CYBERPULSEBlueOps_ Module 1 Copie client 1
Avancé
Ceci est unSecOps, AI Summarizationworkflow d'automatisation du domainecontenant 21 nœuds.Utilise principalement des nœuds comme If, Code, Merge, Switch, SplitOut. Ingestion automatisée des sources de données CVE et IOC, avec évaluation des risques par OpenAI et alertes par e-mail
Prérequis
- •Peut nécessiter les informations d'identification d'authentification de l'API cible
- •Informations d'identification Google Sheets API
Nœuds utilisés (21)
Catégorie
Aperçu du workflow
Visualisation des connexions entre les nœuds, avec support du zoom et du déplacement
Exporter le workflow
Copiez la configuration JSON suivante dans n8n pour importer et utiliser ce workflow
{
"id": "FOKoHtdHL2JKFwpH",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CYBERPULSEBlueOps_Module1 client copy1",
"tags": [
{
"id": "0obxZlT9bSaIMBpV",
"name": "Threat Intake",
"createdAt": "2025-05-23T06:15:09.978Z",
"updatedAt": "2025-05-23T06:15:09.978Z"
},
{
"id": "2rUQt7xpJikyzCUP",
"name": "(ACSC E8 + ISM-Aligned)",
"createdAt": "2025-06-04T06:23:02.488Z",
"updatedAt": "2025-06-04T06:23:02.488Z"
}
],
"nodes": [
{
"id": "b9325536-f714-437d-8dc3-2dfbfd6d58a7",
"name": "⏰ Cron – Déclencheur Quotidien",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-220,
-560
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"name": "🌐 Obtenir le Flux CVE",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-640
],
"parameters": {
"url": "https://gist.githubusercontent.com/gitadta/bdcb18b2450c5561a4b69ae9327383a8/raw/d9637907229a0a7e2bd6f5a5b6b2f04e6248aac1/cve-2023-26479.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"name": "🛡️ Obtenir le Flux IOC",
"type": "n8n-nodes-base.httpRequest",
"position": [
20,
-480
],
"parameters": {
"url": "=https://gist.githubusercontent.com/gitadta/fddb9eb942cd3494c2e187117976d430/raw/1873c10c1a375c94b8afe3eed2772045c0a66568/ioc-feed.json",
"options": {
"response": {
"response": {
"responseFormat": "json"
}
}
}
},
"typeVersion": 4.2
},
{
"id": "080ac947-b10c-4492-8f55-79e27b9982c0",
"name": "🧠 Fusionner les Données de Menace",
"type": "n8n-nodes-base.merge",
"position": [
220,
-560
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"name": "🧠 Combiner les Données de Menace",
"type": "n8n-nodes-base.code",
"position": [
220,
-360
],
"parameters": {
"jsCode": "const cve = items[0].json;\nconst iocs = items[1].json.iocs || [];\n\nreturn [\n {\n json: {\n cve,\n iocs\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "68ccba75-0a92-4cd1-8306-24daafe59333",
"name": "🧠 IA – Évaluation des Risques",
"type": "n8n-nodes-base.code",
"position": [
220,
-180
],
"parameters": {
"jsCode": "const data = $input.all();\nreturn data.map((item, i) => {\n const baseScore = item.json.cve?.impact?.baseMetricV3?.cvssV3?.baseScore || 0;\n const aiRisk = [6.5, 9.1][i] || 5;\n const path = [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3];\n const lev = [0.93, 0.72][i] || 0.45;\n\n return {\n json: {\n ...item.json,\n aiRisk,\n path,\n lev\n }\n };\n});"
},
"typeVersion": 2
},
{
"id": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"name": "🧠 IA – Trier les Vulnérabilités",
"type": "n8n-nodes-base.code",
"position": [
220,
0
],
"parameters": {
"jsCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 2
},
{
"id": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"name": "🚨 ALERTE – Déclencheur LEV",
"type": "n8n-nodes-base.if",
"position": [
220,
200
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "loose"
},
"combinator": "and",
"conditions": [
{
"id": "f170e1cc-2692-4fcc-8def-6b1e5f01af84",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "=true"
}
]
},
"looseTypeValidation": true
},
"typeVersion": 2.2
