Copie Github de CyberScan
Avancé
Ceci est unSecOps, AI Summarizationworkflow d'automatisation du domainecontenant 39 nœuds.Utilise principalement des nœuds comme If, Set, Code, Function, SplitOut. Scanner de vulnérabilités par IA basé sur Nessus, classification des risques et rapports Google Sheets
Prérequis
- •Peut nécessiter les informations d'identification d'authentification de l'API cible
- •Informations d'identification Google Sheets API
Nœuds utilisés (39)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"id": "NFAdtz3N4rRUqnzA",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CyberScan Github copy",
"tags": [],
"nodes": [
{
"id": "0870b24e-73db-4732-a523-72d36cee59c3",
"name": "Envoyer un Email",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1900
],
"parameters": {
"html": "={{ $json.emailBody }}",
"text": "={{ $json.emailBody }}",
"options": {},
"subject": "🛡 Vulnerability Assessment report",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 1
},
{
"id": "8815595e-a521-40be-8293-cb4bcec276fa",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
-860,
1660
],
"parameters": {
"jsCode": "return items[0].json.groupData.map(obj => ({ json: obj }));"
},
"typeVersion": 2
},
{
"id": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"name": "📧 Alerte Équipe Sécurité",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1200
],
"webhookId": "b363c734-e670-40cd-a897-bd79c9a5c286",
"parameters": {
"html": "=<h2>🚨 Critical Vulnerability Alert!</h2>\n<p>One or more vulnerabilities with an <strong>AI Risk Score ≥ 8</strong> were detected in the latest scan.</p>\n<p>Please review them immediately in the <strong>CyberPulse</strong> report or dashboard.</p>\n\n<p>\n 🔎 <strong>Triggered by:</strong> {{ $workflow.name }}<br>\n 📅 <strong>Timestamp:</strong> {{ new Date().toISOString() }}\n</p>\n\n<p>Stay secure,<br>\n<em>n8n - CyberPulse Automation</em></p>\n",
"options": {},
"subject": "Alert",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "1fbe731c-bd9e-4d95-91cc-2bcac733d83f",
"name": "Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1940,
80
],
"parameters": {
"color": 7,
"width": 860,
"height": 460,
"content": "Error Handling"
},
"typeVersion": 1
},
{
"id": "4c32eb18-9d44-4d0e-8702-045456b8dbcb",
"name": "Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
60
],
"parameters": {
"color": 5,
"width": 500,
"height": 1160,
"content": "🔐 AUTH \n🌐 Discovery Phase"
},
"typeVersion": 1
},
{
"id": "21fd5ee3-7ad4-40a4-af92-99fa53d295fe",
"name": "Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1880,
1280
],
"parameters": {
"color": 2,
"width": 700,
"height": 200,
"content": "🧪 SCAN Phase"
},
"typeVersion": 1
},
{
"id": "67585ecc-fc87-4c54-84bc-5c160b599ee9",
"name": "Note4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
1500
],
"parameters": {
"color": 6,
"width": 320,
"height": 520,
"content": "🚨 ALERT \n📊 REPORT phase"
},
"typeVersion": 1
},
{
"id": "529a0bec-7ebc-4551-852c-9faa63d7f110",
"name": "Note5",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
1100
],
"parameters": {
"color": 6,
"height": 920,
"content": "📤 EXPORT phase"
},
"typeVersion": 1
},
{
"id": "0a819a33-967d-4bf4-bc85-e3ff2563432f",
"name": "⏱️ Déclencheur – Analyse Planifiée",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-860,
120
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"name": "🔐 AUTH – Connexion à Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
340
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/session",
"method": "POST",
"options": {
"response": {
"response": {
"fullResponse": "={{ true }}"
}
},
"allowUnauthorizedCerts": true
},
"jsonBody": "{\n \"username\": \"{{ $env.NESSUS_USER }}\",\n \"password\": \"{{ $env.NESSUS_PASS }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{}
