat patterns observed. Focus on business impact, not technical jargon.\n4. Conclude with a single, clear recommendation (e.g., 'No immediate action required' or 'Recommend prioritizing patches for web servers.').\n\nHere is the raw alert data:\n{{ JSON.stringify($json.alerts) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"name": "API-Schlüssel & Initial-Prompt setzen",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "edca6750-8948-4de8-89f2-290163db7480",
"name": "Endgültiges Briefing setzen",
"type": "n8n-nodes-base.set",
"position": [
1460,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "executive_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"name": "Ausführen: Tägliche Ereignisse als JSON abrufen (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"name": "Ausführen: Executive Summary generieren (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1680,
1600
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"name": "Wenn",
"type": "n8n-nodes-base.if",
"position": [
1040,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"name": "E-Mail senden",
"type": "n8n-nodes-base.emailSend",
"position": [
1880,
1820
],
"parameters": {
"html": "={{ $json.html_summary }}",
"options": {},
"subject": "Daily AI Cyber Security Briefing"
},
"typeVersion": 2.1
},
{
"id": "4e771aef-10d4-4be8-8432-23bbf852f58f",
"name": "Workflow-Übersicht1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1380,
1020
],
"parameters": {
"color": 7,
"width": 540,
"height": 340,
"content": "## 💡 Workflow Overview: Daily AI Security Briefing\n\nThis workflow automates the creation of a daily security report for non-technical executives. It uses a two-stage AI process with the **NixGuard Security Connector** workflow.\n\n1. **Stage 1 - Data Retrieval:** It calls the connector to fetch all recent security alerts, requesting the output as a structured JSON array.\n2. **Stage 2 - Summarization:** If alerts were found, it calls the connector *again*, feeding it the raw alert data and prompting it to generate a high-level, business-friendly summary.\n\nThe final report is then delivered via email."
},
"typeVersion": 1
},
{
"id": "47bb91e9-48e8-437d-a736-0f98ffcd923e",
"name": "Einrichtungsanleitung1",
"type": "n8n-nodes-base.stickyNote",
"position": [
940,
920
],
"parameters": {
"color": 7,
"width": 400,
"height": 420,
"content": "## ⚙️ 4-Step Setup Guide\n\n1. **Import Child Workflow:** Make sure you also have the `Get Real-Time Security Insights with NixGuard...` workflow in your n8n instance and that it is **activated**.\n\n2. **Set Your API Key:** In the **'Set API Key & Initial Prompt'** node, replace the placeholder with your valid NixGuard API key.\n\n3. **Check Workflow ID:** This workflow calls the child workflow by its ID (`I0nUORqYTwDFZa51`). If your ID is different, you must update it in both **Execute Workflow** nodes.\n\n4. **Configure Email:** Add your email credentials to the two **Send Email** nodes and update the recipient addresses in the `To` field."
},
"typeVersion": 1
},
{
"id": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"name": "Markdown in HTML konvertieren",
"type": "n8n-nodes-base.code",
"position": [
1660,
1820
],
"parameters": {
"jsCode": "/**\n * WARNING: This is a simplified, lightweight Markdown to HTML converter.\n * It does NOT use a dedicated library and will only handle a limited subset of Markdown:\n * - Headings (h1, h2, h3)\n * - Bold text (**text**)\n * - Unordered list items (* item)\n * - Paragraphs (double newlines)\n * It will FAIL on complex cases like nested lists, tables, or code blocks.\n * For robust conversion, using the 'marked' library is strongly recommended.\n */\n\nfunction simpleMarkdownToHtml(markdown) {\n let html = markdown\n // Escape HTML to prevent injection from the input\n .replace(/&/g, '&')\n .replace(/</g, '<')\n .replace(/>/g, '>');\n\n // Block Elements (order matters)\n html = html\n .replace(/^### (.*$)/gim, '<h3>$1</h3>')\n .replace(/^## (.