},
{
"id": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"name": "📧 Envoyer l'Alerte par E-mail",
"type": "n8n-nodes-base.emailSend",
"position": [
420,
140
],
"webhookId": "48963cc6-c85f-4946-92bd-2c91a1a255ef",
"parameters": {
"html": "=<h2>🚨 Critical Alert</h2>\n<p>The following high-risk CVEs were identified:</p>\n<pre>{{ JSON.stringify($json.expert, null, 2) }}</pre>\n",
"options": {},
"subject": "🚨 CyberPulse Alert – Critical Vulnerabilities Detected",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
420,
300
],
"parameters": {
"columns": {
"value": {
"IOCs": "={{ JSON.stringify($(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].iocs) }}",
"Score": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseScore }}",
"CVE_ID": "={{ $(\"🚨 ALERT – LEV Trigger\").item.json.expert[0].cve.cve.CVE_data_meta.ID }}",
"Severity": "={{ $json.expert[0].cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}",
"LEV_label": "={{ $json.expert[0].levLabel }}",
"LEV_score": "={{ $json.expert[0].levScore }}",
"timestamp": "={{ new Date().toISOString() }}",
"aiRisk_score": "={{ $json.expert[0].aiRisk }}",
"compliance_tags": "\"{{ 'ISM-0412, E8-6' }}\"",
"response_action": "={{ $json.expert[0].levLabel.toLowerCase() }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "CVE_ID",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "CVE_ID",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Severity",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Severity",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "Score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "Score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "IOCs",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "IOCs",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "aiRisk_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "aiRisk_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_score",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_score",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "LEV_label",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "LEV_label",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "response_action",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "response_action",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "compliance_tags",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "compliance_tags",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1LeES3AaZG1AZHFd4g2FMgZx790AP_9Qd1OsIE774R-M/edit#gid=0",
"cachedResultName": "Sheet1"
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"name": "🧠 IA – Sélecteur de Playbook d'Incident",
"type": "n8n-nodes-base.code",
"position": [
660,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default response\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook: playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];\n"
},
"typeVersion": 2
},
{
"id": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
840,
-180
],
"parameters": {
"jsCode": "const threat = $json;\nconst score = threat.Score || 0;\nconst severity = (threat.Severity || \"\").toUpperCase();\n\nlet playbook = \"notify\"; // Default fallback\n\nif (score >= 9 || severity === \"CRITICAL\") {\n playbook = \"isolation\";\n} else if (score >= 6 || severity === \"HIGH\") {\n playbook = \"monitor\";\n}\n\nreturn [\n {\n json: {\n ...threat,\n response: {\n playbook,\n decisionReason: `Based on CVSS ${score} and severity ${severity}`\n }\n }\n }\n];"
},
"typeVersion": 2
},
{
"id": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"name": "🧭 Routeur de Réponse",
"type": "n8n-nodes-base.switch",
"position": [
1020,
-180
],
"parameters": {
"rules": {
"values": [
{
