CYBERPULSEBlueOps_Modul1_Clienten-Kopie1
Experte
Dies ist ein SecOps, AI Summarization-Bereich Automatisierungsworkflow mit 21 Nodes. Hauptsächlich werden If, Code, Merge, Switch, SplitOut und andere Nodes verwendet. Automatische CVE- und IOC-Datenquellen-Einspeisung mit OpenAI-Risikobewertung und E-Mail-Alerts
Voraussetzungen
- •Möglicherweise sind Ziel-API-Anmeldedaten erforderlich
- •Google Sheets API-Anmeldedaten
Verwendete Nodes (21)
Kategorie
Workflow-Vorschau
Visualisierung der Node-Verbindungen, mit Zoom und Pan
Workflow exportieren
Kopieren Sie die folgende JSON-Konfiguration und importieren Sie sie in n8n
{
"id": "FOKoHtdHL2JKFwpH",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CYBERPULSEBlueOps_Module1 client copy1",
"tags": [
{
"id": "0obxZlT9bSaIMBpV",
"name": "Threat Intake",
"createdAt": "2025-05-23T06:15:09.978Z",
"updatedAt": "2025-05-23T06:15:09.978Z"
},
{
"id": "2rUQt7xpJikyzCUP",
"name": "(ACSC E8 + ISM-Aligned)",
"createdAt": "2025-06-04T06:23:02.488Z",
"updatedAt": "2025-06-04T06:23:02.488Z"
}
],
"nodes": [
{
"id": "b9325536-f714-437d-8dc3-2dfbfd6d58a7",
"name": "⏰ Cron – Täglicher Auslöser",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-220,
-560
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"name": "🌐 CVE-Feed abrufen",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-640
],
"parameters": {
"url": "https://gist.githubusercontent.com/gitadta/bdcb18b2450c5561a4b69ae9327383a8/raw/d9637907229a0a7e2bd6f5a5b6b2f04e6248aac1/cve-2023-26479.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"name": "🛡️ IOC-Feed abrufen",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-480
],
"parameters": {
"url": "=https://gist.githubusercontent.com/gitadta/fddb9eb942cd3494c2e187117976d430/raw/1873c10c1a375c94b8afe3eed2772045c0a66568/ioc-feed.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "080ac947-b10c-4492-8f55-79e27b9982c0",
"name": "🧠 Bedrohungsdaten zusammenführen",
"type": "n8n-nodes-base.merge",
"position": [
220,
-560
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"name": "🧠 Bedrohungsdaten kombinieren",
"type": "n8n-nodes-base.code",
"position": [
220,
-360
],
"parameters": {
"jsCode": "const cve = items[0].json;\nconst iocs = items[1].json.iocs || [];\n\nreturn [\n {\n json: {\n cve,\n iocs\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "68ccba75-0a92-4cd1-8306-24daafe59333",
"name": "🧠 KI – Risikobewertung",
"type": "n8n-nodes-base.code",
"position": [
220,
-180
],
"parameters": {
"jsCode": "const data = $input.all();\nreturn data.map((item, i) => {\n const baseScore = item.json.cve?.impact?.baseMetricV3?.cvssV3?.baseScore || 0;\n const aiRisk = [6.5, 9.1][i] || 5;\n const path = [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3];\n const lev = [0.93, 0.72][i] || 0.45;\n\n return {\n json: {\n ...item.json,\n aiRisk,\n path,\n lev\n }\n };\n});"
},
"typeVersion": 2
},
{
"id": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"name": "🧠 KI – Schwachstellen-Priorisierung",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 2
},
{
"id": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"name": "🚨 ALARM – LEV-Auslöser",
"type": "n8n-nodes-base.if",
"position": [
220,
200
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "f170e1cc-2692-4fcc-8def-6b1e5f01af84",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "=true"
}
]
},
"looseTypeValidation": true
},
"typeVersion": 2.2
},
{
"id": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"name": "📧 Warn-E-Mail senden",
"type": "n8n-nodes-base.emailSend",
"position": [
420,
140
],
"webhookId": "48963cc6-c85f-4946-92bd-2c91a1a255ef",
"parameters": {
"html": "=<h2>🚨 Critical Alert</h2>\n<p>The following high-risk CVEs were identified:</p>\n<pre>{{ JSON.stringify($json.expert, null, 2) }}</pre>\n",
"options": {},
"subject": "🚨 CyberPulse Alert – Critical Vulnerabilities Detected",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
300
],
"parameters": {
"columns": {
"value": {
"IOCs": "={{ JSON.stringify($(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].iocs) }}",
"Score": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseScore }}",
"CVE_ID": "={{ $(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].cve.cve.CVE_data_meta.ID }}",
"Severity": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}",
