CyberScan GitHub クローン
上級
これはSecOps, AI Summarization分野の自動化ワークフローで、39個のノードを含みます。主にIf, Set, Code, Function, SplitOutなどのノードを使用。 Nessus、リスク階層化、Google Sheetsレポートを活用したAI脆弱性スキャナー
前提条件
- •ターゲットAPIの認証情報が必要な場合あり
- •Google Sheets API認証情報
使用ノード (39)
ワークフロープレビュー
ノード接続関係を可視化、ズームとパンをサポート
ワークフローをエクスポート
以下のJSON設定をn8nにインポートして、このワークフローを使用できます
{
"id": "NFAdtz3N4rRUqnzA",
"meta": {
"instanceId": "afe2b8648fee0c23760b8fce92c71dc65d1dd8bea264642e620dc8c34f1224d7",
"templateCredsSetupCompleted": true
},
"name": "CyberScan Github copy",
"tags": [],
"nodes": [
{
"id": "0870b24e-73db-4732-a523-72d36cee59c3",
"name": "メール送信",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1900
],
"parameters": {
"html": "={{ $json.emailBody }}",
"text": "={{ $json.emailBody }}",
"options": {},
"subject": "🛡 Vulnerability Assessment report",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 1
},
{
"id": "8815595e-a521-40be-8293-cb4bcec276fa",
"name": "コード",
"type": "n8n-nodes-base.code",
"position": [
-860,
1660
],
"parameters": {
"jsCode": "return items[0].json.groupData.map(obj => ({ json: obj }));"
},
"typeVersion": 2
},
{
"id": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"name": "📧 Alert Security Team",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1200
],
"webhookId": "b363c734-e670-40cd-a897-bd79c9a5c286",
"parameters": {
"html": "=<h2>🚨 Critical Vulnerability Alert!</h2>\n<p>One or more vulnerabilities with an <strong>AI Risk Score ≥ 8</strong> were detected in the latest scan.</p>\n<p>Please review them immediately in the <strong>CyberPulse</strong> report or dashboard.</p>\n\n<p>\n 🔎 <strong>Triggered by:</strong> {{ $workflow.name }}<br>\n 📅 <strong>Timestamp:</strong> {{ new Date().toISOString() }}\n</p>\n\n<p>Stay secure,<br>\n<em>n8n - CyberPulse Automation</em></p>\n",
"options": {},
"subject": "Alert",
"toEmail": "security_team@example.com",
"fromEmail": "your_email@example.com"
},
"credentials": {
"smtp": {
"id": "RM0pJJ95IhrbFLCv",
"name": "SMTP account"
}
},
"typeVersion": 2.1
},
{
"id": "1fbe731c-bd9e-4d95-91cc-2bcac733d83f",
"name": "付箋",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1940,
80
],
"parameters": {
"color": 7,
"width": 860,
"height": 460,
"content": "Error Handling"
},
"typeVersion": 1
},
{
"id": "4c32eb18-9d44-4d0e-8702-045456b8dbcb",
"name": "付箋1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
60
],
"parameters": {
"color": 5,
"width": 500,
"height": 1160,
"content": "🔐 AUTH \n🌐 Discovery Phase"
},
"typeVersion": 1
},
{
"id": "21fd5ee3-7ad4-40a4-af92-99fa53d295fe",
"name": "付箋3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1880,
1280
],
"parameters": {
"color": 2,
"width": 700,
"height": 200,
"content": "🧪 SCAN Phase"
},
"typeVersion": 1
},
{
"id": "67585ecc-fc87-4c54-84bc-5c160b599ee9",
"name": "付箋4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
1500
],
"parameters": {
"color": 6,
"width": 320,
"height": 520,
"content": "🚨 ALERT \n📊 REPORT phase"
},
"typeVersion": 1
},
{
"id": "529a0bec-7ebc-4551-852c-9faa63d7f110",
"name": "付箋5",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
1100
],
"parameters": {
"color": 6,
"height": 920,
"content": "📤 EXPORT phase"
},
"typeVersion": 1
},
{
"id": "0a819a33-967d-4bf4-bc85-e3ff2563432f",
"name": "⏱️ Trigger – Scheduled Scan",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-860,
120
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"name": "🔐 AUTH – Login to Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
340
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/session",
"method": "POST",
"options": {
"response": {
"response": {
"fullResponse": "={{ true }}"
}
},
"allowUnauthorizedCerts": true
},