]
}
},
"typeVersion": 4.2
},
{
"id": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"name": "🔐 AUTH – Définir le Token API",
"type": "n8n-nodes-base.set",
"position": [
-860,
540
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "6a2b3ad8-a5ae-45a8-98c3-80186948969e",
"name": "X-Cookie",
"type": "string",
"value": "={{ $('🔐 AUTH – Login to Nessus').item.headers['set-cookie'][0].split(';')[0] }}\n"
}
]
},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"name": "🌐 DISC – Initialiser les Segments Réseau",
"type": "n8n-nodes-base.function",
"position": [
-860,
700
],
"parameters": {
"functionCode": "const networkSegments = JSON.parse($env.NETWORK_SEGMENTS || '[]');\nreturn { json: { networkSegments } };"
},
"typeVersion": 1
},
{
"id": "34c4a8c7-918a-4489-9176-2c901493a812",
"name": "🌐 DISC – Découvrir les Actifs",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
880
],
"parameters": {
"url": "https://localhost:8834/scans",
"options": {
"allowUnauthorizedCerts": true
},
"sendHeaders": true,
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ 'token=' + $('🔐 AUTH – Set API Token').item.json.body.token }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"name": "🧠 IA – Traiter les Actifs",
"type": "n8n-nodes-base.function",
"position": [
-860,
1080
],
"parameters": {
"functionCode": "return {\n json: {\n assets: [\n {\n id: \"asset-001\",\n ipAddress: \"10.0.0.1\",\n hostName: \"host-a\"\n },\n {\n id: \"asset-002\",\n ipAddress: \"10.0.0.2\",\n hostName: \"host-b\"\n }\n ]\n }\n};\n"
},
"typeVersion": 1
},
{
"id": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"name": "🔄 UTILS – Diviser les Actifs",
"type": "n8n-nodes-base.splitOut",
"position": [
-1700,
1300
],
"parameters": {
"options": {},
"fieldToSplitOut": "assets"
},
"typeVersion": 1
},
{
"id": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"name": "🧪 SCAN – Exécuter Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1520,
1300
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/scans",
"options": {
"allowUnauthorizedCerts": true
},
"jsonBody": "={\n \"uuid\": \"{{ $env.NESSUS_SCAN_UUID }}\",\n \"settings\": {\n \"name\": \"Scan – {{ $json.hostName || $json.ipAddress }}\",\n \"text_targets\": \"{{ $json.ipAddress }}\",\n \"folder_id\": 3,\n \"launch_now\": true\n }\n}\n\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ $('AUTH – Set API Token').json['X-Cookie'] }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "be2e05e7-3889-465f-bf16-30135e717c1c",
"name": "🔍 SCAN – Traiter les Vulnérabilités",
"type": "n8n-nodes-base.function",
"position": [
-1320,
1300
],
"parameters": {
"functionCode": "return {\n json: {\n vulnerabilities: [\n {\n id: \"vuln-001\",\n cve: \"CVE-2023-1234\",\n risk: \"High\",\n ip: \"10.0.0.1\"\n }\n ]\n }\n};"
},
"typeVersion": 1
},
{
"id": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"name": "🤖 IA – Évaluation des Risques",
"type": "n8n-nodes-base.function",
"position": [
-1020,
1300
],
"parameters": {
"functionCode": "const vulns = $json.vulnerabilities;\n\nreturn vulns.map((v, i) => {\n return {\n json: {\n ...v,\n aiRisk: [6.5, 9.1][i] || 5,\n path: [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3],\n lev: [0.93, 0.72][i] || 0.45\n }\n };\n});"
},
"typeVersion": 1
},
{
"id": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"name": "📊 IA – Trier les Vulnérabilités",
"type": "n8n-nodes-base.function",
"position": [
-860,
1300
],
"parameters": {
"functionCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 1
},
{
"id": "338c4b2e-dbdb-484c-a517-244c6550f502",
"name": "🚦 ALERTE – Déclencheur LEV",
"type": "n8n-nodes-base.if",
"position": [
-620,
1300