"LEV_label": "={{ $json.expert[0].levLabel }}",
"LEV_score": "={{ $json.expert[0].levScore }}",
"timestamp": "={{ new Date().toISOString() }}",
"aiRisk_score": "={{ $json.expert[0].aiRisk }}",
"compliance_tags": "\"{{ 'ISM-0412, E8-6' }}\"",
"response_action": "={{ $json.expert[0].levLabel.toLowerCase() }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "CVE_ID",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "CVE_ID",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Severity",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Severity",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "IOCs",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "IOCs",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "aiRisk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "aiRisk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_label",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_label",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "response_action",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "response_action",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "compliance_tags",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "compliance_tags",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1LeES3AaZG1AZHFd4g2FMgZx790AP_9Qd1OsIE774R-M/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"name": "🧠 KI – Incident-Playbook-Auswahl",
"type": "n8n-nodes-base.code",
"position": [
660,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default response\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook: playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];\n"
},
"typeVersion": 2
},
{
"id": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
840,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default fallback\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"name": "🧭 Response-Router",
"type": "n8n-nodes-base.switch",
"position": [
1020,
-180
],
"parameters": {
"rules": {
"values": [
{
"outputKey": "notify",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "04b84cf7-971d-4f6e-a4c3-4609afd67140",
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "notify"
}
]
},
"renameOutput": true
},
{
"outputKey": "monitor",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "402dbac5-1a9e-4862-a281-7dfd42cf2729",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": " monitor"
}
]
},
"renameOutput": true
},
{
"outputKey": "islolation",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "b0100303-40c4-409e-8f95-b9cab699eedd",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "isolation"
}
]
},
"renameOutput": true
}
]
},
"options": {
"ignoreCase": true
}
},
"typeVersion": 3.2
},
{
"id": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"name": "Warn-E-Mail senden",
"type": "n8n-nodes-base.emailSend",
"position": [
1340,
-360
],
"webhookId": "decb9f47-14ee-49f7-9317-2d52a39f97bd",
"parameters": {
"html": "=<!DOCTYPE html>\n<html>\n<head>\n <style>\n body {\n font-family: Arial, sans-serif;\n color: #333;\n }\n h2 {\n color: #b30000;\n }\n .section {\n margin-bottom: 20px;\n }\n .section-critical {\n background-color: #ffe5e5;\n padding: 15px;\n border-left: 5px solid #cc0000;\n }\n .section-iocs {\n border: 1px solid #ccc;\n border-radius: 5px;\n padding: 10px;\n }\n .section-high {\n background-color: #fff3e0;\n padding: 15px;\n border-left: 5px solid #ff9800;\n }\n .next-steps {\n background-color: #e8f5e9;\n padding: 15px;\n border-left: 5px solid #4caf50;\n }\n table {\n width: 100%;\n border-collapse: collapse;\n margin-top: 10px;\n }\n th, td {\n padding: 8px;\n border: 1px solid #999;\n text-align: left;\n }\n .comment {\n font-style: italic;\n font-size: 0.95em;\n color: #555;\n margin-top: 10px;\n }\n </style>\n</head>\n<body>\n\n<h2>🚨 Critical Alert – {{ $json.cve.cve.CVE_data_meta.ID }}</h2>\n\n<div class=\"section section-critical\">\n <p><b>📰 Summary:</b> {{ $json.cve.description.description_data[0].value }}</p>\n <p><b>📉 Severity:</b> \n <span style=\"color: \n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'CRITICAL' ? 'red' : \n $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'HIGH' ? 