{ "name": "Detect and route cybersecurity threats with SIEM, Slack, email and PagerDuty", "nodes": [ { "id": "b20161b9-009c-4670-9563-377582851b77", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ -1152, 96 ], "parameters": { "width": 800, "height": 800, "content": "## Real-time threat detection & incident response\n\nScans and aggregates threat intelligence, network logs, and vulnerability data every 15 minutes to detect emerging risks across the infrastructure. D" } }, { "id": "7c9fbfd3-9663-4ad2-84d2-2dc19cf804da", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ -176, 144 ], "parameters": { "width": 440, "height": 876, "content": "## 1. Data collection\n\nTriggers every 15 minutes and fetches network logs, vulnerability scan results, and external threat intelligence feeds in parallel before merging them for analysis." } }, { "id": "34565425-c656-4881-928d-32f678ac9cdf", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ 304, 352 ], "parameters": { "width": 436, "height": 460, "content": "## 2. Threat analysis\n\nMerges all collected data and runs detection logic to identify brute force attacks, malware signatures, critical vulnerabilities, suspicious traffic patterns, and IOC matches. E" } }, { "id": "d929174b-463e-4376-89f0-5a63f282b7f8", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 800, 256 ], "parameters": { "width": 640, "height": 860, "content": "## 3. Alert & remediate\n\nCritical and High threats trigger a Slack alert, a detailed SOC email, a PagerDuty incident, and an incident ticket. Medium and Low threats are logged to SIEM and stored in Po" } }, { "id": "0a3e7f2b-d06f-45fb-a8dd-33125071246a", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ 1488, 336 ], "parameters": { "width": 764, "height": 524, "content": "## 4. Summary report\n\nAll paths merge and a scan summary — total threats by severity and type — is posted to the Slack monitoring channel after every run." } }, { "id": "5633b4a5-b9cf-44ea-99ea-0dad8156574c", "name": "Schedule Trigger - Every 15 Minutes", "type": "n8n-nodes-base.scheduleTrigger", "position": [ -144, 496 ] }, { "id": "9de6147c-8a55-4613-913a-604093822d75", "name": "Fetch Network Logs", "type": "n8n-nodes-base.httpRequest", "position": [ 96, 384 ] }, { "id": "14354e5f-bb8c-4fa7-852c-d82621fc03bd", "name": "Fetch Vulnerability Scan Results", "type": "n8n-nodes-base.httpRequest", "position": [ 96, 592 ] }, { "id": "e6b1d20e-48e5-435f-bc96-621f95c6d1a5", "name": "Fetch Threat Intelligence Feed", "type": "n8n-nodes-base.httpRequest", "position": [ 96, 784 ] }, { "id": "52a555e8-19c0-4cc5-99a3-e780ac8cbc7e", "name": "Merge All Threat Data", "type": "n8n-nodes-base.merge", "position": [ 352, 592 ] }, { "id": "2c8301ec-fa9a-4a4e-a7aa-f26357b26cef", "name": "Analyze & Detect Threats", "type": "n8n-nodes-base.code", "position": [ 608, 592 ] }, { "id": "e9494946-bdcd-41a9-b685-86cb6c5ddfd4", "name": "Check Threat Severity", "type": "n8n-nodes-base.if", "position": [ 848, 592 ] }, { "id": "9c1414b8-f5cc-47da-a9de-909901adb984", "name": "Send Slack Alert - Critical", "type": "n8n-nodes-base.slack", "position": [ 1088, 464 ] }, { "id": "de4c0273-fa6e-4af0-9495-f78695e7e67f", "name": "Send Email Alert - Detailed", "type": "n8n-nodes-base.emailSend", "position": [ 1088, 672 ] }, { "id": "217d7550-3a07-4d86-b8aa-c7013ad4f165", "name": "Create PagerDuty Incident", "type": "n8n-nodes-base.httpRequest", "position": [ 1328, 464 ] }, { "id": "1cc4631b-7d8a-4231-ad8d-c8d70add7faa", "name": "Create Security Ticket", "type": "n8n-nodes-base.httpRequest", "position": [ 1328, 672 ] }, { "id": "cc06d7fd-96e9-4e91-b529-80eae70a9787", "name": "Log Medium/Low Threats", "type": "n8n-nodes-base.httpRequest", "position": [ 1088, 896 ] }, { "id": "2c5a881f-a51a-41bf-a00e-0f5ddc8beff5", "name": "Store in Database", "type": "n8n-nodes-base.postgres", "position": [ 1344, 896 ] }, { "id": "8199dd00-b0af-43c3-a5c6-346738debf86", "name": "Merge All Paths", "type": "n8n-nodes-base.merge", "position": [ 1568, 592 ] }, { "id": "81cd1ef3-176a-4c56-b48a-429d24c9f659", "name": "Generate Summary Report", "type": "n8n-nodes-base.code", "position": [ 1808, 592 ] }, { "id": "de5188a7-acc2-48e8-910a-61fdb4f25c7e", "name": "Send Summary to Monitoring Channel", "type": "n8n-nodes-base.slack", "position": [ 2048, 592 ] } ], "connections": { "Merge All Paths": { "main": [ [ { "node": "Generate Summary Report", "type": "main", "index": 0 } ] ] }, "Fetch Network Logs": { "main": [ [ { "node": "Merge All Threat Data", "type": "main", "index": 0 } ] ] }, "Check Threat Severity": { "main": [ [ { "node": "Send Slack Alert - Critical", "type": "main", "index": 0 }, { "node": "Send Email Alert - Detailed", "type": "main", "index": 0 } ], [ { "node": "Log Medium/Low Threats", "type": "main", "index": 0 } ] ] }, "Merge All Threat Data": { "main": [ [ { "node": "Analyze & Detect Threats", "type": "main", "index": 0 } ] ] }, "Create Security Ticket": { "main": [ [ { "node": "Merge All Paths", "type": "main", "index": 1 } ] ] }, "Log Medium/Low Threats": { "main": [ [ { "node": "Store in Database", "type": "main", "index": 0 } ] ] }, "Generate Summary Report": { "main": [ [ { "node": "Send Summary to Monitoring Channel", "type": "main", "index": 0 } ] ] }, "Analyze & Detect Threats": { "main": [ [ { "node": "Check Threat Severity", "type": "main", "index": 0 } ] ] }, "Create PagerDuty Incident": { "main": [ [ { "node": "Merge All Paths", "type": "main", "index": 0 } ] ] }, "Send Email Alert - Detailed": { "main": [ [ { "node": "Create Security Ticket", "type": "main", "index": 0 } ] ] }, "Send Slack Alert - Critical": { "main": [ [ { "node": "Create PagerDuty Incident", "type": "main", "index": 0 } ] ] }, "Fetch Threat Intelligence Feed": { "main": [ [ { "node": "Merge All Threat Data", "type": "main", "index": 1 } ] ] }, "Fetch Vulnerability Scan Results": { "main": [ [ { "node": "Merge All Threat Data", "type": "main", "index": 1 } ] ] }, "Schedule Trigger - Every 15 Minutes": { "main": [ [ { "node": "Fetch Network Logs", "type": "main", "index": 0 }, { "node": "Fetch Vulnerability Scan Results", "type": "main", "index": 0 }, { "node": "Fetch Threat Intelligence Feed", "type": "main", "index": 0 } ] ] } } }