自動安全アラート分類:NixGuard AIおよびSlackやJiraへのルーティング
上級
これはSecOps, AI Summarization分野の自動化ワークフローで、19個のノードを含みます。主にIf, Set, Code, Slack, Switchなどのノードを使用。 NixGuard AIによる自動セキュリティアラート分類:SlackまたはJiraへのルーティング
前提条件
- •Slack Bot Token または Webhook URL
ワークフロープレビュー
ノード接続関係を可視化、ズームとパンをサポート
ワークフローをエクスポート
以下のJSON設定をn8nにインポートして、このワークフローを使用できます
{
"meta": {
"instanceId": "558d88703fb65b2d0e44613bc35916258b0f0bf983c5d4730c00c424b77ca36a",
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "40fb885c-9077-447c-a236-2262ff465d29",
"name": "毎日午前8時に実行",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
740,
1380
],
"parameters": {
"rule": {
"interval": [
{
"field": "hours"
}
]
}
},
"typeVersion": 1.1
},
{
"id": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"name": "アラート配列の解析",
"type": "n8n-nodes-base.code",
"position": [
760,
1620
],
"parameters": {
"jsCode": "// Get the raw output string from the previous node.\nconst rawOutput = $input.first().json.output;\n\n// The AI often wraps JSON in Markdown code blocks (```json ... ```).\n// We need to extract the pure JSON string from inside the fences.\n// This regex will find the content between the fences. If no fences are found,\n// it will fall back to using the entire rawOutput string.\nconst jsonStringMatch = rawOutput.match(/```json\\s*([\\s\\S]*?)\\s*```/);\nconst jsonString = jsonStringMatch ? jsonStringMatch[1] : rawOutput.trim();\n\n// Now, try to parse the *cleaned* string.\ntry {\n const alerts = JSON.parse(jsonString);\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Pass the alerts to the next node.\n return [{ json: { alerts } }];\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly route the workflow to the 'false' branch of the IF node.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"name": "要約用プロンプトの設定",
"type": "n8n-nodes-base.set",
"position": [
1380,
1820
],
"parameters": {
"values": {
"string": [
{
"name": "chatInput",
"value": "=Act as a senior security analyst reporting to a non-technical executive. Analyze the following JSON array of all high-severity security alerts from the last 24 hours.\n\nYour response MUST be a single, valid JSON object and nothing else. Do not include any text before or after the JSON, and do not wrap it in Markdown code fences (```json).\n\nYour output must strictly adhere to the following structure:\n{\n \"ai_priority\": \"<'Critical' | 'High' | 'Medium' | 'Low'>\",\n \"ai_summary\": \"<A single sentence summarizing the day's overall security risk.>\",\n \"total_critical_alerts\": <Total number of alerts with 'critical' severity>,\n \"key_observations\": [\n \"<Bulleted summary of the most significant activities or threat patterns, focused on business impact.>\",\n \"<Another bulleted summary point.>\",\n \"<And another, if necessary.>\"\n ],\n \"recommendation\": \"<A single, clear, actionable recommendation.>\"\n}\n\nHere is the raw alert data:\n{{ JSON.stringify($json) }}"
},
{
"name": "apiKey",
"value": ""
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"name": "APIキーと初期プロンプトの設定",
"type": "n8n-nodes-base.set",
"position": [
980,
1380
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Review all security data from the last 24 hours. List all significant security alerts found. Your response MUST be a single, valid, minified JSON array of objects. Each object in the array should represent a distinct alert. If no significant alerts are found, return an empty array []."
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"name": "実行: 日次イベントをJSONとして取得 (NixGuard RAGとWazuh統合によるリアルタイムセキュリティインサイトの取得)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
1220,
1380
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"name": "条件分岐",
"type": "n8n-nodes-base.if",
"position": [
980,
1620
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "bb7ac757-8402-446e-9ee7-d0be89c769a7",
"operator": {
"type": "array",
"operation": "exists",
"singleValue": true
},
"leftValue": "={{ $json.alerts }}",
"rightValue": ""
}
]
}
},
"typeVersion": 2.2
},
{
"id": "f066f0e6-fa5d-4ab6-9d0c-0b6b5f9bb269",
"name": "ワークフロー概要",
"type": "n8n-nodes-base.stickyNote",
"position": [
720,
1060
],
"parameters": {
"color": 7,
"width": 520,
"height": 260,
"content": "## 💡 Workflow Overview\n\nThis workflow acts as an automated SOC analyst. It receives security alerts from & uses **NixGuard's AI** to analyze and prioritize them, and then routes them to the correct **Slack** channel based on the AI-assigned priority.\n\n**Use Case:** Eliminate alert fatigue by automatically distinguishing between critical threats that need immediate attention and informational logs that can be reviewed later."
