{ "name": "Monitor zero-day threats with Anthropic Claude, Airtable, Slack and Jira", "nodes": [ { "id": "ef9931f7-9320-43de-9bab-be44eac1aa83", "name": "Sticky Note", "type": "n8n-nodes-base.stickyNote", "position": [ 0, -224 ], "parameters": { "width": 1000, "height": 1984, "content": "## AI Zero-Day Threat Intelligence Monitor\n\nThis workflow continuously monitors CVE databases, threat intelligence feeds, and public security advisories to surface emerging zero-day threats, correlate" } }, { "id": "fd75b7f9-7c5e-4160-93c7-d5a97b9f0a0c", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ 1056, 640 ], "parameters": { "width": 500, "height": 552, "content": "## 1. Trigger & Asset Inventory Load\n### Hourly Schedule · On-Demand Webhook · Airtable Asset Pull" } }, { "id": "841206c3-7598-47c9-b1e1-15b6c50f5b23", "name": "Sticky Note2", "type": "n8n-nodes-base.stickyNote", "position": [ 1584, 384 ], "parameters": { "width": 820, "height": 1068, "content": "## 2. Multi-Source Threat Intelligence Collection\n### NVD · CISA KEV · GitHub Advisories · AlienVault OTX · EPSS · Shodan" } }, { "id": "66a4f898-f60e-4efc-9912-33bbe506c113", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 2448, 784 ], "parameters": { "width": 796, "height": 464, "content": "## 3. Normalisation · Asset Correlation · Claude AI Threat Scoring" } }, { "id": "e66d305b-a04d-4e78-8cf4-23cbdf4b409a", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ 3312, 496 ], "parameters": { "width": 1548, "height": 852, "content": "## 4. Severity Routing · SOC Alerts · Jira Tickets · Patch Trigger · Threat Log" } }, { "id": "839596de-1cc8-45b8-94ea-a561f053db46", "name": "On-Demand Scan Webhook", "type": "n8n-nodes-base.webhook", "position": [ 1184, 832 ] }, { "id": "2130e835-8065-422a-83e7-3d4bb76f9da5", "name": "Hourly Threat Scan Schedule", "type": "n8n-nodes-base.scheduleTrigger", "position": [ 1184, 1024 ] }, { "id": "72d60fee-69c2-4697-86c2-fd0024aba31e", "name": "Load Asset & Software Inventory", "type": "n8n-nodes-base.airtable", "position": [ 1408, 928 ] }, { "id": "e54cb6da-9dec-4332-bf4b-9a49564e9e12", "name": "Build Scan Context & Search Terms", "type": "n8n-nodes-base.code", "position": [ 1632, 928 ] }, { "id": "2106a468-24a6-46dc-adfe-ef9afce7bcc3", "name": "Query NVD CVE Database", "type": "n8n-nodes-base.httpRequest", "position": [ 1856, 512 ] }, { "id": "af006cc1-356d-4673-853e-eac2332ff6ea", "name": "Fetch CISA Known Exploited Vulns", "type": "n8n-nodes-base.httpRequest", "position": [ 1856, 704 ] }, { "id": "7862a1df-aef9-4898-ad4e-487910472c8e", "name": "Query GitHub Security Advisories", "type": "n8n-nodes-base.httpRequest", "position": [ 1856, 896 ] }, { "id": "bd982345-90b4-49f1-85a3-d98ac21b8239", "name": "Fetch AlienVault OTX Pulses", "type": "n8n-nodes-base.httpRequest", "position": [ 1856, 1088 ] }, { "id": "3f6e6c47-bf5b-4e3b-95b9-d4f6dc8bf96a", "name": "Fetch EPSS Exploit Probability Scores", "type": "n8n-nodes-base.httpRequest", "position": [ 1856, 1280 ] }, { "id": "766d13c2-b4ff-468a-b835-9cc2e898373c", "name": "Merge All Threat Feed Results", "type": "n8n-nodes-base.merge", "position": [ 2080, 896 ] }, { "id": "ff28594d-6674-47fc-a179-7177ec5529ad", "name": "Normalise, Deduplicate & Correlate", "type": "n8n-nodes-base.code", "position": [ 2304, 896 ] }, { "id": "85a02970-fc2e-4c5e-933f-87790de20267", "name": "AI Threat Assessment & Prioritisation", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ 2528, 896 ] }, { "id": "35456c82-8d41-4c7b-ba19-f5910050244a", "name": "Claude AI Model", "type": "@n8n/n8n-nodes-langchain.lmChatAnthropic", "position": [ 2608, 1120 ] }, { "id": "49643df7-751c-4782-a2fc-affa54fef006", "name": "Parse & Validate AI Assessment", "type": "n8n-nodes-base.code", "position": [ 2880, 896 ] }, { "id": "92a36ab2-f6d3-4d46-bde6-da8905df2358", "name": "Filter Above Risk Threshold", "type": "n8n-nodes-base.filter", "position": [ 3104, 896 ] }, { "id": "fe90a723-97ca-4cff-9e1b-e7988289af58", "name": "Route by Overall Threat Level", "type": "n8n-nodes-base.switch", "position": [ 3536, 864 ] }, { "id": "75d81c5f-ef33-4403-ab64-685cfccd6845", "name": "Alert SOC Team on Slack", "type": "n8n-nodes-base.httpRequest", "position": [ 3984, 592 ] }, { "id": "455f0720-c154-4fef-9dcd-9b505bfcbbb9", "name": "Create Jira Threat Tickets", "type": "n8n-nodes-base.code", "position": [ 3632, 640 ] }, { "id": "6bff06bf-4637-4e30-bdd3-3dc2e1a0a63c", "name": "Submit Jira Issues via API", "type": "n8n-nodes-base.httpRequest", "position": [ 3984, 784 ] }, { "id": "9255330c-cef9-4ff8-9726-527a0790d288", "name": "Send Threat Brief to Security Team", "type": "n8n-nodes-base.emailSend", "position": [ 3760, 1200 ] }, { "id": "7c3e99be-cf46-4c95-8b67-c47367d69e5e", "name": "Trigger Patch Management System", "type": "n8n-nodes-base.httpRequest", "position": [ 3984, 1136 ] }, { "id": "6dc269bd-9036-401a-8c93-007f7273828e", "name": "Append to Threat Intelligence Log", "type": "n8n-nodes-base.googleSheets", "position": [ 4240, 848 ] }, { "id": "4bc6c2aa-a237-4c5d-bd66-b9e19e9a2b44", "name": "Build SIEM-Ready JSON Response", "type": "n8n-nodes-base.code", "position": [ 4432, 848 ] }, { "id": "83da09e7-6469-4a20-989b-e50d1a751aa7", "name": "Return Threat Intel to Caller", "type": "n8n-nodes-base.respondToWebhook", "position": [ 4656, 848 ] }, { "id": "90f81122-44c5-4e98-9f12-54bab8030111", "name": "Wait For Result", "type": "n8n-nodes-base.wait", "position": [ 3344, 896 ] } ], "connections": { "Claude AI Model": { "ai_languageModel": [ [ { "node": "AI Threat Assessment & Prioritisation", "type": "ai_languageModel", "index": 0 } ] ] }, "Wait For Result": { "main": [ [ { "node": "Route by Overall Threat Level", "type": "main", "index": 0 } ] ] }, "On-Demand Scan Webhook": { "main": [ [ { "node": "Load Asset & Software Inventory", "type": "main", "index": 0 } ] ] }, "Query NVD CVE Database": { "main": [ [ { "node": "Merge All Threat Feed Results", "type": "main", "index": 0 } ] ] }, "Alert SOC Team on Slack": { "main": [ [ { "node": "Append to Threat Intelligence Log", "type": "main", "index": 0 } ] ] }, "Create Jira Threat Tickets": { "main": [ [ { "node": "Submit Jira Issues via API", "type": "main", "index": 0 } ] ] }, "Submit Jira Issues via API": { "main": [ [ { "node": "Append to Threat Intelligence Log", "type": "main", "index": 0 } ] ] }, "Fetch AlienVault OTX Pulses": { "main": [ [ { "node": "Merge All Threat Feed Results", "type": "main", "index": 1 } ] ] }, "Filter Above Risk Threshold": { "main": [ [ { "node": "Wait For Result", "type": "main", "index": 0 } ] ] }, "Hourly Threat Scan Schedule": { "main": [ [ { "node": "Load Asset & Software Inventory", "type": "main", "index": 0 } ] ] }, "Merge All Threat Feed Results": { "main": [ [ { "node": "Normalise, Deduplicate & Correlate", "type": "main", "index": 0 } ] ] }, "Route by Overall Threat Level": { "main": [ [ { "node": "Alert SOC Team on Slack", "type": "main", "index": 0 }, { "node": "Create Jira Threat Tickets", "type": "main", "index": 0 }, { "node": "Send Threat Brief to Security Team", "type": "main", "index": 0 }, { "node": "Trigger Patch Management System", "type": "main", "index": 0 } ], [ { "node": "Alert SOC Team on Slack", "type": "main", "index": 0 }, { "node": "Create Jira Threat Tickets", "type": "main", "index": 0 }, { "node": "Send Threat Brief to Security Team", "type": "main", "index": 0 }, { "node": "Trigger Patch Management System", "type": "main", "index": 0 } ], [ { "node": "Send Threat Brief to Security Team", "type": "main", "index": 0 }, { "node": "Append to Threat Intelligence Log", "type": "main", "index": 0 } ] ] }, "Build SIEM-Ready JSON Response": { "main": [ [ { "node": "Return Threat Intel to Caller", "type": "main", "index": 0 } ] ] }, "Parse & Validate AI Assessment": { "main": [ [ { "node": "Filter Above Risk Threshold", "type": "main", "index": 0 } ] ] }, "Load Asset & Software Inventory": { "main": [ [ { "node": "Build Scan Context & Search Terms", "type": "main", "index": 0 } ] ] }, "Trigger Patch Management System": { "main": [ [ { "node": "Append to Threat Intelligence Log", "type": "main", "index": 0 } ] ] }, "Fetch CISA Known Exploited Vulns": { "main": [ [ { "node": "Merge All Threat Feed Results", "type": "main", "index": 1 } ] ] }, "Query GitHub Security Advisories": { "main": [ [ { "node": "Merge All Threat Feed Results", "type": "main", "index": 1 } ] ] }, "Append to Threat Intelligence Log": { "main": [ [ { "node": "Build SIEM-Ready JSON Response", "type": "main", "index": 0 } ] ] }, "Build Scan Context & Search Terms": { "main": [ [ { "node": "Query NVD CVE Database", "type": "main", "index": 0 }, { "node": "Fetch CISA Known Exploited Vulns", "type": "main", "index": 0 }, { "node": "Query GitHub Security Advisories", "type": "main", "index": 0 }, { "node": "Fetch AlienVault OTX Pulses", "type": "main", "index": 0 }, { "node": "Fetch EPSS Exploit Probability Scores", "type": "main", "index": 0 } ] ] }, "Normalise, Deduplicate & Correlate": { "main": [ [ { "node": "AI Threat Assessment & Prioritisation", "type": "main", "index": 0 } ] ] }, "Send Threat Brief to Security Team": { "main": [ [ { "node": "Trigger Patch Management System", "type": "main", "index": 0 } ] ] }, "AI Threat Assessment & Prioritisation": { "main": [ [ { "node": "Parse & Validate AI Assessment", "type": "main", "index": 0 } ] ] }, "Fetch EPSS Exploit Probability Scores": { "main": [ [ { "node": "Merge All Threat Feed Results", "type": "main", "index": 1 } ] ] } } }