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "0888daeb-abba-419a-a069-ec47d7eef9ab",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "{{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "true"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "481c9594-87d0-457f-af1c-b03868765fd5",
"name": "📝 RAPPORT – Générer un Résumé",
"type": "n8n-nodes-base.function",
"position": [
-860,
1820
],
"parameters": {
"functionCode": "const triage = $json;\nconst all = [...triage.expert, ...triage.self, ...triage.monitor];\n\n// Calculate max LEV score\nconst maxLEV = Math.max(...all.map(v => v.lev || 0));\n\n// Get top CVE (prefer expert > self > monitor)\nconst topCVE = triage.expert[0]?.cve || triage.self[0]?.cve || triage.monitor[0]?.cve || \"None\";\n\n// Final return\nreturn {\n summary: {\n expert: triage.expert.length,\n self: triage.self.length,\n monitor: triage.monitor.length,\n total: all.length,\n timestamp: new Date().toISOString(),\n topCVE,\n maxLEV\n },\n emailBody: `\n <h2>🔍 Vulnerability Assessment Report</h2>\n <p><strong>📅 Timestamp:</strong> ${new Date().toISOString()}</p>\n <ul>\n <li><strong>👨💻 Expert Group:</strong> ${triage.expert.length}</li>\n <li><strong>🧪 Self Group:</strong> ${triage.self.length}</li>\n <li><strong>📊 Monitor Group:</strong> ${triage.monitor.length}</li>\n <li><strong>🚨 Max LEV Score:</strong> ${maxLEV}</li>\n <li><strong>💡 Top CVE:</strong> ${topCVE}</li>\n </ul>\n `\n};"
},
"typeVersion": 1
},
{
"id": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"name": "🛠️ UTILS – Éditeur de Champ",
"type": "n8n-nodes-base.set",
"position": [
-860,
1500
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "4d6df3e2-210b-43d6-8b71-edcfed2bf1fc",
"name": "groupData",
"type": "array",
"value": "={{ JSON.parse(JSON.stringify((() => {\n const triage = $json;\n const timestamp = new Date().toISOString();\n return [\n { timestamp, group: \"self\", count: triage.self.length || 0 },\n { timestamp, group: \"expert\", count: triage.expert.length || 0 },\n { timestamp, group: \"monitor\", count: triage.monitor.length || 0 }\n ];\n})())) }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"name": "📄 EXPORT – Sauvegarder dans Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
-400,
1720
],
"parameters": {
"options": {},
"fieldsUi": {
"fieldValues": [
{
"fieldId": "timestamp",
"fieldValue": "={{ $json.summary.timestamp }}"
},
{
"fieldId": "self",
"fieldValue": "={{ $json.summary.self }}"
},
{
"fieldId": "expert",
"fieldValue": "={{ $json.summary.expert }}"
},
{
"fieldId": "monitor",
"fieldValue": "={{ $json.summary.monitor }}"
},
{
"fieldId": "total",
"fieldValue": "={{ $json.summary.total }}"
},
{
"fieldId": "topCVE",
"fieldValue": "={{$json.summary.topCVE}}"
},
{
"fieldId": "maxLEV",
"fieldValue": "={{$json.summary.maxLEV}}"
}
]
},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "summary"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "daily summary report"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 3
},
{
"id": "c27b1b3d-da02-4604-b49b-5c67e9da9aa2",
"name": "ERREUR – En cas d'Échec",
"type": "n8n-nodes-base.errorTrigger",
"position": [
-1780,
260
],
"parameters": {},
"typeVersion": 1
},
{
"id": "f26f685f-f45f-43ba-8542-a364bacb7568",
"name": "🛠️ UTILS – Définir les Données Groupées",
"type": "n8n-nodes-base.set",
"position": [
-1600,
260
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "bc8583cc-bf45-4b39-9336-79bf405bf941",
"name": "timestamp",
"type": "string",
"value": "={{ new Date().toISOString() }}"
},
{
"id": "1cae924e-3639-4f3c-a0f7-c6035ad26ba0",
"name": "workflow",
"type": "string",
"value": "={{ $workflow.name }}"
},
{
"id": "f7f0d797-195b-4483-ba9e-2453f4593dba",
"name": "node",
"type": "string",
"value": "={{ $error.node.name }}"
},
{