"jsonBody": "{\n \"username\": \"{{ $env.NESSUS_USER }}\",\n \"password\": \"{{ $env.NESSUS_PASS }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{}
]
}
},
"typeVersion": 4.2
},
{
"id": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"name": "🔐 AUTH – 設定 API Token",
"type": "n8n-nodes-base.set",
"position": [
-860,
540
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "6a2b3ad8-a5ae-45a8-98c3-80186948969e",
"name": "X-Cookie",
"type": "string",
"value": "={{ $('🔐 AUTH – Login to Nessus').item.headers['set-cookie'][0].split(';')[0] }}\n"
}
]
},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"name": "🌐 DISC – Initialize Network Segments",
"type": "n8n-nodes-base.function",
"position": [
-860,
700
],
"parameters": {
"functionCode": "const networkSegments = JSON.parse($env.NETWORK_SEGMENTS || '[]');\nreturn { json: { networkSegments } };"
},
"typeVersion": 1
},
{
"id": "34c4a8c7-918a-4489-9176-2c901493a812",
"name": "🌐 DISC – Discover Assets",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
880
],
"parameters": {
"url": "https://localhost:8834/scans",
"options": {
"allowUnauthorizedCerts": true
},
"sendHeaders": true,
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ 'token=' + $('🔐 AUTH – Set API Token').item.json.body.token }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"name": "🧠 AI – Process Assets",
"type": "n8n-nodes-base.function",
"position": [
-860,
1080
],
"parameters": {
"functionCode": "return {\n json: {\n assets: [\n {\n id: \"asset-001\",\n ipAddress: \"10.0.0.1\",\n hostName: \"host-a\"\n },\n {\n id: \"asset-002\",\n ipAddress: \"10.0.0.2\",\n hostName: \"host-b\"\n }\n ]\n }\n};\n"
},
"typeVersion": 1
},
{
"id": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"name": "🔄 UTILS – Split Assets",
"type": "n8n-nodes-base.splitOut",
"position": [
-1700,
1300
],
"parameters": {
"options": {},
"fieldToSplitOut": "assets"
},
"typeVersion": 1
},
{
"id": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"name": "🧪 SCAN – Run Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1520,
1300
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/scans",
"options": {
"allowUnauthorizedCerts": true
},
"jsonBody": "={\n \"uuid\": \"{{ $env.NESSUS_SCAN_UUID }}\",\n \"settings\": {\n \"name\": \"Scan – {{ $json.hostName || $json.ipAddress }}\",\n \"text_targets\": \"{{ $json.ipAddress }}\",\n \"folder_id\": 3,\n \"launch_now\": true\n }\n}\n\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ $('AUTH – Set API Token').json['X-Cookie'] }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "be2e05e7-3889-465f-bf16-30135e717c1c",
"name": "🔍 SCAN – Process Vulnerabilities",
"type": "n8n-nodes-base.function",
"position": [
-1320,
1300
],
"parameters": {
"functionCode": "return {\n json: {\n vulnerabilities: [\n {\n id: \"vuln-001\",\n cve: \"CVE-2023-1234\",\n risk: \"High\",\n ip: \"10.0.0.1\"\n }\n ]\n }\n};"
},
"typeVersion": 1
},
{
"id": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"name": "🤖 AI – Risk Evaluation",
"type": "n8n-nodes-base.function",
"position": [
-1020,
1300
],
"parameters": {
"functionCode": "const vulns = $json.vulnerabilities;\n\nreturn vulns.map((v, i) => {\n return {\n json: {\n ...v,\n aiRisk: [6.5, 9.1][i] || 5,\n path: [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3],\n lev: [0.93, 0.72][i] || 0.45\n }\n };\n});"
},
"typeVersion": 1
},
{
"id": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"name": "📊 AI – Triage Vulnerabilities",
"type": "n8n-nodes-base.function",
"position": [
-860,
1300
],
"parameters": {
"functionCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 1
},
{
"id": "338c4b2e-dbdb-484c-a517-244c6550f502",
"name": "🚦 ALERT – LEV Trigger",
"type": "n8n-nodes-base.if",
"position": [
