{ "name": "Automate security alert triage with NixGuard AI and route to Slack or Jira", "nodes": [ { "id": "40fb885c-9077-447c-a236-2262ff465d29", "name": "Run Daily at 8 AM", "type": "n8n-nodes-base.scheduleTrigger", "position": [ 740, 1380 ] }, { "id": "e5f01889-2ae6-4563-8f34-836f1556e1f0", "name": "Parse Alert Array", "type": "n8n-nodes-base.code", "position": [ 760, 1620 ] }, { "id": "6a3c2d13-ea2c-4a21-8063-cee59b220746", "name": "Set Prompt for Summary", "type": "n8n-nodes-base.set", "position": [ 1380, 1820 ] }, { "id": "d27114b8-536c-4937-8af0-b6a4e0d20d9f", "name": "Set API Key & Initial Prompt", "type": "n8n-nodes-base.set", "position": [ 980, 1380 ] }, { "id": "0adc2f21-8480-4749-9f0c-ef05b46b8b29", "name": "Execute: Get Daily Events as JSON (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)", "type": "n8n-nodes-base.executeWorkflow", "position": [ 1220, 1380 ] }, { "id": "40caac74-9e6c-4387-bc52-3bbe31e98481", "name": "If", "type": "n8n-nodes-base.if", "position": [ 980, 1620 ] }, { "id": "f066f0e6-fa5d-4ab6-9d0c-0b6b5f9bb269", "name": "Workflow Overview", "type": "n8n-nodes-base.stickyNote", "position": [ 720, 1060 ], "parameters": { "width": 520, "height": 260, "content": "## 💡 Workflow Overview\n\nThis workflow acts as an automated SOC analyst. It receives security alerts from & uses **NixGuard's AI** to analyze and prioritize them, and then routes them to the correct **" } }, { "id": "c8cac8b0-dac8-42ed-bb38-9daba321de8e", "name": "Extract AI Priority & Summary", "type": "n8n-nodes-base.set", "position": [ 1160, 2040 ] }, { "id": "d047a378-b41a-4652-83e8-85ed0e87a2d9", "name": "Execute: Generate Slack Message (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)", "type": "n8n-nodes-base.executeWorkflow", "position": [ 760, 2040 ] }, { "id": "93849a07-6c84-4abc-b5f3-0025e0625187", "name": "Edit Fields", "type": "n8n-nodes-base.set", "position": [ 1200, 1600 ] }, { "id": "4a49a959-6a27-410b-9a66-798480eb3612", "name": "Parse & Split Alerts", "type": "n8n-nodes-base.code", "position": [ 760, 1840 ] }, { "id": "c6b28204-a3c7-4b4e-9c3d-d5bb8fb4195b", "name": "Aggregate", "type": "n8n-nodes-base.aggregate", "position": [ 1200, 1820 ] }, { "id": "079081a2-6e54-44cc-aee9-a00a34f545ef", "name": "Filter for Important Alerts (Level > 7)", "type": "n8n-nodes-base.if", "position": [ 960, 1840 ] }, { "id": "77ac98bf-68a8-4f3a-9614-ea46096a173b", "name": "Post CRITICAL Alert to Slack", "type": "n8n-nodes-base.slack", "position": [ 1820, 1800 ] }, { "id": "af5aefb9-07e3-41a1-baa0-525ab53785b6", "name": "Post HIGH Alert to Slack", "type": "n8n-nodes-base.slack", "position": [ 1820, 2040 ] }, { "id": "5f26f03a-f715-4e0d-b99a-39df7ab2961d", "name": "Post INFO Alert to Slack", "type": "n8n-nodes-base.slack", "position": [ 1820, 2260 ] }, { "id": "f3eb57ec-4b5f-4bd8-ab2f-2e1cab76a16e", "name": "Parse AI JSON Response", "type": "n8n-nodes-base.code", "position": [ 960, 2040 ] }, { "id": "17359ba5-d1b1-42a6-bdfd-ab93be0fe857", "name": "Switch", "type": "n8n-nodes-base.switch", "position": [ 1380, 2020 ] }, { "id": "5190c963-d8b8-446d-ace5-403d93b91432", "name": "Setup Guide1", "type": "n8n-nodes-base.stickyNote", "position": [ 1300, 880 ], "parameters": { "width": 400, "height": 440, "content": "## Getting Started\n\n### Prerequisites:\n- Valid NixGuard API key\n\n### Setup Instructions:\n1. Configure your NixGuard API key in 'Prepare API Request Data' node\n2. Set up trigger method (chat or manual)" } } ], "connections": { "If": { "main": [ [ { "node": "Edit Fields", "type": "main", "index": 0 } ] ] }, "Switch": { "main": [ [ { "node": "Post CRITICAL Alert to Slack", "type": "main", "index": 0 } ], [ { "node": "Post HIGH Alert to Slack", "type": "main", "index": 0 } ], [ { "node": "Post INFO Alert to Slack", "type": "main", "index": 0 } ], [] ] }, "Aggregate": { "main": [ [ { "node": "Set Prompt for Summary", "type": "main", "index": 0 } ] ] }, "Edit Fields": { "main": [ [ { "node": "Parse & Split Alerts", "type": "main", "index": 0 } ] ] }, "Parse Alert Array": { "main": [ [ { "node": "If", "type": "main", "index": 0 } ] ] }, "Run Daily at 8 AM": { "main": [ [ { "node": "Set API Key & Initial Prompt", "type": "main", "index": 0 } ] ] }, "Parse & Split Alerts": { "main": [ [ { "node": "Filter for Important Alerts (Level > 7)", "type": "main", "index": 0 } ] ] }, "Parse AI JSON Response": { "main": [ [ { "node": "Extract AI Priority & Summary", "type": "main", "index": 0 } ] ] }, "Set Prompt for Summary": { "main": [ [ { "node": "Execute: Generate Slack Message (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)", "type": "main", "index": 0 } ] ] }, "Set API Key & Initial Prompt": { "main": [ [ { "node": "Execute: Get Daily Events as JSON (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)", "type": "main", "index": 0 } ] ] }, "Extract AI Priority & Summary": { "main": [ [ { "node": "Switch", "type": "main", "index": 0 } ] ] }, "Filter for Important Alerts (Level > 7)": { "main": [ [ { "node": "Aggregate", "type": "main", "index": 0 } ] ] }, "Execute: Generate Slack Message (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)": { "main": [ [ { "node": "Parse AI JSON Response", "type": "main", "index": 0 } ] ] }, "Execute: Get Daily Events as JSON (Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration)": { "main": [ [ { "node": "Parse Alert Array", "type": "main", "index": 0 } ] ] } } }