"id": "9717bba1-611d-4a6b-9062-a8f53943a89c",
"name": "error message",
"type": "string",
"value": "={{ $error.message }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "9ae08f82-748a-4d8f-9231-261c13362577",
"name": "📄 EXPORT – Ajout à Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
-1280,
260
],
"parameters": {
"columns": {
"value": {
"node": "{{ $json[\"node\"] }}",
"workflow": "{{ $json[\"workflow\"] }}",
"timestamp": "{{ $json[\"timestamp\"] }}",
"error message": "{{ $json[\"error message\"] }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "workflow",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "workflow",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "node",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "node",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "error message",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "error message",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "logs"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "error_log"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "ceea68a1-5323-4e26-af05-0c333c136f61",
"name": "Note6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1840,
560
],
"parameters": {
"color": 7,
"width": 760,
"height": 400,
"content": "⏱️ Trigger – Scheduled Scan \tTrigger scan daily/weekly\n🔐 AUTH – Login to Nessus\t Login to scanner API\n🔐 AUTH – Set API Token\t Store token securely for session\n🌐 DISC – Init Segments\t Initialize IP ranges or subnets\n🌐 DISC – Discover Assets \tIdentify hosts in network scope\n🧠 AI – Process Assets \tRefine asset list for scan input\n🔄 UTILS – Split Assets \tSplit asset data for scanning\n🧪 SCAN – Run Nessus\t Perform scan via Nessus\n🔍 SCAN – Process Findings \tParse and extract vulnerability data\n🤖 AI – Risk Evaluation\t Analyze risk scores using logic/ML\n📊 AI – Triage Findings\t Categorize severity groups\n🚦 ALERT – LEV Trigger\t Check if LEV exceeds threshold\n📧 EMAIL – Alert\t Send report to security team\n📝 REPORT – Generate Summary\t Prepare summary for export/report\n🛠️ UTILS – Field Editor\t Adjust field format for export\n📄 EXPORT – Save to Sheet\t Log results in Google Sheet\n⚠️ ERROR – On Failure\t Trigger error handler on failure\n🛠️ UTILS – Set Grouped Data \tFormat grouped output\n📄 EXPORT – Sheet Append\t Store vulnerability data"
},
"typeVersion": 1
},
{
"id": "07c7104c-7217-42e5-9d35-db6732577adb",
"name": "Note7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
40
],
"parameters": {
"color": 5,
"width": 500,
"height": 360,
"content": "\n\n🔍 IDENTIFY — Asset & Risk Awareness\n\nIdentify all hardware, software, and assets connected to the network. \n- Login to Nessus \n- Initialize segments \n- Discover assets \n- Tag metadata \n(NIST: ID.AM-1, ID.AM-2)\n\n✅ Nodes \n\nAUTH - Login to Nessus\n\nDISC - Initialize Network Segments\n\nDISC - Discover Assets\n\nAI - Process Assets\n"
},
"typeVersion": 1
},
{
"id": "7fb065fb-50fb-4abd-abc3-2e70a063ecf5",
"name": "Note9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
420
],
"parameters": {
"color": 5,
"width": 500,
"height": 300,
"content": "\n\n🛡️ PROTECT — Baseline Security Control\n\nEstablish controls to limit or contain security events. \n- Scheduled scans \n- Role-based scan control \n- Ensure credentials securely managed \n(NIST: PR.AC-1, PR.PT-1)\n\n✅ Nodes \n\nTrigger - Scheduled Scan\n\nAUTH - Set API Token\n"
},
"typeVersion": 1
},
{
"id": "93304aa3-f1b7-4468-9f63-061fbbe3ebf5",
"name": "Note10",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1160,
1280
],
"parameters": {
"color": 3,
"width": 680,
"height": 200,
"content": "🧠 AI Calculate Risk phase"
},
"typeVersion": 1
},
{
"id": "f187080f-4d7a-49df-8deb-75dd36665651",
"name": "Note11",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