"outputKey": "notify",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "04b84cf7-971d-4f6e-a4c3-4609afd67140",
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "notify"
}
]
},
"renameOutput": true
},
{
"outputKey": "monitor",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "402dbac5-1a9e-4862-a281-7dfd42cf2729",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": " monitor"
}
]
},
"renameOutput": true
},
{
"outputKey": "islolation",
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "b0100303-40c4-409e-8f95-b9cab699eedd",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.response.playbook }}",
"rightValue": "isolation"
}
]
},
"renameOutput": true
}
]
},
"options": {
"ignoreCase": true
}
},
"typeVersion": 3.2
},
{
"id": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"name": "Envoyer l'Alerte par E-mail",
"type": "n8n-nodes-base.emailSend",
"position": [
1340,
-360
],
"webhookId": "decb9f47-14ee-49f7-9317-2d52a39f97bd",
"parameters": {
"html": "=<!DOCTYPE html>\n<html>\n<head>\n <style>\n body {\n font-family: Arial, sans-serif;\n color: #333;\n }\n h2 {\n color: #b30000;\n }\n .section {\n margin-bottom: 20px;\n }\n .section-critical {\n background-color: #ffe5e5;\n padding: 15px;\n border-left: 5px solid #cc0000;\n }\n .section-iocs {\n border: 1px solid #ccc;\n border-radius: 5px;\n padding: 10px;\n }\n .section-high {\n background-color: #fff3e0;\n padding: 15px;\n border-left: 5px solid #ff9800;\n }\n .next-steps {\n background-color: #e8f5e9;\n padding: 15px;\n border-left: 5px solid #4caf50;\n }\n table {\n width: 100%;\n border-collapse: collapse;\n margin-top: 10px;\n }\n th, td {\n padding: 8px;\n border: 1px solid #999;\n text-align: left;\n }\n .comment {\n font-style: italic;\n font-size: 0.95em;\n color: #555;\n margin-top: 10px;\n }\n </style>\n</head>\n<body>\n\n<h2>🚨 Critical Alert – {{ $json.cve.cve.CVE_data_meta.ID }}</h2>\n\n<div class=\"section section-critical\">\n <p><b>📰 Summary:</b> {{ $json.cve.description.description_data[0].value }}</p>\n <p><b>📉 Severity:</b> \n <span style=\"color: \n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'CRITICAL' ? 'red' : \n $json.cve.impact.baseMetricV3.cvssV3.baseSeverity === 'HIGH' ? 'orange' : \n 'black' }}\">\n {{ $json.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\n </span>\n </p>\n <p><b>📊 CVSS Score:</b> {{ $json.cve.impact.baseMetricV3.cvssV3.baseScore }}</p>\n</div>\n\n<div class=\"section section-iocs\">\n <b>📌 Indicators of Compromise (IOCs)</b>\n <table>\n <tr><th>Type</th><th>Value</th></tr>\n {{ $json.iocs.map(ioc => `<tr><td>${ioc.type}</td><td>${ioc.value}</td></tr>`).join('') }}\n </table>\n</div>\n\n<div class=\"section section-high\">\n <b>🧠 AI Risk Evaluation</b>\n <ul>\n <li><b>aiRisk Score:</b> {{ $json.aiRisk }}</li>\n <li><b>LEV Score:</b> {{ $json.lev }}</li>\n <li><b>LEV Label:</b> {{ $json.levLabel }}</li>\n <li><b>Response Assigned:</b> \n <span style=\"color: darkred;\">{{ $json.response.playbook }}</span>\n </li>\n </ul>\n <div class=\"comment\">\n 💬 Based on AI analysis, this CVE meets critical exploitability thresholds with confirmed indicators in your threat environment. Immediate action is advised.\n </div>\n</div>\n\n<div class=\"section next-steps\">\n <b>✅ Next Steps:</b>\n <ol>\n <li>Isolate affected endpoints immediately</li>\n <li>Apply latest patches for {{ $json.cve.cve.CVE_data_meta.ID }}</li>\n <li>Update threat database and notify internal stakeholders</li>\n </ol>\n</div>\n\n</body>\n</html>\n<p style=\"font-size: 11px; color: #888;\">\n <hr style=\"border: none; border-top: 1px solid #ddd; margin: 24px 0;\">\n\n<p style=\"font-size: 11px; color: #888; line-height: 1.5;\">\n 🔒 Aligned with <strong>ACSC Essential Eight</strong> & <strong>ISM 2024</strong> (Australia), and structured using the <strong>NIST Cybersecurity Framework</strong> and <strong>ISO/IEC 27001</strong> principles.<br>\n Designed for SMEs and security teams worldwide.\n</p>\n\n<p style=\"font-size: 10px; color: #aaa;\">\n This alert was automatically generated by <strong>CYBERPULSEBlueOps</strong> using n8n.\n</p>\n",
