Copia de CyberScan Github
Avanzado
Este es unSecOps, AI Summarizationflujo de automatización del dominio deautomatización que contiene 39 nodos.Utiliza principalmente nodos como If, Set, Code, Function, SplitOut. Escáner de vulnerabilidades basado en AI, con Nessus, clasificación de riesgos y informes de Google Sheets
Requisitos previos
- •Pueden requerirse credenciales de autenticación para la API de destino
- •Credenciales de API de Google Sheets
Nodos utilizados (39)
Vista previa del flujo de trabajo
Visualización de las conexiones entre nodos, con soporte para zoom y panorámica
Exportar flujo de trabajo
Copie la siguiente configuración JSON en n8n para importar y usar este flujo de trabajo
{
"id": "NFAdtz3N4rRUqnzA",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CyberScan Github copy",
"tags": [],
"nodes": [
{
"id": "0870b24e-73db-4732-a523-72d36cee59c3",
"name": "Enviar Correo",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1900
],
"parameters": {
"html": "={{ $json.emailBody }}",
"text": "={{ $json.emailBody }}",
"options": {},
"subject": "🛡 Vulnerability Assessment report",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 1
},
{
"id": "8815595e-a521-40be-8293-cb4bcec276fa",
"name": "Código",
"type": "n8n-nodes-base.code",
"position": [
-860,
1660
],
"parameters": {
"jsCode": "return items[0].json.groupData.map(obj => ({ json: obj }));"
},
"typeVersion": 2
},
{
"id": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"name": "📧 Alertar al Equipo de Seguridad",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1200
],
"webhookId": "b363c734-e670-40cd-a897-bd79c9a5c286",
"parameters": {
"html": "=<h2>🚨 Critical Vulnerability Alert!</h2>\n<p>One or more vulnerabilities with an <strong>AI Risk Score ≥ 8</strong> were detected in the latest scan.</p>\n<p>Please review them immediately in the <strong>CyberPulse</strong> report or dashboard.</p>\n\n<p>\n 🔎 <strong>Triggered by:</strong> {{ $workflow.name }}<br>\n 📅 <strong>Timestamp:</strong> {{ new Date().toISOString() }}\n</p>\n\n<p>Stay secure,<br>\n<em>n8n - CyberPulse Automation</em></p>\n",
"options": {},
"subject": "Alert",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "1fbe731c-bd9e-4d95-91cc-2bcac733d83f",
"name": "Nota Adhesiva",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1940,
80
],
"parameters": {
"color": 7,
"width": 860,
"height": 460,
"content": "Error Handling"
},
"typeVersion": 1
},
{
"id": "4c32eb18-9d44-4d0e-8702-045456b8dbcb",
"name": "Nota Adhesiva1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
60
],
"parameters": {
"color": 5,
"width": 500,
"height": 1160,
"content": "🔐 AUTH \n🌐 Discovery Phase"
},
"typeVersion": 1
},
{
"id": "21fd5ee3-7ad4-40a4-af92-99fa53d295fe",
"name": "Nota Adhesiva3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1880,
1280
],
"parameters": {
"color": 2,
"width": 700,
"height": 200,
"content": "🧪 SCAN Phase"
},
"typeVersion": 1
},
{
"id": "67585ecc-fc87-4c54-84bc-5c160b599ee9",
"name": "Nota Adhesiva4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
1500
],
"parameters": {
"color": 6,
"width": 320,
"height": 520,
"content": "🚨 ALERT \n📊 REPORT phase"
},
"typeVersion": 1
},
{
"id": "529a0bec-7ebc-4551-852c-9faa63d7f110",
"name": "Nota Adhesiva5",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
1100
],
"parameters": {
"color": 6,
"height": 920,
"content": "📤 EXPORT phase"
},
"typeVersion": 1
},
{
"id": "0a819a33-967d-4bf4-bc85-e3ff2563432f",
"name": "⏱️ Activador – Escaneo Programado",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-860,
120
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"name": "🔐 AUTENTICACIÓN – Iniciar Sesión en Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
340
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/session",
"method": "POST",
"options": {
"response": {
"response": {
"fullResponse": "={{ true }}"
}
},
"allowUnauthorizedCerts": true