-620,
1300
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "0888daeb-abba-419a-a069-ec47d7eef9ab",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "{{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "true"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "481c9594-87d0-457f-af1c-b03868765fd5",
"name": "📝 REPORT – Generate Summary",
"type": "n8n-nodes-base.function",
"position": [
-860,
1820
],
"parameters": {
"functionCode": "const triage = $json;\nconst all = [...triage.expert, ...triage.self, ...triage.monitor];\n\n// Calculate max LEV score\nconst maxLEV = Math.max(...all.map(v => v.lev || 0));\n\n// Get top CVE (prefer expert > self > monitor)\nconst topCVE = triage.expert[0]?.cve || triage.self[0]?.cve || triage.monitor[0]?.cve || \"None\";\n\n// Final return\nreturn {\n summary: {\n expert: triage.expert.length,\n self: triage.self.length,\n monitor: triage.monitor.length,\n total: all.length,\n timestamp: new Date().toISOString(),\n topCVE,\n maxLEV\n },\n emailBody: `\n <h2>🔍 Vulnerability Assessment Report</h2>\n <p><strong>📅 Timestamp:</strong> ${new Date().toISOString()}</p>\n <ul>\n <li><strong>👨💻 Expert Group:</strong> ${triage.expert.length}</li>\n <li><strong>🧪 Self Group:</strong> ${triage.self.length}</li>\n <li><strong>📊 Monitor Group:</strong> ${triage.monitor.length}</li>\n <li><strong>🚨 Max LEV Score:</strong> ${maxLEV}</li>\n <li><strong>💡 Top CVE:</strong> ${topCVE}</li>\n </ul>\n `\n};"
},
"typeVersion": 1
},
{
"id": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"name": "🛠️ UTILS – Field Editor",
"type": "n8n-nodes-base.set",
"position": [
-860,
1500
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "4d6df3e2-210b-43d6-8b71-edcfed2bf1fc",
"name": "groupData",
"type": "array",
"value": "={{ JSON.parse(JSON.stringify((() => {\n const triage = $json;\n const timestamp = new Date().toISOString();\n return [\n { timestamp, group: \"self\", count: triage.self.length || 0 },\n { timestamp, group: \"expert\", count: triage.expert.length || 0 },\n { timestamp, group: \"monitor\", count: triage.monitor.length || 0 }\n ];\n})())) }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"name": "📄 EXPORT – Save to Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
-400,
1720
],
"parameters": {
"options": {},
"fieldsUi": {
"fieldValues": [
{
"fieldId": "timestamp",
"fieldValue": "={{ $json.summary.timestamp }}"
},
{
"fieldId": "self",
"fieldValue": "={{ $json.summary.self }}"
},
{
"fieldId": "expert",
"fieldValue": "={{ $json.summary.expert }}"
},
{
"fieldId": "monitor",
"fieldValue": "={{ $json.summary.monitor }}"
},
{
"fieldId": "total",
"fieldValue": "={{ $json.summary.total }}"
},
{
"fieldId": "topCVE",
"fieldValue": "={{$json.summary.topCVE}}"
},
{
"fieldId": "maxLEV",
"fieldValue": "={{$json.summary.maxLEV}}"
}
]
},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "summary"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "daily summary report"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 3
},
{
"id": "c27b1b3d-da02-4604-b49b-5c67e9da9aa2",
"name": "ERROR – On Failure",
"type": "n8n-nodes-base.errorTrigger",
"position": [
-1780,
260
],
"parameters": {},
"typeVersion": 1
},
{
"id": "f26f685f-f45f-43ba-8542-a364bacb7568",
"name": "🛠️ UTILS – 設定 Grouped Data",
"type": "n8n-nodes-base.set",
"position": [
-1600,
260
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "bc8583cc-bf45-4b39-9336-79bf405bf941",
"name": "timestamp",
"type": "string",
"value": "={{ new Date().toISOString() }}"
},
{
"id": "1cae924e-3639-4f3c-a0f7-c6035ad26ba0",
"name": "workflow",
"type": "string",
"value": "={{ $workflow.name }}"
},
{
"id": "f7f0d797-195b-4483-ba9e-2453f4593dba",
"name": "node",