},
"typeVersion": 1
},
{
"id": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"name": "AI優先度と要約の抽出",
"type": "n8n-nodes-base.set",
"position": [
1160,
2040
],
"parameters": {
"values": {
"string": [
{
"name": "ai_priority",
"value": "={{ $json.ai_priority }}"
},
{
"name": "ai_summary",
"value": "={{ $json.ai_summary }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"name": "実行: Slackメッセージの生成 (NixGuard RAGとWazuh統合によるリアルタイムセキュリティインサイトの取得)",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
760,
2040
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "93849a07-6c84-4abc-b5f3-0025e0625187",
"name": "フィールドの編集",
"type": "n8n-nodes-base.set",
"position": [
1200,
1600
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "7e0725fd-e9b4-4564-808a-708f6e8ecafa",
"name": "output",
"type": "array",
"value": "={{ $json.alerts }}"
}
]
},
"includeOtherFields": "={{ false }}"
},
"typeVersion": 3.4
},
{
"id": "4a49a959-6a27-410b-9a66-798480eb3612",
"name": "アラートの解析と分割",
"type": "n8n-nodes-base.code",
"position": [
760,
1840
],
"parameters": {
"jsCode": "try {\n const alerts = $input.first().json.output;\n \n // Check if the result is a non-empty array.\n if (Array.isArray(alerts) && alerts.length > 0) {\n // Success! Return a separate item for each alert.\n // The .map() function transforms the array of alert objects\n // into an array of n8n items, which splits the execution.\n return alerts.map(alert => ({ json: alert }));\n }\n} catch (e) {\n // This will catch errors if the cleaned string is still not valid JSON.\n console.error(\"NixGuard did not return a valid JSON array even after cleaning:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n}\n\n// If parsing fails, it's not an array, or it's empty, return no items.\n// This will correctly stop this branch of the workflow.\nreturn [];"
},
"typeVersion": 2
},
{
"id": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"name": "集計",
"type": "n8n-nodes-base.aggregate",
"position": [
1200,
1820
],
"parameters": {
"options": {},
"aggregate": "aggregateAllItemData",
"destinationFieldName": "output"
},
"typeVersion": 1
},
{
"id": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"name": "重要アラートのフィルタリング (レベル > 7)",
"type": "n8n-nodes-base.if",
"position": [
960,
1840
],
"parameters": {
"conditions": {
"number": [
{
"value1": "={{ $json.level }}",
"value2": 7,
"operation": "largerEqual"
}
]
}
},
"typeVersion": 1
},
{
"id": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"name": "CRITICALアラートをSlackに投稿",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
1800
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"name": "HIGHアラートをSlackに投稿",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2040
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"name": "INFOアラートをSlackに投稿",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
1820,
2260
],
"webhookId": "b9db2ae0-4863-4809-82cd-0518807a21f6",
"parameters": {
"otherOptions": {}
},
"typeVersion": 2.3
},
{
"id": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"name": "AI JSONレスポンスの解析",
"type": "n8n-nodes-base.code",
"position": [
960,
2040
],
"parameters": {
"jsCode": "// Get the AI response. Your previous node used a complex path,\n// we assume the final AI string is here. Adjust if needed.\n// For example, it might be in $input.first().json.output or similar.\nconst rawOutput = $input.first().json.output;\n\nconst jsonString = rawOutput;\n\ntry {\n // Parse the cleaned JSON string\n const parsedResponse = JSON.parse(jsonString);\n // Add the parsed fields to the n8n item.\n // This merges the new data with any existing data from the input.\n return [{ \n json: {\n ...$input.first().json,\n ...parsedResponse \n }\n }];\n\n} catch (e) {\n console.error(\"Failed to parse AI JSON response:\", e);\n console.error(\"String that failed to parse:\", jsonString);\n // Return an empty item to indicate failure and stop the flow if desired.\n return [];\n}\n"
},
"typeVersion": 2
},
{
"id": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"name": "スイッチ",
"type": "n8n-nodes-base.switch",
"position": [
1380,
2020
],
"parameters": {
"rules": {
"values": [
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"operator": {