"options": {},
"subject": "=🚨 Cyber Alert: {{ $json.response.playbook.toUpperCase() }} Required",
"toEmail": "security-team@example.com",
"fromEmail": "security-team@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"name": "Journaliser dans Google Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
1340,
-180
],
"parameters": {
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "",
"cachedResultUrl": "",
"cachedResultName": ""
},
"documentId": {
"__rl": true,
"mode": "id",
"value": "={{ $env.SHEET_ID }}"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"name": "HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"position": [
1340,
0
],
"parameters": {
"url": "https://edr-api.example.com/isolate",
"method": "POST",
"options": {},
"jsonBody": "={\n \"device_ip\": \"{{ $json.iocs[0].value }}\",\n \"cve_id\": \"{{ $json.cve.cve.CVE_data_meta.ID }}\",\n \"severity\": \"{{ $json.cve.cve.impact.baseMetricV3.cvssV3.baseSeverity }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "Authorization"
},
{
"name": "Content-Type",
"value": "application/json"
}
]
}
},
"typeVersion": 4.2
},
{
"id": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"name": "Diviser",
"type": "n8n-nodes-base.splitOut",
"position": [
500,
-180
],
"parameters": {
"include": "allOtherFields",
"options": {},
"fieldToSplitOut": "iocs"
},
"typeVersion": 1
},
{
"id": "da91b5b0-a2ff-4d91-9837-eafdb1aa7ed4",
"name": "Note Adhésive",
"type": "n8n-nodes-base.stickyNote",
"position": [
1600,
-380
],
"parameters": {
"color": 7,
"width": 560,
"height": 1160,
"content": "\n🛡️ CYBERPULSEBlueOps – Module 1: Threat Feed Ingestion\n\nVersion: 1.0\nLast Updated: 2025-06-04\nAuthor: Adnan Tariq\nStatus: ✅ Production-Ready\n\n🔍 Purpose\n\nAutomates daily ingestion of CVE and IOC threat feeds, enriches and evaluates risks using AI-based triage, and routes alerts to notification, isolation, or monitoring actions. Structured to align with compliance frameworks and operational defense workflows.\n\n🔗 Data Sources\n\nCVE Feed: GitHub Gist (cve_data)\n\nIOC Feed: GitHub Gist (ioc_data)\n\nIngest frequency: Daily via Cron Trigger\n\n🧠 Key Components\n\nAI – Risk Evaluation for aiRisk scoring\n\nAI – Triage Vulnerabilities for LEV scoring & labels\n\n📘 Response Router assigns notify, monitor, or isolate\n\nLogs exported to Google Sheets with:\n\nCVE_ID, Severity, Score, IOCs\n\naiRisk_score, LEV_score, LEV_label, response_action\n\nCompliance tags: ISM-0412, E8-6\n\n✅ Compliance Alignment\n\n ACSC Essential Eight (Australia)\n\n ISM 2024 Logging Guidelines\n\n NIST Cybersecurity Framework\n\n ISO/IEC 27001 Control Mapping\n\n✉️ Output\n\nHTML emails with risk-based alert summaries\n\nGoogle Sheets row logs\n\n(Optional) HTTP isolation request via EDR API\n\n⚠️ Do not modify node structure without understanding data propagation and rule routing. All logic assumes LEV triage is the decision root."
},
"typeVersion": 1
},
{
"id": "1bae77e9-6f51-4a51-85d6-051ad1198030",
"name": "Note Adhésive1",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
-380
],
"parameters": {
"color": 7,
"width": 1080,
"height": 680,