'orange' : \n 'black' }}\">\n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\n </span>\n </p>\n <p><b>📊 CVSS Score:</b> {{ $json.cve.impact.baseMetricV3.cvssV3.baseScore }}</p>\n</div>\n\n<div class=\"section section-iocs\">\n <b>📌 Indicators of Compromise (IOCs)</b>\n <table>\n <tr><th>Type</th><th>Value</th></tr>\n {{ $json.iocs.map(ioc => `<tr><td>${ioc.type}</td><td>${ioc.value}</td></tr>`).join('') }}\n </table>\n</div>\n\n<div class=\"section section-high\">\n <b>🧠 AI Risk Evaluation</b>\n <ul>\n <li><b>aiRisk Score:</b> {{ $json.aiRisk }}</li>\n <li><b>LEV Score:</b> {{ $json.lev }}</li>\n <li><b>LEV Label:</b> {{ $json.levLabel }}</li>\n <li><b>Response Assigned:</b> \n <span style=\"color: darkred;\">{{ $json.response.playbook }}</span>\n </li>\n </ul>\n <div class=\"comment\">\n 💬 Based on AI analysis, this CVE meets critical exploitability thresholds with confirmed indicators in your threat environment. Immediate action is advised.\n </div>\n</div>\n\n<div class=\"section next-steps\">\n <b>✅ Next Steps:</b>\n <ol>\n <li>Isolate affected endpoints immediately</li>\n <li>Apply latest patches for {{ $json.cve.cve.CVE_data_meta.ID }}</li>\n <li>Update threat database and notify internal stakeholders</li>\n </ol>\n</div>\n\n</body>\n</html>\n<p style=\"font-size: 11px; color: #888;\">\n <hr style=\"border: none; border-top: 1px solid #ddd; margin: 24px 0;\">\n\n<p style=\"font-size: 11px; color: #888; line-height: 1.5;\">\n 🔒 Aligned with <strong>ACSC Essential Eight</strong> & <strong>ISM 2024</strong> (Australia), and structured using the <strong>NIST Cybersecurity Framework</strong> and <strong>ISO/IEC 27001</strong> principles.<br>\n Designed for SMEs and security teams worldwide.\n</p>\n\n<p style=\"font-size: 10px; color: #aaa;\">\n This alert was automatically generated by <strong>CYBERPULSEBlueOps</strong> using n8n.\n</p>\n",
"options": {},
"subject": "=🚨 Cyber Alert: {{ $json.response.playbook.toUpperCase() }} Required",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"name": "In Google Sheet protokollieren",
"type": "n8n-nodes-base.googleSheets",
"position": [
1340,
-180
],
"parameters": {
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultUrl": "",
"cachedResultName": ""
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"name": "HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"position": [
1340,
0
],
"parameters": {
"url": "https://edr-api.example.com/isolate",
"method": "POST",
"options": {},
"jsonBody": "={\n \"device_ip\": \"{{ $json.iocs[0].value }}\",\n \"cve_id\": \"{{ $json.cve.cve.CVE_data_meta.ID }}\",\n \"severity\": \"{{ $json.cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "Authorization"
},
{
"name": "Content-Type",
"value": "application/json"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"name": "Aufteilen",
"type": "n8n-nodes-base.splitOut",
"position": [
500,
-180
],
"parameters": {
"include": "allOtherFields",
"options": {},
"fieldToSplitOut": "iocs"
},
"typeVersion": 1
},
{
"id": "da91b5b0-a2ff-4d91-9837-eafdb1aa7ed4",
"name": "Haftnotiz",
"type": "n8n-nodes-base.stickyNote",
"position": [
1600,
-380
],
"parameters": {
"color": 7,
"width": 560,
"height": 1160,
"content": "\n🛡️ CYBERPULSEBlueOps – Module 1: Threat Feed Ingestion\n\nVersion: 1.0\nLast Updated: 2025-06-04\nAuthor: Adnan Tariq\nStatus: ✅ Production-Ready\n\n🔍 Purpose\n\nAutomates daily ingestion of CVE and IOC threat feeds, enriches and evaluates risks using AI-based triage, and routes alerts to notification, isolation, or monitoring actions. Structured to align with compliance frameworks and operational defense workflows.\n\n🔗 Data Sources\n\nCVE Feed: GitHub Gist (cve_data)\n\nIOC Feed: GitHub Gist (ioc_data)\n\nIngest frequency: Daily via Cron Trigger\n\n🧠 Key Components\n\nAI – Risk Evaluation for aiRisk scoring\n\nAI – Triage Vulnerabilities for LEV scoring & labels\n\n📘 Response Router assigns notify, monitor, or isolate\n\nLogs exported to Google Sheets with:\n\nCVE_ID, Severity, Score, IOCs\n\naiRisk_score, LEV_score, LEV_label, response_action\n\nCompliance tags: ISM-0412, E8-6\n\n✅ Compliance Alignment\n\n ACSC Essential Eight (Australia)\n\n ISM 2024 Logging Guidelines\n\n NIST Cybersecurity Framework\n\n ISO/IEC 27001 Control Mapping\n\n✉️ Output\n\nHTML emails with risk-based alert summaries\n\nGoogle Sheets row logs\n\n(Optional) HTTP isolation request via EDR API\n\n⚠️ Do not modify node structure without understanding data propagation and rule routing. All logic assumes LEV triage is the decision root."
