{"workflow":{"id":10587,"name":"Automate cybersecurity incident response with Claude AI, VirusTotal and Slack","views":297,"recentViews":1,"totalViews":297,"createdAt":"2025-11-07T11:15:09.915Z","description":"This workflow automates end-to-end cybersecurity incident response by ingesting alerts from multiple sources, enriching threat intelligence, assessing severity with Claude AI, executing containment actions, notifying stakeholders, and creating audit-ready tickets.\n\n### How it works\n\n1. **Ingest Alert** - Webhook receives alerts from SIEM, EDR, firewall, IDS/IPS\n2. **Validate & Normalize** - Standardizes alert format across all sources\n3. **Enrich Threat Intel** - Queries VirusTotal, AbuseIPDB, Shodan for context\n4. **AI Severity Assessment** - Claude AI classifies severity and recommends response\n5. **Containment Actions** - Auto-blocks IPs, isolates hosts, revokes tokens based on severity\n6. **Notify Stakeholders** - Alerts SOC team via Slack/email based on severity level\n7. **Create Incident Ticket** - Logs to Jira/ServiceNow with full enrichment data\n8. **Audit Log** - Writes compliance-ready record to Google Sheets\n\n### Setup Steps\n\n1. Import workflow into n8n\n2. Configure credentials:\n   - **Webhook** - Point your SIEM/EDR to the webhook URL\n   - **Anthropic API** - Claude AI for severity classification\n   - **VirusTotal API** - Threat intelligence enrichment\n   - **AbuseIPDB API** - IP reputation checking\n   - **Slack OAuth** - SOC team notifications\n   - **Jira API** - Incident ticket creation\n   - **Google Sheets** - Compliance audit log\n3. Update firewall/EDR API endpoints in containment nodes\n4. Set your Slack channel IDs and Jira project key\n5. Activate the workflow\n\n### Sample Alert Payload\n```json\n{\n  \"source\": \"splunk\",\n  \"alertType\": \"brute_force\",\n  \"sourceIP\": \"192.168.1.100\",\n  \"destinationIP\": \"10.0.0.5\",\n  \"affectedHost\": \"prod-server-01\",\n  \"affectedUser\": \"admin@company.com\",\n  \"timestamp\": \"2025-02-22T10:30:00Z\",\n  \"rawLog\": \"Failed login attempt x50 in 60s\"\n}\n```\n\n### Features\n- **Multi-source ingestion** - SIEM, EDR, firewall, IDS/IPS\n- **Real-time threat enrichment** from VirusTotal & AbuseIPDB\n- **AI-powered severity scoring** with recommended playbooks\n- **Automated containment** for Critical/High severity\n- **Compliance audit trail** with full chain of custody\n\n### Industries That Benefit\n* **Financial Services:** Rapid containment of fraud and data exfiltration attempts.\n* **Healthcare:** Protect PHI with automated isolation and HIPAA-compliant logging.\n* **Retail & E-commerce:** Prevent POS breaches and payment card compromises.\n* **Government & Defense:** Enforce zero-trust response with full audit trails.\n* **Critical Infrastructure:** Contain OT threats before operational disruption.\n\n### Prerequisites\n* SIEM/EDR alerting configured to forward to webhook\n* API access to threat intelligence platforms (VirusTotal, OTX, MISP)\n* EDR (CrowdStrike, Carbon Black) or firewall API credentials\n* ITSM system (Jira, ServiceNow) with API access\n* n8n instance with HTTP Request, Function, Slack, and Email nodes enabled\n* SMTP, Slack, or SMS gateway credentials\n\n### Modification Options\n* Add phishing triage with email detonation sandbox.