"type": "string",
"value": "={{ $error.node.name }}"
},
{
"id": "9717bba1-611d-4a6b-9062-a8f53943a89c",
"name": "error message",
"type": "string",
"value": "={{ $error.message }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "9ae08f82-748a-4d8f-9231-261c13362577",
"name": "📄 EXPORT – Sheet Append",
"type": "n8n-nodes-base.googleSheets",
"position": [
-1280,
260
],
"parameters": {
"columns": {
"value": {
"node": "{{ $json[\"node\"] }}",
"workflow": "{{ $json[\"workflow\"] }}",
"timestamp": "{{ $json[\"timestamp\"] }}",
"error message": "{{ $json[\"error message\"] }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "workflow",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "workflow",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "node",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "node",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "error message",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "error message",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "logs"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "error_log"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"id": "sJHywbRNYHkS71FB",
"name": "Google Sheets account"
}
},
"typeVersion": 4.5
},
{
"id": "ceea68a1-5323-4e26-af05-0c333c136f61",
"name": "付箋6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1840,
560
],
"parameters": {
"color": 7,
"width": 760,
"height": 400,
"content": "⏱️ Trigger – Scheduled Scan \tTrigger scan daily/weekly\n🔐 AUTH – Login to Nessus\t Login to scanner API\n🔐 AUTH – Set API Token\t Store token securely for session\n🌐 DISC – Init Segments\t Initialize IP ranges or subnets\n🌐 DISC – Discover Assets \tIdentify hosts in network scope\n🧠 AI – Process Assets \tRefine asset list for scan input\n🔄 UTILS – Split Assets \tSplit asset data for scanning\n🧪 SCAN – Run Nessus\t Perform scan via Nessus\n🔍 SCAN – Process Findings \tParse and extract vulnerability data\n🤖 AI – Risk Evaluation\t Analyze risk scores using logic/ML\n📊 AI – Triage Findings\t Categorize severity groups\n🚦 ALERT – LEV Trigger\t Check if LEV exceeds threshold\n📧 EMAIL – Alert\t Send report to security team\n📝 REPORT – Generate Summary\t Prepare summary for export/report\n🛠️ UTILS – Field Editor\t Adjust field format for export\n📄 EXPORT – Save to Sheet\t Log results in Google Sheet\n⚠️ ERROR – On Failure\t Trigger error handler on failure\n🛠️ UTILS – Set Grouped Data \tFormat grouped output\n📄 EXPORT – Sheet Append\t Store vulnerability data"
},
"typeVersion": 1
},
{
"id": "07c7104c-7217-42e5-9d35-db6732577adb",
"name": "付箋7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
40
],
"parameters": {
"color": 5,
"width": 500,
"height": 360,
"content": "\n\n🔍 IDENTIFY — Asset & Risk Awareness\n\nIdentify all hardware, software, and assets connected to the network. \n- Login to Nessus \n- Initialize segments \n- Discover assets \n- Tag metadata \n(NIST: ID.AM-1, ID.AM-2)\n\n✅ Nodes \n\nAUTH - Login to Nessus\n\nDISC - Initialize Network Segments\n\nDISC - Discover Assets\n\nAI - Process Assets\n"
},
"typeVersion": 1
},
{
"id": "7fb065fb-50fb-4abd-abc3-2e70a063ecf5",
"name": "付箋9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
420
],
"parameters": {
"color": 5,
"width": 500,
"height": 300,
"content": "\n\n🛡️ PROTECT — Baseline Security Control\n\nEstablish controls to limit or contain security events. \n- Scheduled scans \n- Role-based scan control \n- Ensure credentials securely managed \n(NIST: PR.AC-1, PR.PT-1)\n\n✅ Nodes \n\nTrigger - Scheduled Scan\n\nAUTH - Set API Token\n"
},
"typeVersion": 1
},
{
"id": "93304aa3-f1b7-4468-9f63-061fbbe3ebf5",
"name": "付箋10",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1160,
1280