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Critical"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1be5b449-70dd-4bfe-91da-9ce25b523a74",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "High"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "1dd6239e-c965-4e06-85d9-4a8ad9f06287",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Info"
}
]
}
},
{
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "c019ac34-3196-49f1-8bdb-d399ff989103",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.ai_priority }}",
"rightValue": "Low"
}
]
}
}
]
},
"options": {}
},
"typeVersion": 3.2
},
{
"id": "5190c963-d8b8-446d-ace5-403d93b91432",
"name": "セットアップガイド",
"type": "n8n-nodes-base.stickyNote",
"position": [
1300,
880
],
"parameters": {
"color": 7,
"width": 400,
"height": 440,
"content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)\n3. Test with sample security queries\n4. Make sure NixGuard agents are installed on your network endpoints for real-time security events\n\n### Support:\nFor questions, visit [NixGuard Documentation](https://nixguard.thenex.world) or join our [Community Discord](https://discord.com/invite/ajCYwYCwHb)"
},
"typeVersion": 1
}
],
"pinData": {},
"connections": {
"40caac74-9e6c-4387-bc52-3bbe31e98481": {
"main": [
[
{
"node": "93849a07-6c84-4abc-b5f3-0025e0625187",
"type": "main",
"index": 0
}
]
]
},
"17359ba5-d1b1-42a6-bdfd-ab93be0fe857": {
"main": [
[
{
"node": "77ac98bf-68a8-4f3a-9614-ea46096a173b",
"type": "main",
"index": 0
}
],
[
{
"node": "af5aefb9-07e3-41a1-baa0-525ab53785b6",
"type": "main",
"index": 0
}
],
[
{
"node": "5f26f03a-f715-4e0d-b99a-39df7ab2961d",
"type": "main",
"index": 0
}
],
[]
]
},
"c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b": {
"main": [
[
{
"node": "6a3c2d13-ea2c-4a21-8063-cee59b220746",
"type": "main",
"index": 0
}
]
]
},
"93849a07-6c84-4abc-b5f3-0025e0625187": {
"main": [
[
{
"node": "4a49a959-6a27-410b-9a66-798480eb3612",
"type": "main",
"index": 0
}
]
]
},
"e5f01889-2ae6-4563-8f34-836f1556e1f0": {
"main": [
[
{
"node": "40caac74-9e6c-4387-bc52-3bbe31e98481",
"type": "main",
"index": 0
}
]
]
},
"40fb885c-9077-447c-a236-2262ff465d29": {
"main": [
[
{
"node": "d27114b8-536c-4937-8af0-b6a4e0d20d9f",
"type": "main",
"index": 0
}
]
]
},
"4a49a959-6a27-410b-9a66-798480eb3612": {
"main": [
[
{
"node": "079081a2-6e54-44cc-aee9-a00a34f545ef",
"type": "main",
"index": 0
}
]
]
},
"f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e": {
"main": [
[
{
"node": "c8cac8b0-dac8-42ed-bb38-9daba321de8e",
"type": "main",
"index": 0
}
]
]
},
"6a3c2d13-ea2c-4a21-8063-cee59b220746": {
"main": [
[
{
"node": "d047a378-b41a-4652-83e8-85ed0e87a2d9",
"type": "main",
"index": 0
}
]
]
},
"d27114b8-536c-4937-8af0-b6a4e0d20d9f": {
"main": [
[
{
"node": "0adc2f21-8480-4749-9f0c-ef05b46b8b29",
"type": "main",
"index": 0
}
]
]
},
"c8cac8b0-dac8-42ed-bb38-9daba321de8e": {
"main": [
[
{
"node": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857",
"type": "main",
"index": 0
}
]
]
},
"079081a2-6e54-44cc-aee9-a00a34f545ef": {
"main": [
[
{
"node": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b",
"type": "main",
"index": 0
}
]
]
},
"d047a378-b41a-4652-83e8-85ed0e87a2d9": {
"main": [
[
{
"node": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e",
"type": "main",
"index": 0
}
]
]
},
"0adc2f21-8480-4749-9f0c-ef05b46b8b29": {
"main": [
[
{
"node": "e5f01889-2ae6-4563-8f34-836f1556e1f0",
"type": "main",
"index": 0
}
]
]
}
}
}よくある質問
このワークフローの使い方は?
上記のJSON設定コードをコピーし、n8nインスタンスで新しいワークフローを作成して「JSONからインポート」を選択、設定を貼り付けて認証情報を必要に応じて変更してください。
このワークフローはどんな場面に適していますか?
上級 - セキュリティ運用, AI要約
有料ですか?
このワークフローは完全無料です。ただし、ワークフローで使用するサードパーティサービス(OpenAI APIなど)は別途料金が発生する場合があります。
関連ワークフロー
NixGuard AIとWazuhアラートを使用したエグゼクティブセキュリティブリーフィング
NixGuard AIとWazuhアラートを使ってエグゼクティブセキュリティブリーフィングを作成する
If
Set
Code
+
If
Set
Code
13 ノードJonathan | NEX
セキュリティ運用
自動化された無料IP分析
自動化された無料IP分析:NixGuard AI要約とWazuhの統合
Set
Slack
Webhook
+
Set
Slack
Webhook
8 ノードJonathan | NEX
セキュリティ運用
URLフィッシングと脅威の自動解析
NixGuard AIを使用して、URLフィッシングと脅威分析を自動化
Set
Slack
Webhook
+
Set
Slack
Webhook
8 ノードJonathan | NEX
セキュリティ運用
Gemini AIによる要約機能を使った週次チームレポート(WhatsAppグループ)
Gemini AIを使って要約した自動化された週次WhatsAppグループチームレポート
If
Set
Code
+
If
Set
Code
47 ノードJamot
プロジェクト管理
AIを活用した会議調査とデイリーアジェンダ(Googleカレンダー、Attio CRM、Slack)
AIを活用した会議調査とデイリーアジェンダ:Googleカレンダー、Attio CRM、Slackを使用
If
Set
Code
+
If
Set
Code
30 ノードHarry Siggins
AI要約
会議準備の自動化
GPT-5 と Gemini でカレンダーから Slack まで、Attio CRM を通じて自動のにミーティングを準備する
If
Set
Code
+
If
Set
Code
39 ノードHarry Siggins
AI要約