},
"typeVersion": 1
},
{
"id": "1bae77e9-6f51-4a51-85d6-051ad1198030",
"name": "Haftnotiz1",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
-380
],
"parameters": {
"color": 7,
"width": 1080,
"height": 680,
"content": "\n🧠 What is Module 1?\nModule 1 is like a security robot that wakes up every morning, reads danger news from the internet (called CVEs and IOCs), checks how risky it is, and then tells the grown-ups what to do.\n\n🧾 Why are there 2 Google Sheet blocks?\n1️⃣ First Google Sheet:\n➡️ It writes down big dangerous alerts that need attention (like “Critical Virus Found!”).\nThis is like a red alert notebook.\n\n2️⃣ Second Google Sheet:\n➡️ It writes down everything it finds, even small stuff, in a daily logbook.\nThis is the diary of what the robot saw today.\n\n✉️ Why are there 2 Email Alerts?\n1️⃣ First Email:\n📨 Sends a special alert when something very risky happens (like an emergency siren).\nExample: \"This computer might be in big trouble!\"\n\n2️⃣ Second Email:\n📨 Sends a daily summary email with a table.\nExample: “Today I saw: 1 Critical, 1 Medium, 1 Low.”\n\n🌐 Why is there 1 HTTP Request?\n🌍 This is the robot’s panic button.\nIf the robot says, “This is too dangerous,” it can call another robot (like an EDR system) to shut down or isolate the infected computer.\n\nBut this button is optional — like only calling the fire truck when needed.\n\n💡 In Short:\n🧾 Two sheets: one for alerts, one for daily diary\n\n✉️ Two emails: one for emergency, one for daily summary\n\n🌐 One optional panic button: for calling help if danger is too high"
},
"typeVersion": 1
},
{
"id": "0a7a9166-b06d-4a48-9420-70af07392046",
"name": "Haftnotiz2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
320
],
"parameters": {
"color": 7,
"width": 580,
"height": 180,
"content": "\n📘 Module 1 Glossary – What Each Term Means\n\n• **aiRisk** – AI-generated risk score (e.g. 6.5) based on CVE severity + behavior \n• **LEV Score** – Local Exploitability score (e.g. 0.93) — how likely it affects *you* \n• **LEV Label** – Text label from LEV score (e.g. `notify`, `monitor`, `isolate`) \n• **response_action** – What the system decided to do (e.g. alert, log, isolate) \n• **IOC** – Indicator of Compromise like a suspicious IP, domain, or file hash \n• **CVE** – Known vulnerability from public sources (e.g. CVE-2023-26479)\n"
},
"typeVersion": 1
},
{
"id": "c3323b86-bb2b-4d62-9dcc-2509a1a6b893",
"name": "Haftnotiz3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
520
],
"parameters": {
"color": 7,
"width": 580,
"height": 480,
"content": "\n🛡️ Framework Integration Summary – Module 1\n\nACSC Essential Eight (Australia)\n✔ Implements daily threat monitoring and log collection, aligning with mitigation strategies like patching and application control.\n\nISM 2024 Logging Guidelines (Australia)\n✔ Logs high-risk CVEs, IOCs, and AI-evaluated actions to structured, queryable formats (Google Sheets, Emails).\n✔ Includes severity, timestamps, and response decisions — meets ISM log detail requirements.\n\nNIST Cybersecurity Framework (CSF) (US)\n✔ Aligns with:\n\nIdentify (tracking known CVEs),\n\nDetect (via AI risk analysis),\n\nRespond (action routing via LEV logic).\n\nISO/IEC 27001\n✔ Supports control A.12.4 (Event logging) and A.16 (Incident response) by providing automated alerts, logs, and response recommendations."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "b9d78a57-e42a-4b2a-92d4-30a29f06178a",
"connections": {
"2aa9749e-cf1d-49ee-8a82-b75a6a62d1af": {
"main": [
[
{
"node": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"type": "main",
"index": 0
}
]
]
},
"d5376f73-da94-4a39-9129-7f94c9b6d86c": {
"main": [
[
{
"node": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"type": "main",
"index": 0
}
]
]
},
"4123923e-bbbd-4234-8769-43dcd65cf9c8": {
"main": [
[]
]
},
"c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 0
}
]
]
},