],
"parameters": {
"color": 3,
"width": 680,
"height": 200,
"content": "🧠 AI Calculate Risk phase"
},
"typeVersion": 1
},
{
"id": "f187080f-4d7a-49df-8deb-75dd36665651",
"name": "付箋11",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
740
],
"parameters": {
"color": 2,
"width": 500,
"height": 360,
"content": "\n\n🚨 DETECT — Vulnerability & Threat Scan\n\nContinuously monitor to detect anomalies or security events. \n- Asset split-out \n- Scan via Nessus \n- Process vulnerability data \n(NIST: DE.CM-1, DE.CM-8)\n\n✅ Nodes:\n\nUTILS - Split Assets\n\nSCAN - Run Nessus\n\nSCAN - Process Vulnerabilities\n"
},
"typeVersion": 1
},
{
"id": "987e0856-efd8-41b4-9399-a386b669d751",
"name": "付箋12",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1120
],
"parameters": {
"color": 3,
"width": 500,
"height": 340,
"content": "\n\n⚠️ RESPOND — Risk Intelligence & Alerts\n\nAnalyze, prioritize, and respond to detected threats. \n- AI-based LEV scoring \n- Triage vulnerabilities \n- Trigger critical alerts \n(NIST: RS.AN-1, RS.RP-1)\n\n✅ Nodes:\n\nAI - Risk Evaluation\n\nAI - Triage Vulnerabilities\n\nALERT - LEV Trigger"
},
"typeVersion": 1
},
{
"id": "496dabfa-4ecb-4f9f-8633-0877f5e9698f",
"name": "付箋2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1480
],
"parameters": {
"color": 6,
"width": 500,
"height": 340,
"content": "\n\n🔁 RECOVER — Reporting & Remediation Support\n\nDocument, communicate, and improve based on assessments. \n- Generate summary \n- Email report to team \n- Export to Google Sheets \n(NIST: RC.IM-1, RC.CO-1)\n\n✅ Nodes:\n\nREPORT - Generate Summary\n\nEXPORT - Save to Sheet\n\nSend Email\n\n"
},
"typeVersion": 1
},
{
"id": "72ec5990-d65b-4dea-9570-a450f5b12256",
"name": "付箋8",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
40
],
"parameters": {
"color": 7,
"width": 1240,
"height": 540,
"content": "\n\n\nCyberScan presenting an evidence-based, industry-backed strategy:\n\nLEV metric enhances risk-based prioritization.\n\nCyberScan showcase the flaws in EPSS and how you overcome them.\n\nCyberScan align with federal cybersecurity directives (like BOD 22-01 and KEV compliance).\n\nThis makes CyberScan audit-friendly, policy-aligned, and modern—something many companies care about.\n\n\n \n\n\n\n\n| **1. Identify** | “🧠 Threat Inventory & CVE Scope” | Maps to CVE enumeration; ensures CyberScan starts by identifying scope of all assets and their exposure, Based on NVD/CVE/EPSS\n \n\n| **2. Protect** | “🔐 Hardening & Patch Guidance” | Aligns with remediation prioritization from LEV + KEV lists. Focus on patch strategies & mitigation workflows. \n\n\n| **3. Detect** | “🛰️ Vulnerability Monitoring Logic” | Covers how CyberScan detects exploit attempts using EPSS predictions and LEV metric to find *likely exploited vulnerabilities*. \n\n\n| **4. Respond** | “🚨 Automated Risk Response” | Showcases logic for how CyberScan handles high-risk CVEs (KEV, LEV > 0.9), sending alerts or blocking actions. \n\n\n| **5. Recover** | “♻️ Learning & Improvement Loop” | Focus on logging, metrics, audit trail, and recurring updates using EPSS and NIST recommendations. Enables cyber resilience. \n\n\n"
},
"typeVersion": 1
},
{
"id": "fd06cc70-22bd-44fe-bb80-92a56976ab90",
"name": "付箋13",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
-80
],
"parameters": {
"color": 7,
"width": 500,
"height": 100,
"content": "\n\nCyberScan visually engaging within the n8n editor and align it with NIST cybersecurity framework stages"
},
"typeVersion": 1
},
{
"id": "9a09262e-327c-4bd6-a226-b9fffcdbab4e",
"name": "付箋14",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
-120
],
"parameters": {
"color": 7,
"width": 1240,
"height": 80,