\n* Integrate SOAR playbooks for ransomware response.\n* Enable auto-remediation (e.g., disable user in AD).\n* Add forensic artifact collection (memory dump, logs).\n* Trigger war room creation in Slack/Teams for Major incidents.\n* Export incidents to case management (e.g., TheHive, Cortex).\n\n**Explore More Cybersecurity Automation Workflows:**  \n[Contact us](https://www.oneclickitsolution.com/contact-us/) to build custom SOAR, threat hunting, and compliance automation solutions powered by n8n and AI.","workflow":{"id":"fly1MRCiQdxRyuIZ","meta":{"instanceId":"dd69efaf8212c74ad206700d104739d3329588a6f3f8381a46a481f34c9cc281","templateCredsSetupCompleted":true},"name":"Cybersecurity Incident Response Automation","tags":[],"nodes":[{"id":"87291e5f-c3d5-466a-83a1-de7a7213833c","name":"Sticky Note","type":"n8n-nodes-base.stickyNote","position":[-336,0],"parameters":{"width":876,"height":1220,"content":"## Cybersecurity Incident Response Automation with Claude AI\n\nThis workflow automates end-to-end cybersecurity incident response by ingesting alerts from multiple sources, enriching threat intelligence, assessing severity with Claude AI, executing containment actions, notifying stakeholders, and creating audit-ready tickets.\n\n### How it works\n\n1. **Ingest Alert** - Webhook receives alerts from SIEM, EDR, firewall, IDS/IPS\n2. **Validate & Normalize** - Standardizes alert format across all sources\n3. **Enrich Threat Intel** - Queries VirusTotal, AbuseIPDB, Shodan for context\n4. **AI Severity Assessment** - Claude AI classifies severity and recommends response\n5. **Containment Actions** - Auto-blocks IPs, isolates hosts, revokes tokens based on severity\n6. **Notify Stakeholders** - Alerts SOC team via Slack/email based on severity level\n7. **Create Incident Ticket** - Logs to Jira/ServiceNow with full enrichment data\n8. **Audit Log** - Writes compliance-ready record to Google Sheets\n\n### Setup Steps\n\n1. Import workflow into n8n\n2. Configure credentials:\n   - **Webhook** - Point your SIEM/EDR to the webhook URL\n   - **Anthropic API** - Claude AI for severity classification\n   - **VirusTotal API** - Threat intelligence enrichment\n   - **AbuseIPDB API** - IP reputation checking\n   - **Slack OAuth** - SOC team notifications\n   - **Jira API** - Incident ticket creation\n   - **Google Sheets** - Compliance audit log\n3. Update firewall/EDR API endpoints in containment nodes\n4. Set your Slack channel IDs and Jira project key\n5. Activate the workflow\n\n### Sample Alert Payload\n```json\n{\n  \"source\": \"splunk\",\n  \"alertType\": \"brute_force\",\n  \"sourceIP\": \"192.168.1.100\",\n  \"destinationIP\": \"10.0.0.5\",\n  \"affectedHost\": \"prod-server-01\",\n  \"affectedUser\": \"admin@company.com\",\n  \"timestamp\": \"2025-02-22T10:30:00Z\",\n  \"rawLog\": \"Failed login attempt x50 in 60s\"\n}\n```\n\n### Features\n- **Multi-source ingestion** - SIEM, EDR, firewall, IDS/IPS\n- **Real-time threat enrichment** from VirusTotal & AbuseIPDB\n- **AI-powered severity scoring** with recommended playbooks\n- **Automated containment** for Critical/High severity\n- **Compliance audit trail** with full chain of custody"},"typeVersion":1},{"id":"3c5bc9a7-7d64-4b00-bcf6-8e3d79486bbf","name":"Sticky