"e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 1
}
]
]
},
"6dd8f1cf-4459-4496-b547-205da0aa2ab7": {
"main": [
[
{
"node": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"type": "main",
"index": 0
}
],
[
{
"node": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"type": "main",
"index": 0
}
],
[
{
"node": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"type": "main",
"index": 0
}
]
]
},
"2341d7f3-4f5e-4bf0-8b96-fb64c4d46344": {
"main": [
[]
]
},
"080ac947-b10c-4492-8f55-79e27b9982c0": {
"main": [
[
{
"node": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"type": "main",
"index": 0
}
]
]
},
"80c5acb7-743a-44d7-8482-a5d429a973bd": {
"main": [
[
{
"node": "68ccba75-0a92-4cd1-8306-24daafe59333",
"type": "main",
"index": 0
}
]
]
},
"b9325536-f714-437d-8dc3-2dfbfd6d58a7": {
"main": [
[
{
"node": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"type": "main",
"index": 0
},
{
"node": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"type": "main",
"index": 0
}
]
]
},
"3cbac00e-3bf1-4f68-99e2-e2027d3d2648": {
"main": [
[
{
"node": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"type": "main",
"index": 0
},
{
"node": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"type": "main",
"index": 0
}
]
]
},
"68ccba75-0a92-4cd1-8306-24daafe59333": {
"main": [
[
{
"node": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"type": "main",
"index": 0
},
{
"node": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"type": "main",
"index": 0
}
]
]
},
"9f74ff1c-57ae-48ae-989d-b27b64895c53": {
"main": [
[
{
"node": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"type": "main",
"index": 0
}
]
]
},
"6be8438a-956d-4ac6-94e5-dc22cebaa178": {
"main": [
[
{
"node": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"type": "main",
"index": 0
}
]
]
}
}
}Häufig gestellte Fragen
Wie verwende ich diesen Workflow?
Kopieren Sie den obigen JSON-Code, erstellen Sie einen neuen Workflow in Ihrer n8n-Instanz und wählen Sie "Aus JSON importieren". Fügen Sie die Konfiguration ein und passen Sie die Anmeldedaten nach Bedarf an.
Für welche Szenarien ist dieser Workflow geeignet?
Experte - Sicherheitsbetrieb, KI-Zusammenfassung
Ist es kostenpflichtig?
Dieser Workflow ist völlig kostenlos. Beachten Sie jedoch, dass Drittanbieterdienste (wie OpenAI API), die im Workflow verwendet werden, möglicherweise kostenpflichtig sind.
Verwandte Workflows
CyberScan GitHub Kopie
KI-Schwachstellen Scanner basierend auf Nessus, Risiko Klassifizierung und Google Sheets Berichten
If
Set
Code
+
If
Set
Code
39 NodesAdnan Tariq
Sicherheitsbetrieb
Lead-Generierung und E-Mail-Arbeitsabläufe
Automatisierung der B2B-Lead-Generierung und E-Mail-Marketing mit Google Maps, SendGrid und KI
If
Set
Code
+
If
Set
Code
141 NodesEzema Kingsley Chibuzo
Lead-Generierung
Automatisierte PCI-Compliance-Bewertung
Automatisierung der PCI DSS-Kontrollbewertung und Compliance-Verfolgung mit Google Sheets
If
Set
Code
+
If
Set
Code
19 NodesAdnan Tariq
Sicherheitsbetrieb
Tägliche intelligente Analyse der WhatsApp-Gruppen: GPT-4.1-Analyse und Transkription von Sprachnachrichten
Tägliche intelligente Analyse von WhatsApp-Gruppen: GPT-4.1-Analyse und Transkription von Sprachnachrichten
If
Set
Code
+
If
Set
Code
52 NodesDaniel Lianes
Verschiedenes
M5 - Automatischer Antworter
Automatisierung der Incident Response bei Sicherheitsvorfällen: Google Sheets, E-Mail-Warnungen und EDR-Isolation
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 NodesAdnan Tariq
Sicherheitsbetrieb
M4 - Ereignis-Klassifikator
Verwendung von GPT-4 und Google Sheets zur automatischen Klassifizierung von Sicherheitsereignissen für das SOC-Team
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 NodesAdnan Tariq
Sicherheitsbetrieb
Workflow-Informationen
Schwierigkeitsgrad
Experte
Anzahl der Nodes21
Kategorie2
Node-Typen10
Autor
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
Externe Links
Auf n8n.io ansehen →
Diesen Workflow teilen