"content": "\n🧠 What is Module 1?\nModule 1 is like a security robot that wakes up every morning, reads danger news from the internet (called CVEs and IOCs), checks how risky it is, and then tells the grown-ups what to do.\n\n🧾 Why are there 2 Google Sheet blocks?\n1️⃣ First Google Sheet:\n➡️ It writes down big dangerous alerts that need attention (like “Critical Virus Found!”).\nThis is like a red alert notebook.\n\n2️⃣ Second Google Sheet:\n➡️ It writes down everything it finds, even small stuff, in a daily logbook.\nThis is the diary of what the robot saw today.\n\n✉️ Why are there 2 Email Alerts?\n1️⃣ First Email:\n📨 Sends a special alert when something very risky happens (like an emergency siren).\nExample: \"This computer might be in big trouble!\"\n\n2️⃣ Second Email:\n📨 Sends a daily summary email with a table.\nExample: “Today I saw: 1 Critical, 1 Medium, 1 Low.”\n\n🌐 Why is there 1 HTTP Request?\n🌍 This is the robot’s panic button.\nIf the robot says, “This is too dangerous,” it can call another robot (like an EDR system) to shut down or isolate the infected computer.\n\nBut this button is optional — like only calling the fire truck when needed.\n\n💡 In Short:\n🧾 Two sheets: one for alerts, one for daily diary\n\n✉️ Two emails: one for emergency, one for daily summary\n\n🌐 One optional panic button: for calling help if danger is too high"
},
"typeVersion": 1
},
{
"id": "0a7a9166-b06d-4a48-9420-70af07392046",
"name": "Note Adhésive2",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
320
],
"parameters": {
"color": 7,
"width": 580,
"height": 180,
"content": "\n📘 Module 1 Glossary – What Each Term Means\n\n• **aiRisk** – AI-generated risk score (e.g. 6.5) based on CVE severity + behavior \n• **LEV Score** – Local Exploitability score (e.g. 0.93) — how likely it affects *you* \n• **LEV Label** – Text label from LEV score (e.g. `notify`, `monitor`, `isolate`) \n• **response_action** – What the system decided to do (e.g. alert, log, isolate) \n• **IOC** – Indicator of Compromise like a suspicious IP, domain, or file hash \n• **CVE** – Known vulnerability from public sources (e.g. CVE-2023-26479)\n"
},
"typeVersion": 1
},
{
"id": "c3323b86-bb2b-4d62-9dcc-2509a1a6b893",
"name": "Note Adhésive3",
"type": "n8n-nodes-base.stickyNote",
"position": [
2180,
520
],
"parameters": {
"color": 7,
"width": 580,
"height": 480,
"content": "\n🛡️ Framework Integration Summary – Module 1\n\nACSC Essential Eight (Australia)\n✔ Implements daily threat monitoring and log collection, aligning with mitigation strategies like patching and application control.\n\nISM 2024 Logging Guidelines (Australia)\n✔ Logs high-risk CVEs, IOCs, and AI-evaluated actions to structured, queryable formats (Google Sheets, Emails).\n✔ Includes severity, timestamps, and response decisions — meets ISM log detail requirements.\n\nNIST Cybersecurity Framework (CSF) (US)\n✔ Aligns with:\n\nIdentify (tracking known CVEs),\n\nDetect (via AI risk analysis),\n\nRespond (action routing via LEV logic).\n\nISO/IEC 27001\n✔ Supports control A.12.4 (Event logging) and A.16 (Incident response) by providing automated alerts, logs, and response recommendations."
},
"typeVersion": 1
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "b9d78a57-e42a-4b2a-92d4-30a29f06178a",
"connections": {
"2aa9749e-cf1d-49ee-8a82-b75a6a62d1af": {
"main": [
[
{
"node": "6dd8f1cf-4459-4496-b547-205da0aa2ab7",
"type": "main",
"index": 0
}
]
]
},
"d5376f73-da94-4a39-9129-7f94c9b6d86c": {
"main": [
[
{
"node": "6be8438a-956d-4ac6-94e5-dc22cebaa178",
"type": "main",
"index": 0
}
]
]
},
"4123923e-bbbd-4234-8769-43dcd65cf9c8": {
"main": [
[]
]
},
"c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 0
}
]
]
},
"e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452": {
"main": [
[
{
"node": "080ac947-b10c-4492-8f55-79e27b9982c0",
"type": "main",
"index": 1
}
]
]
},
"6dd8f1cf-4459-4496-b547-205da0aa2ab7": {
"main": [
[
{
"node": "4123923e-bbbd-4234-8769-43dcd65cf9c8",