740
],
"parameters": {
"color": 2,
"width": 500,
"height": 360,
"content": "\n\n🚨 DETECT — Vulnerability & Threat Scan\n\nContinuously monitor to detect anomalies or security events. \n- Asset split-out \n- Scan via Nessus \n- Process vulnerability data \n(NIST: DE.CM-1, DE.CM-8)\n\n✅ Nodes:\n\nUTILS - Split Assets\n\nSCAN - Run Nessus\n\nSCAN - Process Vulnerabilities\n"
},
"typeVersion": 1
},
{
"id": "987e0856-efd8-41b4-9399-a386b669d751",
"name": "Note12",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1120
],
"parameters": {
"color": 3,
"width": 500,
"height": 340,
"content": "\n\n⚠️ RESPOND — Risk Intelligence & Alerts\n\nAnalyze, prioritize, and respond to detected threats. \n- AI-based LEV scoring \n- Triage vulnerabilities \n- Trigger critical alerts \n(NIST: RS.AN-1, RS.RP-1)\n\n✅ Nodes:\n\nAI - Risk Evaluation\n\nAI - Triage Vulnerabilities\n\nALERT - LEV Trigger"
},
"typeVersion": 1
},
{
"id": "496dabfa-4ecb-4f9f-8633-0877f5e9698f",
"name": "Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1480
],
"parameters": {
"color": 6,
"width": 500,
"height": 340,
"content": "\n\n🔁 RECOVER — Reporting & Remediation Support\n\nDocument, communicate, and improve based on assessments. \n- Generate summary \n- Email report to team \n- Export to Google Sheets \n(NIST: RC.IM-1, RC.CO-1)\n\n✅ Nodes:\n\nREPORT - Generate Summary\n\nEXPORT - Save to Sheet\n\nSend Email\n\n"
},
"typeVersion": 1
},
{
"id": "72ec5990-d65b-4dea-9570-a450f5b12256",
"name": "Note8",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
40
],
"parameters": {
"color": 7,
"width": 1240,
"height": 540,
"content": "\n\n\nCyberScan presenting an evidence-based, industry-backed strategy:\n\nLEV metric enhances risk-based prioritization.\n\nCyberScan showcase the flaws in EPSS and how you overcome them.\n\nCyberScan align with federal cybersecurity directives (like BOD 22-01 and KEV compliance).\n\nThis makes CyberScan audit-friendly, policy-aligned, and modern—something many companies care about.\n\n\n \n\n\n\n\n| **1. Identify** | “🧠 Threat Inventory & CVE Scope” | Maps to CVE enumeration; ensures CyberScan starts by identifying scope of all assets and their exposure, Based on NVD/CVE/EPSS\n \n\n| **2. Protect** | “🔐 Hardening & Patch Guidance” | Aligns with remediation prioritization from LEV + KEV lists. Focus on patch strategies & mitigation workflows. \n\n\n| **3. Detect** | “🛰️ Vulnerability Monitoring Logic” | Covers how CyberScan detects exploit attempts using EPSS predictions and LEV metric to find *likely exploited vulnerabilities*. \n\n\n| **4. Respond** | “🚨 Automated Risk Response” | Showcases logic for how CyberScan handles high-risk CVEs (KEV, LEV > 0.9), sending alerts or blocking actions. \n\n\n| **5. Recover** | “♻️ Learning & Improvement Loop” | Focus on logging, metrics, audit trail, and recurring updates using EPSS and NIST recommendations. Enables cyber resilience. \n\n\n"
},
"typeVersion": 1
},
{
"id": "fd06cc70-22bd-44fe-bb80-92a56976ab90",
"name": "Note13",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
-80
],
"parameters": {
"color": 7,
"width": 500,
"height": 100,
"content": "\n\nCyberScan visually engaging within the n8n editor and align it with NIST cybersecurity framework stages"
},
"typeVersion": 1
},
{
"id": "9a09262e-327c-4bd6-a226-b9fffcdbab4e",
"name": "Note14",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
-120
],
"parameters": {
"color": 7,
"width": 1240,
"height": 80,
"content": "\n\nNIST CSF and insights from the NIST.CSWP.41 paper on Likely Exploited Vulnerabilities.\n\n\n"
},
"typeVersion": 1
},
{
"id": "75c4e2f7-90f1-468e-a930-f84bba5cc8d2",
"name": "Note15",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
-120