},
"jsonBody": "{\n \"username\": \"{{ $env.NESSUS_USER }}\",\n \"password\": \"{{ $env.NESSUS_PASS }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{}
]
}
},
"typeVersion": 4.2
},
{
"id": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"name": "🔐 AUTENTICACIÓN – Establecer Token API",
"type": "n8n-nodes-base.set",
"position": [
-860,
540
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "6a2b3ad8-a5ae-45a8-98c3-80186948969e",
"name": "X-Cookie",
"type": "string",
"value": "={{ $('🔐 AUTH – Login to Nessus').item.headers['set-cookie'][0].split(';')[0] }}\n"
}
]
},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"name": "🌐 DESCUBRIMIENTO – Inicializar Segmentos de Red",
"type": "n8n-nodes-base.function",
"position": [
-860,
700
],
"parameters": {
"functionCode": "const networkSegments = JSON.parse($env.NETWORK_SEGMENTS || '[]');\nreturn { json: { networkSegments } };"
},
"typeVersion": 1
},
{
"id": "34c4a8c7-918a-4489-9176-2c901493a812",
"name": "🌐 DESCUBRIMIENTO – Descubrir Activos",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
880
],
"parameters": {
"url": "https://localhost:8834/scans",
"options": {
"allowUnauthorizedCerts": true
},
"sendHeaders": true,
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ 'token=' + $('🔐 AUTH – Set API Token').item.json.body.token }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"name": "🧠 IA – Procesar Activos",
"type": "n8n-nodes-base.function",
"position": [
-860,
1080
],
"parameters": {
"functionCode": "return {\n json: {\n assets: [\n {\n id: \"asset-001\",\n ipAddress: \"10.0.0.1\",\n hostName: \"host-a\"\n },\n {\n id: \"asset-002\",\n ipAddress: \"10.0.0.2\",\n hostName: \"host-b\"\n }\n ]\n }\n};\n"
},
"typeVersion": 1
},
{
"id": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"name": "🔄 UTILIDADES – Dividir Activos",
"type": "n8n-nodes-base.splitOut",
"position": [
-1700,
1300
],
"parameters": {
"options": {},
"fieldToSplitOut": "assets"
},
"typeVersion": 1
},
{
"id": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"name": "🧪 ESCANEO – Ejecutar Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1520,
1300
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/scans",
"options": {
"allowUnauthorizedCerts": true
},
"jsonBody": "={\n \"uuid\": \"{{ $env.NESSUS_SCAN_UUID }}\",\n \"settings\": {\n \"name\": \"Scan – {{ $json.hostName || $json.ipAddress }}\",\n \"text_targets\": \"{{ $json.ipAddress }}\",\n \"folder_id\": 3,\n \"launch_now\": true\n }\n}\n\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ $('AUTH – Set API Token').json['X-Cookie'] }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "be2e05e7-3889-465f-bf16-30135e717c1c",
"name": "🔍 ESCANEO – Procesar Vulnerabilidades",
"type": "n8n-nodes-base.function",
"position": [
-1320,
1300
],
"parameters": {
"functionCode": "return {\n json: {\n vulnerabilities: [\n {\n id: \"vuln-001\",\n cve: \"CVE-2023-1234\",\n risk: \"High\",\n ip: \"10.0.0.1\"\n }\n ]\n }\n};"
},
"typeVersion": 1
},
{
"id": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"name": "🤖 IA – Evaluación de Riesgos",
"type": "n8n-nodes-base.function",
"position": [
-1020,
1300
],
"parameters": {
"functionCode": "const vulns = $json.vulnerabilities;\n\nreturn vulns.map((v, i) => {\n return {\n json: {\n ...v,\n aiRisk: [6.5, 9.1][i] || 5,\n path: [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3],\n lev: [0.93, 0.72][i] || 0.45\n }\n };\n});"
},
"typeVersion": 1
},
{
"id": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"name": "📊 IA – Clasificar Vulnerabilidades",
"type": "n8n-nodes-base.function",
"position": [
-860,
1300
],
"parameters": {
"functionCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 1
},
{
"id": "338c4b2e-dbdb-484c-a517-244c6550f502",
"name": "🚦 ALERTA – Activador LEV",
"type": "n8n-nodes-base.if",
"position": [
-620,
1300