*$)/gim, '<h2>$1</h2>')\n .replace(/^# (.*$)/gim, '<h1>$1</h1>')\n .replace(/^\\* (.*$)/gim, '<li>$1</li>');\n\n // Inline Elements\n html = html\n .replace(/\\*\\*(.*?)\\*\\*/g, '<strong>$1</strong>')\n .replace(/__(.*?)__/g, '<strong>$1</strong>') // Alternative bold\n .replace(/\\*(.*?)\\*/g, '<em>$1</em>')\n .replace(/_(.*?)_/g, '<em>$1</em>'); // Alternative italics\n\n // Paragraphs and Line Breaks\n // Wrap list items in <ul>\n html = html.replace(/<li>(.|\\n)*?<li>/g, '<ul>$&');\n html = html.replace(/(<\\/li>)(?!.*<li>)/g, '$1</ul>');\n // Convert remaining newlines to <br> or wrap in <p>\n html = html.replace(/\\n/g, '<br>');\n\n return html;\n}\n\nconst markdownSummary = $input.first().json.executive_summary;\nconst htmlSummary = simpleMarkdownToHtml(markdownSummary);\n\n$input.first().json.html_summary = htmlSummary;\n\nreturn $input.all();\n"
},
"typeVersion": 2
},
{
"id": "a20f8e25-d1f8-47fb-8378-3b4479882ffc",
"name": "Einrichtungsanleitung",
"type": "n8n-nodes-base.stickyNote",
"position": [
500,
900
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"1e7172f8-c728-4640-8633-f141fd1b94c4": {
"main": [
[
{
"node": "7d51a628-b285-4699-9068-9bed2ceea231",
"type": "main",
"index": 0
}
]
]
},
"8af0ca21-63aa-43a0-8755-85b006590435": {
"main": [
[
{
"node": "1e7172f8-c728-4640-8633-f141fd1b94c4",
"type": "main",
"index": 0
}
]
]
},
"ef84ca26-59e1-46c6-a0e2-43f7a6bd7c29": {
"main": [
[
{
"node": "26212ca9-51c1-49d4-9705-df7a74ba1b08",
"type": "main",
"index": 0
}
]
]
},
"edca6750-8948-4de8-89f2-290163db7480": {
"main": [
[
{
"node": "fab467cd-7e63-4606-9da4-a677dd7082b3",
"type": "main",
"index": 0
}
]
]
},
"7d51a628-b285-4699-9068-9bed2ceea231": {
"main": [
[
{
"node": "c5bab77f-f161-494a-adb1-de1dd53bd5c7",
"type": "main",
"index": 0
}
]
]
},
"fab467cd-7e63-4606-9da4-a677dd7082b3": {
"main": [
[
{
"node": "e889ebe4-c36a-4da6-bcd5-2e21661ec8d7",
"type": "main",
"index": 0
}
]
]
},
"26212ca9-51c1-49d4-9705-df7a74ba1b08": {
"main": [
[
{
"node": "d6cba9cd-fab4-4920-98f8-460b7002c94a",
"type": "main",
"index": 0
}
]
]
},
"d6cba9cd-fab4-4920-98f8-460b7002c94a": {
"main": [
[
{
"node": "8af0ca21-63aa-43a0-8755-85b006590435",
"type": "main",
"index": 0
}
]
]
},
"c5bab77f-f161-494a-adb1-de1dd53bd5c7": {
"main": [
[
{
"node": "edca6750-8948-4de8-89f2-290163db7480",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Fortgeschritten - Sicherheitsbetrieb, KI-Zusammenfassung
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
Automatisierte Sicherheitsklassifizierung: NixGuard AI und Weiterleitung an Slack oder Jira
Automatisierung der Klassifizierung von Sicherheitswarnungen: NixGuard AI und Weiterleitung an Slack oder Jira
If
Set
Code
+
If
Set
Code
19 NodesJonathan | NEX
Sicherheitsbetrieb
CyberScan GitHub Kopie
KI-Schwachstellen Scanner basierend auf Nessus, Risiko Klassifizierung und Google Sheets Berichten
If
Set
Code
+
If
Set
Code
39 NodesAdnan Tariq
Sicherheitsbetrieb
Automatisierte kostenlose IP-Analyse
Automatisierte kostenlose IP-Analyse: NixGuard AI-Zusammenfassung mit Wazuh-Integration
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodesJonathan | NEX
Sicherheitsbetrieb
Automatische Analyse von URL-Phishing und Bedrohungen
Automatisierte URL-Phishing- und Bedrohungsanalyse mit NixGuard AI
Set
Slack
Webhook
+
Set
Slack
Webhook
8 NodesJonathan | NEX
Sicherheitsbetrieb
CYBERPULSEBlueOps_Modul1_Clienten-Kopie1
Automatische CVE- und IOC-Datenquellen-Einspeisung mit OpenAI-Risikobewertung und E-Mail-Alerts
If
Code
Merge
+
If
Code
Merge
21 NodesAdnan Tariq
Sicherheitsbetrieb
Automatisierter wöchentlicher Teambericht für WhatsApp-Gruppen mit Gemini AI-Zusammenfassung
Automatisierte wöchentliche Team-Berichte für WhatsApp-Gruppen mit Gemini AI-Zusammenfassungen
If
Set
Code
+
If
Set
Code
47 NodesJamot
Projektmanagement
Workflow-Informationen
Schwierigkeitsgrad
Fortgeschritten
Anzahl der Nodes13
Kategorie2
Node-Typen7
Autor
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen