{ "name": "Automate cybersecurity threat analysis with GPT-4o, CVSS scoring and risk routing", "nodes": [ { "id": "e5bc67cd-e920-4a4f-81df-bd07918dc28c", "name": "Start Threat Analysis", "type": "n8n-nodes-base.manualTrigger", "position": [ 240, 608 ] }, { "id": "c89f0cf2-a3ed-431c-8f11-5a3810f4c6fe", "name": "Cybersecurity Orchestrator Agent", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ 960, 560 ] }, { "id": "164505ee-c5fc-4cf5-9f1c-26a2f4fd418b", "name": "Orchestrator Chat Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 480, 720 ] }, { "id": "bc7577ce-6b05-4f69-bf58-d3457c845d90", "name": "Structured Threat Report Parser", "type": "@n8n/n8n-nodes-langchain.outputParserStructured", "position": [ 1280, 720 ] }, { "id": "2a46e3ea-acf0-45da-ad0f-70c134e12834", "name": "Threat Intelligence Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 608, 720 ] }, { "id": "a4b800c7-6855-4474-9b3b-0f11f732a59b", "name": "Threat Intelligence Chat Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 480, 928 ] }, { "id": "13d74fce-b83e-48f1-a26c-086d1001fbae", "name": "Fetch Security Logs Tool", "type": "n8n-nodes-base.httpRequestTool", "position": [ 656, 928 ] }, { "id": "2da2ce78-fb29-4e75-a5ba-3de9bc595b79", "name": "Risk Score Calculator", "type": "@n8n/n8n-nodes-langchain.toolCalculator", "position": [ 816, 928 ] }, { "id": "e2cb5bb0-fc19-4038-a3ae-efb935921e8b", "name": "Attack Surface Mapping Agent", "type": "@n8n/n8n-nodes-langchain.agentTool", "position": [ 992, 720 ] }, { "id": "4c1bb276-d6a0-4674-a61e-d2892b5efb3c", "name": "Attack Surface Chat Model", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 992, 928 ] }, { "id": "8b8e835e-9046-4b4a-9fde-771057e16863", "name": "STRIDE Analysis Tool", "type": "@n8n/n8n-nodes-langchain.toolCode", "position": [ 1152, 928 ] }, { "id": "936ac68c-98fc-4e3d-a405-b33c7e3fdb34", "name": "CVSS Scoring Tool", "type": "@n8n/n8n-nodes-langchain.toolCode", "position": [ 1312, 928 ] }, { "id": "48a13efb-69b2-41f2-b65d-f4cc265cfec4", "name": "Route by Risk Severity", "type": "n8n-nodes-base.switch", "position": [ 1536, 720 ] }, { "id": "b23b2fff-6d0e-4508-b0a0-0c7a48ba41c6", "name": "Format SOC Alert", "type": "n8n-nodes-base.set", "position": [ 1824, 624 ] }, { "id": "9ce79d98-46cf-4e79-b76a-a0bf2b3d82e3", "name": "Format Executive Report", "type": "n8n-nodes-base.set", "position": [ 1824, 816 ] }, { "id": "b8e74e2d-ef16-485b-b133-0ffa7330d5e5", "name": "Format Standard Report", "type": "n8n-nodes-base.set", "position": [ 1824, 1008 ] }, { "id": "20c8f84c-b9f0-49f6-b912-25fa97be7328", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ 192, 80 ], "parameters": { "width": 560, "height": 336, "content": "## How It Works\nThis workflow automates end-to-end cybersecurity threat analysis using a multi-agent AI architecture, targeting Security Operations Centre (SOC) analysts, security engineers, and IT ri" } }, { "id": "dadce1b5-66ee-43da-b839-52163089203a", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ 768, 112 ], "parameters": { "width": 432, "height": 256, "content": "## Setup Steps\n1. Connect your LLM API credentials to all Chat Model nodes (Orchestrator, Threat Intelligence, Attack Surface).\n2. Configure the Fetch Security Logs Tool with your SIEM or log source A" } }, { "id": "386ae1fc-2b9a-435b-a9ce-79984af9c5bd", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ 1216, -16 ], "parameters": { "width": 368, "height": 384, "content": "## Prerequisites\n- LLM API key (OpenAI or compatible)\n- SIEM or security log source with API access\n- CVSS and STRIDE configuration parameters\n- Report template definitions for each severity tier\n## U" } }, { "id": "05636dee-34e9-4394-9076-908864fdce76", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 192, 432 ], "parameters": { "width": 704, "height": 640, "content": "## Trigger, Threat Intelligence & Risk Scoring\n**What:** Threat Intelligence Agent fetches security logs and calculates risk scores.\n**Why:** Grounds AI analysis in real telemetry data, enabling evid" } }, { "id": "5930bde6-cd15-4b86-af01-a7c274ed5dfe", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ 912, 416 ], "parameters": { "width": 560, "height": 720, "content": "## Attack Surface Mapping\n**What:** Attack Surface Mapping Agent applies STRIDE methodology and CVSS scoring.\n**Why:** Systematically identifies exploitable vectors and assigns industry-standard sever" } }, { "id": "3ba42550-082b-4172-9deb-351bb841c290", "name": "Sticky Note5", "type": "n8n-nodes-base.stickyNote", "position": [ 1488, 416 ], "parameters": { "width": null, "height": 720, "content": "## Parse & Route by Severity\n**What:** Structured Threat Report Parser extracts findings; Rules router directs output by risk level.\n**Why:** Ensures outputs are structured and stakeholder-appropriate" } }, { "id": "356d390f-90de-4ac2-9a02-61af59e864c2", "name": "Sticky Note6", "type": "n8n-nodes-base.stickyNote", "position": [ 1744, 416 ], "parameters": { "width": 448, "height": 736, "content": "## Format & Deliver Report\n**What:** Generates SOC Alert, Executive Report, or Standard Report based on severity routing.\n**Why:** Delivers the right level of detail to the right audience — operationa" } } ], "connections": { "CVSS Scoring Tool": { "ai_tool": [ [ { "node": "Attack Surface Mapping Agent", "type": "ai_tool", "index": 0 } ] ] }, "STRIDE Analysis Tool": { "ai_tool": [ [ { "node": "Attack Surface Mapping Agent", "type": "ai_tool", "index": 0 } ] ] }, "Risk Score Calculator": { "ai_tool": [ [ { "node": "Threat Intelligence Agent", "type": "ai_tool", "index": 0 } ] ] }, "Start Threat Analysis": { "main": [ [ { "node": "Cybersecurity Orchestrator Agent", "type": "main", "index": 0 } ] ] }, "Route by Risk Severity": { "main": [ [ { "node": "Format SOC Alert", "type": "main", "index": 0 } ], [ { "node": "Format Executive Report", "type": "main", "index": 0 } ], [ { "node": "Format Standard Report", "type": "main", "index": 0 } ] ] }, "Orchestrator Chat Model": { "ai_languageModel": [ [ { "node": "Cybersecurity Orchestrator Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Fetch Security Logs Tool": { "ai_tool": [ [ { "node": "Threat Intelligence Agent", "type": "ai_tool", "index": 0 } ] ] }, "Attack Surface Chat Model": { "ai_languageModel": [ [ { "node": "Attack Surface Mapping Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Threat Intelligence Agent": { "ai_tool": [ [ { "node": "Cybersecurity Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] }, "Attack Surface Mapping Agent": { "ai_tool": [ [ { "node": "Cybersecurity Orchestrator Agent", "type": "ai_tool", "index": 0 } ] ] }, "Threat Intelligence Chat Model": { "ai_languageModel": [ [ { "node": "Threat Intelligence Agent", "type": "ai_languageModel", "index": 0 } ] ] }, "Structured Threat Report Parser": { "ai_outputParser": [ [ { "node": "Cybersecurity Orchestrator Agent", "type": "ai_outputParser", "index": 0 } ] ] }, "Cybersecurity Orchestrator Agent": { "main": [ [ { "node": "Route by Risk Severity", "type": "main", "index": 0 } ] ] } } }