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "0888daeb-abba-419a-a069-ec47d7eef9ab",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "{{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "true"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "481c9594-87d0-457f-af1c-b03868765fd5",
"name": "📝 INFORME – Generar Resumen",
"type": "n8n-nodes-base.function",
"position": [
-860,
1820
],
"parameters": {
"functionCode": "const triage = $json;\nconst all = [...triage.expert, ...triage.self, ...triage.monitor];\n\n// Calculate max LEV score\nconst maxLEV = Math.max(...all.map(v => v.lev || 0));\n\n// Get top CVE (prefer expert > self > monitor)\nconst topCVE = triage.expert[0]?.cve || triage.self[0]?.cve || triage.monitor[0]?.cve || \"None\";\n\n// Final return\nreturn {\n summary: {\n expert: triage.expert.length,\n self: triage.self.length,\n monitor: triage.monitor.length,\n total: all.length,\n timestamp: new Date().toISOString(),\n topCVE,\n maxLEV\n },\n emailBody: `\n <h2>🔍 Vulnerability Assessment Report</h2>\n <p><strong>📅 Timestamp:</strong> ${new Date().toISOString()}</p>\n <ul>\n <li><strong>👨💻 Expert Group:</strong> ${triage.expert.length}</li>\n <li><strong>🧪 Self Group:</strong> ${triage.self.length}</li>\n <li><strong>📊 Monitor Group:</strong> ${triage.monitor.length}</li>\n <li><strong>🚨 Max LEV Score:</strong> ${maxLEV}</li>\n <li><strong>💡 Top CVE:</strong> ${topCVE}</li>\n </ul>\n `\n};"
},
"typeVersion": 1
},
{
"id": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"name": "🛠️ UTILIDADES – Editor de Campos",
"type": "n8n-nodes-base.set",
"position": [
-860,
1500
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "4d6df3e2-210b-43d6-8b71-edcfed2bf1fc",
"name": "groupData",
"type": "array",
"value": "={{ JSON.parse(JSON.stringify((() => {\n const triage = $json;\n const timestamp = new Date().toISOString();\n return [\n { timestamp, group: \"self\", count: triage.self.length || 0 },\n { timestamp, group: \"expert\", count: triage.expert.length || 0 },\n { timestamp, group: \"monitor\", count: triage.monitor.length || 0 }\n ];\n})())) }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"name": "📄 EXPORTAR – Guardar en Hoja",
"type": "n8n-nodes-base.googleSheets",
"position": [
-400,
1720
],
"parameters": {
"options": {},
"fieldsUi": {
"fieldValues": [
{
"fieldId": "timestamp",
"fieldValue": "={{ $json.summary.timestamp }}"
},
{
"fieldId": "self",
"fieldValue": "={{ $json.summary.self }}"
},
{
"fieldId": "expert",
"fieldValue": "={{ $json.summary.expert }}"
},
{
"fieldId": "monitor",
"fieldValue": "={{ $json.summary.monitor }}"
},
{
"fieldId": "total",
"fieldValue": "={{ $json.summary.total }}"
},
{
"fieldId": "topCVE",
"fieldValue": "={{$json.summary.topCVE}}"
},
{
"fieldId": "maxLEV",
"fieldValue": "={{$json.summary.maxLEV}}"
}
]
},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "summary"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "daily summary report"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 3
},
{
"id": "c27b1b3d-da02-4604-b49b-5c67e9da9aa2",
"name": "ERROR – En Caso de Falla",
"type": "n8n-nodes-base.errorTrigger",
"position": [
-1780,
260
],
"parameters": {},
"typeVersion": 1
},
{
"id": "f26f685f-f45f-43ba-8542-a364bacb7568",
"name": "🛠️ UTILIDADES – Establecer Datos Agrupados",
"type": "n8n-nodes-base.set",
"position": [
-1600,
260
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "bc8583cc-bf45-4b39-9336-79bf405bf941",
"name": "timestamp",
"type": "string",
"value": "={{ new Date().toISOString() }}"
},
{
"id": "1cae924e-3639-4f3c-a0f7-c6035ad26ba0",
"name": "workflow",
"type": "string",
"value": "={{ $workflow.name }}"
},
{
"id": "f7f0d797-195b-4483-ba9e-2453f4593dba",
"name": "node",
"type": "string",
"value": "={{ $error.node.name }}"
},
{
"id": "9717bba1-611d-4a6b-9062-a8f53943a89c",
"name": "error message",
"type": "string",
"value": "={{ $error.message }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "9ae08f82-748a-4d8f-9231-261c13362577",
"name": "📄 EXPORTAR – Anexar a Hoja",
"type": "n8n-nodes-base.googleSheets",
"position": [
-1280,
260
],
"parameters": {
"columns": {
"value": {
"node": "{{ $json[\"node\"] }}",
"workflow": "{{ $json[\"workflow\"] }}",
"timestamp": "{{ $json[\"timestamp\"] }}",
"error message": "{{ $json[\"error message\"] }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "workflow",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "workflow",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "node",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "node",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "error message",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "error message",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "logs"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "error_log"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "ceea68a1-5323-4e26-af05-0c333c136f61",
"name": "Nota Adhesiva6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1840,
560
],
"parameters": {
"color": 7,
"width": 760,
"height": 400,
"content": "⏱️ Trigger – Scheduled Scan \tTrigger scan daily/weekly\n🔐 AUTH – Login to Nessus\t Login to scanner API\n🔐 AUTH – Set API Token\t Store token securely for session\n🌐 DISC – Init Segments\t Initialize IP ranges or subnets\n🌐 DISC – Discover Assets \tIdentify hosts in network scope\n🧠 AI – Process Assets \tRefine asset list for scan input\n🔄 UTILS – Split Assets \tSplit asset data for scanning\n🧪 SCAN – Run Nessus\t Perform scan via Nessus\n🔍 SCAN – Process Findings \tParse and extract vulnerability data\n🤖 AI – Risk Evaluation\t Analyze risk scores using logic/ML\n📊 AI – Triage Findings\t Categorize severity groups\n🚦 ALERT – LEV Trigger\t Check if LEV exceeds threshold\n📧 EMAIL – Alert\t Send report to security team\n📝 REPORT – Generate Summary\t Prepare summary for export/report\n🛠️ UTILS – Field Editor\t Adjust field format for export\n📄 EXPORT – Save to Sheet\t Log results in Google Sheet\n⚠️ ERROR – On Failure\t Trigger error handler on failure\n🛠️ UTILS – Set Grouped Data \tFormat grouped output\n📄 EXPORT – Sheet Append\t Store vulnerability data"
},
"typeVersion": 1
},
{
"id": "07c7104c-7217-42e5-9d35-db6732577adb",
"name": "Nota Adhesiva7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
40
],
"parameters": {
"color": 5,
"width": 500,
"height": 360,
"content": "\n\n🔍 IDENTIFY — Asset & Risk Awareness\n\nIdentify all hardware, software, and assets connected to the network. \n- Login to Nessus \n- Initialize segments \n- Discover assets \n- Tag metadata \n(NIST: ID.AM-1, ID.AM-2)\n\n✅ Nodes \n\nAUTH - Login to Nessus\n\nDISC - Initialize Network Segments\n\nDISC - Discover Assets\n\nAI - Process Assets\n"
},
"typeVersion": 1
},
{
"id": "7fb065fb-50fb-4abd-abc3-2e70a063ecf5",
"name": "Nota Adhesiva9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
420
],
"parameters": {
"color": 5,
"width": 500,
"height": 300,
"content": "\n\n🛡️ PROTECT — Baseline Security Control\n\nEstablish controls to limit or contain security events. \n- Scheduled scans \n- Role-based scan control \n- Ensure credentials securely managed \n(NIST: PR.AC-1, PR.PT-1)\n\n✅ Nodes \n\nTrigger - Scheduled Scan\n\nAUTH - Set API Token\n"
},
"typeVersion": 1
},
{
"id": "93304aa3-f1b7-4468-9f63-061fbbe3ebf5",
"name": "Nota Adhesiva10",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1160,
1280
],
"parameters": {
"color": 3,
"width": 680,
"height": 200,
"content": "🧠 AI Calculate Risk phase"
},
"typeVersion": 1
},
{
"id": "f187080f-4d7a-49df-8deb-75dd36665651",
"name": "Nota Adhesiva11",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
740
],
"parameters": {
"color": 2,
"width": 500,
"height": 360,
"content": "\n\n🚨 DETECT — Vulnerability & Threat Scan\n\nContinuously monitor to detect anomalies or security events. \n- Asset split-out \n- Scan via Nessus \n- Process vulnerability data \n(NIST: DE.CM-1, DE.CM-8)\n\n✅ Nodes:\n\nUTILS - Split Assets\n\nSCAN - Run Nessus\n\nSCAN - Process Vulnerabilities\n"
},
"typeVersion": 1
},
{
"id": "987e0856-efd8-41b4-9399-a386b669d751",
"name": "Nota Adhesiva12",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1120
],
"parameters": {
"color": 3,
"width": 500,
"height": 340,
"content": "\n\n⚠️ RESPOND — Risk Intelligence & Alerts\n\nAnalyze, prioritize, and respond to detected threats. \n- AI-based LEV scoring \n- Triage vulnerabilities \n- Trigger critical alerts \n(NIST: RS.AN-1, RS.RP-1)\n\n✅ Nodes:\n\nAI - Risk Evaluation\n\nAI - Triage Vulnerabilities\n\nALERT - LEV Trigger"
},
"typeVersion": 1
},
{
"id": "496dabfa-4ecb-4f9f-8633-0877f5e9698f",
"name": "Nota Adhesiva2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1480
],
"parameters": {
"color": 6,
"width": 500,
"height": 340,
"content": "\n\n🔁 RECOVER — Reporting & Remediation Support\n\nDocument, communicate, and improve based on assessments. \n- Generate summary \n- Email report to team \n- Export to Google Sheets \n(NIST: RC.IM-1, RC.CO-1)\n\n✅ Nodes:\n\nREPORT - Generate Summary\n\nEXPORT - Save to Sheet\n\nSend Email\n\n"
},
"typeVersion": 1
},
{
"id": "72ec5990-d65b-4dea-9570-a450f5b12256",
"name": "Nota Adhesiva8",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
40
],
"parameters": {
"color": 7,
"width": 1240,
"height": 540,
"content": "\n\n\nCyberScan presenting an evidence-based, industry-backed strategy:\n\nLEV metric enhances risk-based prioritization.\n\nCyberScan showcase the flaws in EPSS and how you overcome them.\n\nCyberScan align with federal cybersecurity directives (like BOD 22-01 and KEV compliance).\n\nThis makes CyberScan audit-friendly, policy-aligned, and modern—something many companies care about.\n\n\n \n\n\n\n\n| **1. Identify** | “🧠 Threat Inventory & CVE Scope” | Maps to CVE enumeration; ensures CyberScan starts by identifying scope of all assets and their exposure, Based on NVD/CVE/EPSS\n \n\n| **2. Protect** | “🔐 Hardening & Patch Guidance” | Aligns with remediation prioritization from LEV + KEV lists. Focus on patch strategies & mitigation workflows. \n\n\n| **3. Detect** | “🛰️ Vulnerability Monitoring Logic” | Covers how CyberScan detects exploit attempts using EPSS predictions and LEV metric to find *likely exploited vulnerabilities*. \n\n\n| **4. Respond** | “🚨 Automated Risk Response” | Showcases logic for how CyberScan handles high-risk CVEs (KEV, LEV > 0.9), sending alerts or blocking actions. \n\n\n| **5. Recover** | “♻️ Learning & Improvement Loop” | Focus on logging, metrics, audit trail, and recurring updates using EPSS and NIST recommendations. Enables cyber resilience. \n\n\n"
},
"typeVersion": 1
},
{
"id": "fd06cc70-22bd-44fe-bb80-92a56976ab90",
"name": "Nota Adhesiva13",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
-80
],
"parameters": {
"color": 7,
"width": 500,
"height": 100,
"content": "\n\nCyberScan visually engaging within the n8n editor and align it with NIST cybersecurity framework stages"
},
"typeVersion": 1
},
{
"id": "9a09262e-327c-4bd6-a226-b9fffcdbab4e",
"name": "Nota Adhesiva14",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
-120
],
"parameters": {
"color": 7,
"width": 1240,
"height": 80,
"content": "\n\nNIST CSF and insights from the NIST.CSWP.41 paper on Likely Exploited Vulnerabilities.\n\n\n"
},
"typeVersion": 1
},
{
"id": "75c4e2f7-90f1-468e-a930-f84bba5cc8d2",
"name": "Nota Adhesiva15",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
-120
],
"parameters": {
"color": 7,
"width": 500,
"height": 140,
"content": "\n\n📌 Compliance Alignment\n\n✅ CyberScan aligns with NIST CSF Cybersecurity controls designed around the 5 core NIST functions. \nBuilt on n8n, supports compliance reporting.\n"
},
"typeVersion": 1
},
{
"id": "df706700-7bf4-4e19-a432-63749c05f7b2",
"name": "Nota Adhesiva16",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
600
],
"parameters": {
"color": 7,
"width": 1560,
"height": 440,
"content": "\n\n\nGlossary of Key Terms\n |\n\n| **LEV** | **Likely Exploited Vulnerabilities** | A scoring system by NIST (in CSWP 41) that predicts if a vulnerability is likely to be exploited based on real-world intelligence. |\n\n| **BOD 22-01** | **Binding Operational Directive 22-01** | A federal mandate requiring U.S. government agencies to patch known exploited vulnerabilities from CISA’s KEV catalog. |\n\n| **NIST CSF** | **National Institute of Standards and Technology Cybersecurity Framework** | A 5-stage security model (Identify, Protect, Detect, Respond, Recover) used by governments and enterprises for cyber defense planning. |\n\n| **EPSS** | **Exploit Prediction Scoring System** | A machine-learning based model that estimates the probability of a CVE being exploited within the next 30 days. |\n\n| **CSWP** | **Cybersecurity White Paper** | A detailed NIST publication that shares new concepts, guidance, and metrics for cybersecurity defense (e.g., CSWP.41 introduced LEV). |\n\n| **KEV** | **Known Exploited Vulnerabilities** | A catalog from CISA that lists CVEs confirmed to be actively exploited in the wild. |\n\n| **UTILS** | **CyberScan Utilities** (Custom term in your workflow) | Utility nodes in your workflow, like date formatters, filters, or metadata handlers. You can rename this group to \"UTILS\" for better organization. |\n\n| **CVE** | **Common Vulnerabilities and Exposures** | An ID system used to catalog known cybersecurity vulnerabilities in software and hardware. |\n\n| **CISA** | **Cybersecurity and Infrastructure Security Agency** | A U.S. federal agency that maintains the KEV list and enforces directives like BOD 22-01. |\n"
},
"typeVersion": 1
},
{
"id": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"name": "Código1",
"type": "n8n-nodes-base.code",
"position": [
-1440,
260
],
"parameters": {
"jsCode": "const msg = $json[\"error message\"] || \"\";\nconst sanitized = msg\n .replace(/\\b\\d{1,3}(\\.\\d{1,3}){3}\\b/g, '***.***.***.***') // IPs\n .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[email]')\n .replace(/apikey=\\w+/gi, 'apikey=[redacted]')\n .replace(/https:\\/\\/[^\\s]+/g, 'https://[url]');\n\nreturn [{ json: {\n timestamp: $json[\"timestamp\"],\n workflow: $json[\"workflow\"],\n node: $json[\"node\"],\n \"error message\": sanitized\n}}];"
},
"typeVersion": 2
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "4f90f7a3-81cc-4334-a2df-5f9daf68939e",
"connections": {
"8815595e-a521-40be-8293-cb4bcec276fa": {
"main": [
[
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"8c120e7f-c8e0-4173-a58f-11d6dedb2998": {
"main": [
[
{
"node": "9ae08f82-748a-4d8f-9231-261c13362577",
"type": "main",
"index": 0
}
]
]
},
"c27b1b3d-da02-4604-b49b-5c67e9da9aa2": {
"main": [
[
{
"node": "f26f685f-f45f-43ba-8542-a364bacb7568",
"type": "main",
"index": 0
}
]
]
},
"3022ba53-e2f0-4cf3-872a-889fb65b9311": {
"main": [
[
{
"node": "be2e05e7-3889-465f-bf16-30135e717c1c",
"type": "main",
"index": 0
}
]
]
},
"338c4b2e-dbdb-484c-a517-244c6550f502": {
"main": [
[
{
"node": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"type": "main",
"index": 0
}
],
[
{
"node": "481c9594-87d0-457f-af1c-b03868765fd5",
"type": "main",
"index": 0
}
]
]
},
"4e82b300-3fa5-4fbd-9055-8636f0c87a7e": {
"main": [
[
{
"node": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"type": "main",
"index": 0
}
]
]
},
"d635e765-4121-4f6a-9898-ecb26c930ff1": {
"main": [
[
{
"node": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"type": "main",
"index": 0
}
]
]
},
"fcab6fc5-90b7-4ebe-8919-f107a619d9d2": {
"main": [
[
{
"node": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"type": "main",
"index": 0
}
]
]
},
"19eb1ac3-5ce2-48f1-b4f3-8807e968f068": {
"main": [
[
{