"content": "\n\nNIST CSF and insights from the NIST.CSWP.41 paper on Likely Exploited Vulnerabilities.\n\n\n"
},
"typeVersion": 1
},
{
"id": "75c4e2f7-90f1-468e-a930-f84bba5cc8d2",
"name": "付箋15",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
-120
],
"parameters": {
"color": 7,
"width": 500,
"height": 140,
"content": "\n\n📌 Compliance Alignment\n\n✅ CyberScan aligns with NIST CSF Cybersecurity controls designed around the 5 core NIST functions. \nBuilt on n8n, supports compliance reporting.\n"
},
"typeVersion": 1
},
{
"id": "df706700-7bf4-4e19-a432-63749c05f7b2",
"name": "付箋16",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
600
],
"parameters": {
"color": 7,
"width": 1560,
"height": 440,
"content": "\n\n\nGlossary of Key Terms\n |\n\n| **LEV** | **Likely Exploited Vulnerabilities** | A scoring system by NIST (in CSWP 41) that predicts if a vulnerability is likely to be exploited based on real-world intelligence. |\n\n| **BOD 22-01** | **Binding Operational Directive 22-01** | A federal mandate requiring U.S. government agencies to patch known exploited vulnerabilities from CISA’s KEV catalog. |\n\n| **NIST CSF** | **National Institute of Standards and Technology Cybersecurity Framework** | A 5-stage security model (Identify, Protect, Detect, Respond, Recover) used by governments and enterprises for cyber defense planning. |\n\n| **EPSS** | **Exploit Prediction Scoring System** | A machine-learning based model that estimates the probability of a CVE being exploited within the next 30 days. |\n\n| **CSWP** | **Cybersecurity White Paper** | A detailed NIST publication that shares new concepts, guidance, and metrics for cybersecurity defense (e.g., CSWP.41 introduced LEV). |\n\n| **KEV** | **Known Exploited Vulnerabilities** | A catalog from CISA that lists CVEs confirmed to be actively exploited in the wild. |\n\n| **UTILS** | **CyberScan Utilities** (Custom term in your workflow) | Utility nodes in your workflow, like date formatters, filters, or metadata handlers. You can rename this group to \"UTILS\" for better organization. |\n\n| **CVE** | **Common Vulnerabilities and Exposures** | An ID system used to catalog known cybersecurity vulnerabilities in software and hardware. |\n\n| **CISA** | **Cybersecurity and Infrastructure Security Agency** | A U.S. federal agency that maintains the KEV list and enforces directives like BOD 22-01. |\n"
},
"typeVersion": 1
},
{
"id": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"name": "コード1",
"type": "n8n-nodes-base.code",
"position": [
-1440,
260
],
"parameters": {
"jsCode": "const msg = $json[\"error message\"] || \"\";\nconst sanitized = msg\n .replace(/\\b\\d{1,3}(\\.\\d{1,3}){3}\\b/g, '***.***.***.***') // IPs\n .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[email]')\n .replace(/apikey=\\w+/gi, 'apikey=[redacted]')\n .replace(/https:\\/\\/[^\\s]+/g, 'https://[url]');\n\nreturn [{ json: {\n timestamp: $json[\"timestamp\"],\n workflow: $json[\"workflow\"],\n node: $json[\"node\"],\n \"error message\": sanitized\n}}];"
},
"typeVersion": 2
}
],
"active": false,
"pinData": {},
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "4f90f7a3-81cc-4334-a2df-5f9daf68939e",
"connections": {
"Code": {
"main": [
[
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"Code1": {
"main": [
[
{
"node": "9ae08f82-748a-4d8f-9231-261c13362577",
"type": "main",
"index": 0
}
]
]
},
"c27b1b3d-da02-4604-b49b-5c67e9da9aa2": {
"main": [
[
{
"node": "🛠️ UTILS – Set Grouped Data",
"type": "main",
"index": 0
}
]
]
},
"3022ba53-e2f0-4cf3-872a-889fb65b9311": {
"main": [
[
{
"node": "be2e05e7-3889-465f-bf16-30135e717c1c",
"type": "main",
"index": 0
}
]
]
},
"338c4b2e-dbdb-484c-a517-244c6550f502": {