],
"parameters": {
"color": 7,
"width": 500,
"height": 140,
"content": "\n\n📌 Compliance Alignment\n\n✅ CyberScan aligns with NIST CSF Cybersecurity controls designed around the 5 core NIST functions. \nBuilt on n8n, supports compliance reporting.\n"
},
"typeVersion": 1
},
{
"id": "df706700-7bf4-4e19-a432-63749c05f7b2",
"name": "Note16",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
600
],
"parameters": {
"color": 7,
"width": 1560,
"height": 440,
"content": "\n\n\nGlossary of Key Terms\n |\n\n| **LEV** | **Likely Exploited Vulnerabilities** | A scoring system by NIST (in CSWP 41) that predicts if a vulnerability is likely to be exploited based on real-world intelligence. |\n\n| **BOD 22-01** | **Binding Operational Directive 22-01** | A federal mandate requiring U.S. government agencies to patch known exploited vulnerabilities from CISA’s KEV catalog. |\n\n| **NIST CSF** | **National Institute of Standards and Technology Cybersecurity Framework** | A 5-stage security model (Identify, Protect, Detect, Respond, Recover) used by governments and enterprises for cyber defense planning. |\n\n| **EPSS** | **Exploit Prediction Scoring System** | A machine-learning based model that estimates the probability of a CVE being exploited within the next 30 days. |\n\n| **CSWP** | **Cybersecurity White Paper** | A detailed NIST publication that shares new concepts, guidance, and metrics for cybersecurity defense (e.g., CSWP.41 introduced LEV). |\n\n| **KEV** | **Known Exploited Vulnerabilities** | A catalog from CISA that lists CVEs confirmed to be actively exploited in the wild. |\n\n| **UTILS** | **CyberScan Utilities** (Custom term in your workflow) | Utility nodes in your workflow, like date formatters, filters, or metadata handlers. You can rename this group to \"UTILS\" for better organization. |\n\n| **CVE** | **Common Vulnerabilities and Exposures** | An ID system used to catalog known cybersecurity vulnerabilities in software and hardware. |\n\n| **CISA** | **Cybersecurity and Infrastructure Security Agency** | A U.S. federal agency that maintains the KEV list and enforces directives like BOD 22-01. |\n"
},
"typeVersion": 1
},
{
"id": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"name": "Code1",
"type": "n8n-nodes-base.code",
"position": [
-1440,
260
],
"parameters": {
"jsCode": "const msg = $json[\"error message\"] || \"\";\nconst sanitized = msg\n .replace(/\\b\\d{1,3}(\\.\\d{1,3}){3}\\b/g, '***.***.***.***') // IPs\n .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[email]')\n .replace(/apikey=\\w+/gi, 'apikey=[redacted]')\n .replace(/https:\\/\\/[^\\s]+/g, 'https://[url]');\n\nreturn [{ json: {\n timestamp: $json[\"timestamp\"],\n workflow: $json[\"workflow\"],\n node: $json[\"node\"],\n \"error message\": sanitized\n}}];"
},
"typeVersion": 2
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "4f90f7a3-81cc-4334-a2df-5f9daf68939e",
"connections": {
"8815595e-a521-40be-8293-cb4bcec276fa": {
"main": [
[
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"8c120e7f-c8e0-4173-a58f-11d6dedb2998": {
"main": [
[
{
"node": "9ae08f82-748a-4d8f-9231-261c13362577",
"type": "main",
"index": 0
}
]
]
},
"c27b1b3d-da02-4604-b49b-5c67e9da9aa2": {
"main": [
[
{
"node": "f26f685f-f45f-43ba-8542-a364bacb7568",
"type": "main",
"index": 0
}
]
]
},
"3022ba53-e2f0-4cf3-872a-889fb65b9311": {
"main": [
[
{
"node": "be2e05e7-3889-465f-bf16-30135e717c1c",
"type": "main",
"index": 0
}
]
]
},
"338c4b2e-dbdb-484c-a517-244c6550f502": {
"main": [
[
{
"node": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"type": "main",
"index": 0
}
],
[
{
"node": "481c9594-87d0-457f-af1c-b03868765fd5",
"type": "main",
"index": 0
}
]
]
},
"4e82b300-3fa5-4fbd-9055-8636f0c87a7e": {
"main": [
[
{