"node": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"type": "main",
"index": 0
}
]
]
},
"34c4a8c7-918a-4489-9176-2c901493a812": {
"main": [
[
{
"node": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"type": "main",
"index": 0
}
]
]
},
"af12b887-2a0f-4f87-a16e-05b32e0f81d4": {
"main": [
[]
]
},
"c4ac0db7-a571-4b89-b119-99f368d17e46": {
"main": [
[
{
"node": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"type": "main",
"index": 0
}
]
]
},
"657c0890-0dbd-4d1c-b6c8-51d451d66f6b": {
"main": [
[
{
"node": "8815595e-a521-40be-8293-cb4bcec276fa",
"type": "main",
"index": 0
}
]
]
},
"481c9594-87d0-457f-af1c-b03868765fd5": {
"main": [
[
{
"node": "0870b24e-73db-4732-a523-72d36cee59c3",
"type": "main",
"index": 0
},
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"0a819a33-967d-4bf4-bc85-e3ff2563432f": {
"main": [
[
{
"node": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"type": "main",
"index": 0
}
]
]
},
"34374b11-c7a5-483c-8f69-d39b09d0b967": {
"main": [
[
{
"node": "338c4b2e-dbdb-484c-a517-244c6550f502",
"type": "main",
"index": 0
},
{
"node": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"type": "main",
"index": 0
}
]
]
},
"f26f685f-f45f-43ba-8542-a364bacb7568": {
"main": [
[
{
"node": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"type": "main",
"index": 0
}
]
]
},
"be2e05e7-3889-465f-bf16-30135e717c1c": {
"main": [
[
{
"node": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"type": "main",
"index": 0
}
]
]
},
"4cbcc3bb-1288-449d-9147-8158e6372f46": {
"main": [
[
{
"node": "34c4a8c7-918a-4489-9176-2c901493a812",
"type": "main",
"index": 0
}
]
]
}
}
}Preguntas frecuentes
¿Cómo usar este flujo de trabajo?
Copie el código de configuración JSON de arriba, cree un nuevo flujo de trabajo en su instancia de n8n y seleccione "Importar desde JSON", pegue la configuración y luego modifique la configuración de credenciales según sea necesario.
¿En qué escenarios es adecuado este flujo de trabajo?
Avanzado - Operaciones de seguridad, Resumen de IA
¿Es de pago?
Este flujo de trabajo es completamente gratuito, puede importarlo y usarlo directamente. Sin embargo, tenga en cuenta que los servicios de terceros utilizados en el flujo de trabajo (como la API de OpenAI) pueden requerir un pago por su cuenta.
Flujos de trabajo relacionados recomendados
CYBERPULSEBlueOps_ Módulo 1 Copia de cliente 1
Ingesta automática de fuentes de datos CVE e IOC, con evaluación de riesgos de OpenAI y alertas por correo
If
Code
Merge
+
If
Code
Merge
21 NodosAdnan Tariq
Operaciones de seguridad
M4 - Clasificador de eventos
Usar GPT-4 y Google Sheets para clasificar automáticamente eventos de seguridad para el equipo SOC
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 NodosAdnan Tariq
Operaciones de seguridad
Evaluación automatizada de controles PCI
Automatizar la evaluación y el seguimiento de controles PCI DSS con Google Sheets
If
Set
Code
+
If
Set
Code
19 NodosAdnan Tariq
Operaciones de seguridad
M5 - Respondedor automático
Automatización de la respuesta a incidentes de seguridad: Google Sheets, alertas por correo electrónico y aislamiento por EDR
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 NodosAdnan Tariq
Operaciones de seguridad
Flujo de trabajo de Adobe Stock
Generar imágenes de material de IA con Flux1-schnell, metadatos e integración de Google
If
Set
Code
+
If
Set
Code
48 Nodosvictor Adriano
Diseño
Desarrollo de leads y flujos de correo electrónico
Usar Google Maps, SendGrid e IA para automatizar el desarrollo de leads B2B y el marketing por correo electrónico
If
Set
Code
+
If
Set
Code
141 NodosEzema Kingsley Chibuzo
Generación de leads
Información del flujo de trabajo
Nivel de dificultad
Avanzado
Número de nodos39
Categoría2
Tipos de nodos11
Descripción de la dificultad
Autor
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
Enlaces externos
Ver en n8n.io →
Compartir este flujo de trabajo