"main": [
[
{
"node": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"type": "main",
"index": 0
}
],
[
{
"node": "481c9594-87d0-457f-af1c-b03868765fd5",
"type": "main",
"index": 0
}
]
]
},
"4e82b300-3fa5-4fbd-9055-8636f0c87a7e": {
"main": [
[
{
"node": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"type": "main",
"index": 0
}
]
]
},
"d635e765-4121-4f6a-9898-ecb26c930ff1": {
"main": [
[
{
"node": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"type": "main",
"index": 0
}
]
]
},
"🔐 AUTH – Set API Token": {
"main": [
[
{
"node": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"type": "main",
"index": 0
}
]
]
},
"19eb1ac3-5ce2-48f1-b4f3-8807e968f068": {
"main": [
[
{
"node": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"type": "main",
"index": 0
}
]
]
},
"34c4a8c7-918a-4489-9176-2c901493a812": {
"main": [
[
{
"node": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"type": "main",
"index": 0
}
]
]
},
"af12b887-2a0f-4f87-a16e-05b32e0f81d4": {
"main": [
[]
]
},
"c4ac0db7-a571-4b89-b119-99f368d17e46": {
"main": [
[
{
"node": "🔐 AUTH – Set API Token",
"type": "main",
"index": 0
}
]
]
},
"657c0890-0dbd-4d1c-b6c8-51d451d66f6b": {
"main": [
[
{
"node": "Code",
"type": "main",
"index": 0
}
]
]
},
"481c9594-87d0-457f-af1c-b03868765fd5": {
"main": [
[
{
"node": "Send Email",
"type": "main",
"index": 0
},
{
"node": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"type": "main",
"index": 0
}
]
]
},
"0a819a33-967d-4bf4-bc85-e3ff2563432f": {
"main": [
[
{
"node": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"type": "main",
"index": 0
}
]
]
},
"34374b11-c7a5-483c-8f69-d39b09d0b967": {
"main": [
[
{
"node": "338c4b2e-dbdb-484c-a517-244c6550f502",
"type": "main",
"index": 0
},
{
"node": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"type": "main",
"index": 0
}
]
]
},
"🛠️ UTILS – Set Grouped Data": {
"main": [
[
{
"node": "Code1",
"type": "main",
"index": 0
}
]
]
},
"be2e05e7-3889-465f-bf16-30135e717c1c": {
"main": [
[
{
"node": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"type": "main",
"index": 0
}
]
]
},
"4cbcc3bb-1288-449d-9147-8158e6372f46": {
"main": [
[
{
"node": "34c4a8c7-918a-4489-9176-2c901493a812",
"type": "main",
"index": 0
}
]
]
}
}
}よくある質問
このワークフローの使い方は?
上記のJSON設定コードをコピーし、n8nインスタンスで新しいワークフローを作成して「JSONからインポート」を選択、設定を貼り付けて認証情報を必要に応じて変更してください。
このワークフローはどんな場面に適していますか?
上級 - セキュリティ運用, AI要約
有料ですか?
このワークフローは完全無料です。ただし、ワークフローで使用するサードパーティサービス(OpenAI APIなど)は別途料金が発生する場合があります。
関連ワークフロー
CYBERPULSEBlueOps_モジュール1 クライアントコピー1
自動CVEおよびIOCデータソース摄取、OpenAIによるリスク評価とメールアラート付き
If
Code
Merge
+
If
Code
Merge
21 ノードAdnan Tariq
セキュリティ運用
M4 - イベント分類器
GPT-4とGoogle Sheetsを使ってSOCチームのセキュリティインシデントを自動分類
Set
Http Request
Google Sheets
+
Set
Http Request
Google Sheets
6 ノードAdnan Tariq
セキュリティ運用
PCI 制御評価を自動化
Google Sheetsを使ってPCI DSSコントロールの評価とコンプライアンス追跡を自動化する
If
Set
Code
+
If
Set
Code
19 ノードAdnan Tariq
セキュリティ運用
M5 - 自動返信ボット
自動セキュリティインシデント対応:Google Sheets、メールアラート、EDRキュレつ
If
Aggregate
Email Send
+
If
Aggregate
Email Send
8 ノードAdnan Tariq
セキュリティ運用
Adobe Stock ワーキングフロー
Flux1-schnell、メタデータマーキング、Google インテグレーションで AI 画像素材を生成
If
Set
Code
+
If
Set
Code
48 ノードvictor Adriano
デザイン
潜在顧客開掘とメールワーキングフロー
Google Maps、SendGrid、AIを使用してB2Bリード獲得とメールマーケティングを自動化
If
Set
Code
+
If
Set
Code
141 ノードEzema Kingsley Chibuzo
リード獲得
ワークフロー情報
難易度
上級
ノード数39
カテゴリー2
ノードタイプ11
作成者
Adnan Tariq
@adnantariqFounder of CYBERPULSE AI — helping security teams and SMEs eliminate repetitive tasks through modular n8n automations. I build workflows for vulnerability triage, compliance reporting, threat intel, and Red/Blue/GRC ops. Book a session if you'd like custom automation for your use case. https://linkedin.com/in/adnan-tariq-4b2a1a47
外部リンク
n8n.ioで表示 →
このワークフローを共有