"node": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"type": "main",
"index": 0
}
]
]
},
"d635e765-4121-4f6a-9898-ecb26c930ff1": {
"main": [
[
{
"node": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"type": "main",
"index": 0
}
]
]
},
"fcab6fc5-90b7-4ebe-8919-f107a619d9d2": {
"main": [
[
{
"node": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"type": "main",
"index": 0
}
]
]
},
"19eb1ac3-5ce2-48f1-b4f3-8807e968f068": {
"main": [
[
{
"node": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"type": "main",
"index": 0
}
]
]
},
"34c4a8c7-918a-4489-9176-2c901493a812": {
"main": [
[
{
"node": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"type": "main",
"index": 0
}
]
]
},
"af12b887-2a0f-4f87-a16e-05b32e0f81d4": {
"main": [
[]
]
},
"c4ac0db7-a571-4b89-b119-99f368d17e46": {
"main": [
[
{
"node": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"type": "main",
"index": 0
}
]
]
},
"657c0890-0dbd-4d1c-b6c8-51d451d66f6b": {
"main": [
[
{
"node": "8815595e-a521-40be-8293-cb4bcec276fa",
"type": "main",
"index": 0
}
]
]
},
"481c9594-87d0-457f-af1c-b03868765fd5": {
"main": [
[
{
"node": "0870b24e-73db-4732-a523-72d36cee59c3",
"type": "main",
"index": 0
},
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"0a819a33-967d-4bf4-bc85-e3ff2563432f": {
"main": [
[
{
"node": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"type": "main",
"index": 0
}
]
]
},
"34374b11-c7a5-483c-8f69-d39b09d0b967": {
"main": [
[
{
"node": "338c4b2e-dbdb-484c-a517-244c6550f502",
"type": "main",
"index": 0
},
{
"node": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"type": "main",
"index": 0
}
]
]
},
"f26f685f-f45f-43ba-8542-a364bacb7568": {
"main": [
[
{
"node": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"type": "main",
"index": 0
}
]
]
},
"be2e05e7-3889-465f-bf16-30135e717c1c": {
"main": [
[
{
"node": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"type": "main",
"index": 0
}
]
]
},
"4cbcc3bb-1288-449d-9147-8158e6372f46": {
"main": [
[
{
"node": "34c4a8c7-918a-4489-9176-2c901493a812",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Avancé - Opérations de sécurité, Résumé IA
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
CYBERPULSEBlueOps_ Module 1 Copie client 1
Ingestion automatisée des sources de données CVE et IOC, avec évaluation des risques par OpenAI et alertes par e-mail
If
Code
Merge
+
If
Code
Merge
21 NœudsAdnan Tariq
Opérations de sécurité
M4 - Classificateur d'événements
Utiliser GPT-4 et Google Sheets pour classer automatiquement les événements de sécurité pour les équipes SOC
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 NœudsAdnan Tariq
Opérations de sécurité
Évaluation automatisée des contrôles PCI
Utiliser Google Sheets pour automatiser l'évaluation du contrôle PCI DSS et le suivi de la conformité
If
Set
Code
+
If
Set
Code
19 NœudsAdnan Tariq
Opérations de sécurité
M5 - Répondeur automatique
Automatiser la réponse aux incidents de sécurité : Google Sheets, alertes par e-mail et isolement EDR
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 NœudsAdnan Tariq
Opérations de sécurité
Workflow Adobe Stock
Générez des images de matériel IA avec Flux1-schnell, marquage de métadonnées et intégration Google
If
Set
Code
+
If
Set
Code
48 Nœudsvictor Adriano
Design
Prospection et workflow d'e-mails
Utiliser Google Maps, SendGrid et l'IA pour automatiser le développement de prospects B2B et le marketing par e-mail
If
Set
Code
+
If
Set
Code
141 NœudsEzema Kingsley Chibuzo
Génération de leads
Informations sur le workflow
Niveau de difficulté
Avancé
Nombre de nœuds39
Catégorie2
Types de nœuds11
Description de la difficulté
Auteur
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
Liens externes
Voir sur n8n.io →
Partager ce workflow