"type": "main",
"index": 0
}
],
[
{
"node": "d76f1894-ae5c-4c22-b326-7daec1cdf359",
"type": "main",
"index": 0
}
],
[
{
"node": "9d9a56b4-13fd-40f8-a29a-4d3a3febfc19",
"type": "main",
"index": 0
}
]
]
},
"2341d7f3-4f5e-4bf0-8b96-fb64c4d46344": {
"main": [
[]
]
},
"080ac947-b10c-4492-8f55-79e27b9982c0": {
"main": [
[
{
"node": "80c5acb7-743a-44d7-8482-a5d429a973bd",
"type": "main",
"index": 0
}
]
]
},
"80c5acb7-743a-44d7-8482-a5d429a973bd": {
"main": [
[
{
"node": "68ccba75-0a92-4cd1-8306-24daafe59333",
"type": "main",
"index": 0
}
]
]
},
"b9325536-f714-437d-8dc3-2dfbfd6d58a7": {
"main": [
[
{
"node": "c9f242d6-6d9c-4a27-8a43-b678c4b3dbeb",
"type": "main",
"index": 0
},
{
"node": "e1f9ea1c-e934-4ecd-957d-8c7e5f8c1452",
"type": "main",
"index": 0
}
]
]
},
"3cbac00e-3bf1-4f68-99e2-e2027d3d2648": {
"main": [
[
{
"node": "2341d7f3-4f5e-4bf0-8b96-fb64c4d46344",
"type": "main",
"index": 0
},
{
"node": "bead2d6d-aeec-49a3-99b0-6550976cfa91",
"type": "main",
"index": 0
}
]
]
},
"68ccba75-0a92-4cd1-8306-24daafe59333": {
"main": [
[
{
"node": "9f74ff1c-57ae-48ae-989d-b27b64895c53",
"type": "main",
"index": 0
},
{
"node": "d5376f73-da94-4a39-9129-7f94c9b6d86c",
"type": "main",
"index": 0
}
]
]
},
"9f74ff1c-57ae-48ae-989d-b27b64895c53": {
"main": [
[
{
"node": "3cbac00e-3bf1-4f68-99e2-e2027d3d2648",
"type": "main",
"index": 0
}
]
]
},
"6be8438a-956d-4ac6-94e5-dc22cebaa178": {
"main": [
[
{
"node": "2aa9749e-cf1d-49ee-8a82-b75a6a62d1af",
"type": "main",
"index": 0
}
]
]
}
}
}Foire aux questions
Comment utiliser ce workflow ?
Copiez le code de configuration JSON ci-dessus, créez un nouveau workflow dans votre instance n8n et sélectionnez "Importer depuis le JSON", collez la configuration et modifiez les paramètres d'authentification selon vos besoins.
Dans quelles scénarios ce workflow est-il adapté ?
Avancé - Opérations de sécurité, Résumé IA
Est-ce payant ?
Ce workflow est entièrement gratuit et peut être utilisé directement. Veuillez noter que les services tiers utilisés dans le workflow (comme l'API OpenAI) peuvent nécessiter un paiement de votre part.
Workflows recommandés
Copie Github de CyberScan
Scanner de vulnérabilités par IA basé sur Nessus, classification des risques et rapports Google Sheets
If
Set
Code
+
If
Set
Code
39 NœudsAdnan Tariq
Opérations de sécurité
Prospection et workflow d'e-mails
Utiliser Google Maps, SendGrid et l'IA pour automatiser le développement de prospects B2B et le marketing par e-mail
If
Set
Code
+
If
Set
Code
141 NœudsEzema Kingsley Chibuzo
Génération de leads
Évaluation automatisée des contrôles PCI
Utiliser Google Sheets pour automatiser l'évaluation du contrôle PCI DSS et le suivi de la conformité
If
Set
Code
+
If
Set
Code
19 NœudsAdnan Tariq
Opérations de sécurité
Analyse intelligente quotidienne des groupes WhatsApp : Analyse GPT-4.1 et transcription des messages vocaux
Analyse intelligente des groupes WhatsApp quotidiens : analyse GPT-4.1 et transcription des messages vocaux
If
Set
Code
+
If
Set
Code
52 NœudsDaniel Lianes
Divers
M5 - Répondeur automatique
Automatiser la réponse aux incidents de sécurité : Google Sheets, alertes par e-mail et isolement EDR
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 NœudsAdnan Tariq
Opérations de sécurité
M4 - Classificateur d'événements
Utiliser GPT-4 et Google Sheets pour classer automatiquement les événements de sécurité pour les équipes SOC
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 NœudsAdnan Tariq
Opérations de sécurité
Informations sur le workflow
Niveau de difficulté
Avancé
Nombre de nœuds21
Catégorie2
Types de nœuds10
Description de la difficulté
Auteur
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
Liens externes
Voir sur n8n.io →
Partager ce workflow