Note1","type":"n8n-nodes-base.stickyNote","position":[672,512],"parameters":{"color":4,"width":440,"height":328,"content":"## 1. Alert Ingestion & Normalization"},"typeVersion":1},{"id":"4e96588f-1344-466f-a9b2-7f13ae0a402a","name":"Sticky Note2","type":"n8n-nodes-base.stickyNote","position":[1210,340],"parameters":{"color":4,"width":716,"height":684,"content":"## 2. Threat Intelligence Enrichment"},"typeVersion":1},{"id":"49feca99-89fb-470c-8014-883e4abdc3f1","name":"Sticky Note3","type":"n8n-nodes-base.stickyNote","position":[1944,548],"parameters":{"color":4,"width":720,"height":284,"content":"## 3. AI Severity Assessment & Playbook"},"typeVersion":1},{"id":"3dfedbe3-e986-4b82-8b6a-5fb23b748565","name":"Sticky Note4","type":"n8n-nodes-base.stickyNote","position":[2688,272],"parameters":{"color":4,"width":1332,"height":828,"content":"## 4. Containment, Notification & Ticketing"},"typeVersion":1},{"id":"a2161a2e-d428-453c-85c6-ce19d8b30491","name":"Receive Security Alert","type":"n8n-nodes-base.webhook","position":[720,672],"webhookId":"cybersecurity-incident-webhook","parameters":{"path":"security-alert","options":{},"httpMethod":"POST","responseMode":"responseNode"},"typeVersion":2},{"id":"9f3a37eb-6e55-493e-8197-c342e31468b1","name":"Normalize and Validate Alert","type":"n8n-nodes-base.code","position":[944,672],"parameters":{"mode":"runOnceForEachItem","jsCode":"// Extract alert from request body\nconst raw = $input.item.json.body || $input.item.json;\n\n// Validate required fields\nconst required = ['source', 'alertType'];\nconst missing = required.filter(f => !raw[f]);\nif (missing.length > 0) {\n  throw new Error(`Missing required alert fields: ${missing.join(', ')}`);\n}\n\n// Normalize alert type to standard taxonomy\nconst alertTypeMappings = {\n  'brute_force': 'BRUTE_FORCE',\n  'bruteforce': 'BRUTE_FORCE',\n  'login_failure': 'BRUTE_FORCE',\n  'malware': 'MALWARE_DETECTED',\n  'malware_detected': 'MALWARE_DETECTED',\n  'ransomware': 'RANSOMWARE',\n  'phishing': 'PHISHING',\n  'data_exfiltration': 'DATA_EXFILTRATION',\n  'exfiltration': 'DATA_EXFILTRATION',\n  'lateral_movement': 'LATERAL_MOVEMENT',\n  'privilege_escalation': 'PRIVILEGE_ESCALATION',\n  'ddos': 'DDOS_ATTACK',\n  'dos': 'DDOS_ATTACK',\n  'sql_injection': 'WEB_ATTACK',\n  'xss': 'WEB_ATTACK',\n  'web_attack': 'WEB_ATTACK',\n  'c2': 'C2_COMMUNICATION',\n  'c2_communication': 'C2_COMMUNICATION',\n  'unauthorized_access': 'UNAUTHORIZED_ACCESS'\n};\n\nconst normalizedType = alertTypeMappings[raw.alertType?.toLowerCase()] || raw.alertType?.toUpperCase() || 'UNKNOWN';\n\n// Normalize source\nconst sourceMap = {\n  'splunk': 'SIEM',\n  'qradar': 'SIEM',\n  'sentinel': 'SIEM',\n  'crowdstrike': 'EDR',\n  'sentinelone': 'EDR',\n  'defender': 'EDR',\n  'paloalto': 'FIREWALL',\n  'fortinet': 'FIREWALL',\n  'cisco': 'FIREWALL',\n  'snort': 'IDS',\n  'suricata': 'IDS'\n};\n\nconst sourceCategory = sourceMap[raw.source?.toLowerCase()] || 'UNKNOWN';\n\n// Extract IPs safely\nconst sourceIP = raw.sourceIP || raw.src_ip || raw.attackerIP || null;\nconst destinationIP = raw.destinationIP || raw.dst_ip || raw.targetIP || null;\n\n// Build normalized incident\nconst incident = {\n  incidentId: `INC-${Date.now()}-${Math.random().toString(36).substr(2, 9).toUpperCase()}`,\n  alertType: normalizedType,\n  source: raw.source || 'unknown',\n  sourceCategory,\n  sourceIP,\n  destinationIP,\n  affectedHost: raw.affectedHost || raw.hostname || raw.host || null,\n  affectedUser: raw.affectedUser || raw.username || raw.user || null,\n  affectedAsset: raw.affectedAsset || raw.asset || null,\n  rawLog: raw.rawLog || raw.message || raw.log || JSON.stringify(raw),\n  originalTimestamp: raw.timestamp || new Date().toISOString(),\n  receivedAt: new Date().toISOString(),\n  tags: raw.tags || [],\n  additionalContext: raw.context || {}\n};\n\nreturn { json: { incident } };"},"typeVersion":2},{"id":"6e41f17e-d016-4a38-8199-589e37406213","name":"Check IP on VirusTotal","type":"n8n-nodes-base.httpRequest","position":[1296,480],"parameters":{"url":"=https://www.virustotal.com/api/v3/ip_addresses/{{ $json.incident.sourceIP || '8.8.8.8' }}","options":{"timeout":10000},"sendHeaders":true,"authentication":"predefinedCredentialType","headerParameters":{"parameters":[{"name":"x-apikey","value":"={{ $credentials.apiKey }}"}]},"nodeCredentialType":"virusTotalApi"},"credentials":{"virusTotalApi":{"id":"credential-id","name":"VirusTotal account - test"}},"typeVersion":4.2,"continueOnFail":true},{"id":"ac6cfdc6-3b7a-447f-aa04-5e1e9d6bac16","name":"Check IP on AbuseIPDB","type":"n8n-nodes-base.httpRequest","position":[1296,672],"parameters":{"url":"https://api.abuseipdb.com/api/v2/check","options":{"timeout":10000},"sendQuery":true,"sendHeaders":true,"queryParameters":{"parameters":[{"name":"ipAddress","value":"={{ $('Normalize and Validate Alert').item.json.incident.sourceIP || '8.8.8.8' }}"},{"name":"maxAgeInDays","value":"90"},{"name":"verbose","value":"true"}]},"headerParameters":{"parameters":[{"name":"Key","value":"={{ $credentials.apiKey }}"},{"name":"Accept","value":"application/json"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"055e3563-d369-4b85-b7a2-98027840115b","name":"Lookup Host on Shodan","type":"n8n-nodes-base.httpRequest","position":[1296,864],"parameters":{"url":"=https://api.shodan.io/shodan/host/{{ $('Normalize and Validate Alert').item.json.incident.sourceIP || '8.8.8.8' }}","options":{"timeout":10000},"sendQuery":true,"queryParameters":{"parameters":[{"name":"key","value":"YOUR_SHODAN_API_KEY"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"30a307db-3d80-4ba5-8759-af013c51b534","name":"Merge Threat Intelligence","type":"n8n-nodes-base.merge","position":[1520,672],"parameters":{"mode":"mergeByPosition"},"typeVersion":3},{"id":"e933942f-8e6b-440b-9adf-0fb70634bf4a","name":"Combine Enrichment Data","type":"n8n-nodes-base.code","position":[1744,672],"parameters":{"mode":"runOnceForEachItem","jsCode":"// Pull all enrichment sources\nconst incident = $('Normalize and Validate Alert').item.json.incident;\nconst vtResponse = $('Check IP on VirusTotal').item.json;\nconst abuseResponse = $('Check IP on AbuseIPDB').item.json;\nconst shodanResponse = $('Lookup Host on Shodan').item.json;\n\n// Parse VirusTotal\nlet virusTotalData = { maliciousVotes: 0, suspiciousVotes: 0, harmlessVotes: 0, totalEngines: 0, country: 'Unknown', asOwner: 'Unknown' };\ntry {\n  if (vtResponse && vtResponse.data?.attributes) {\n    const attrs = vtResponse.data.attributes;\n    const stats = attrs.last_analysis_stats || {};\n    virusTotalData = {\n      maliciousVotes: stats.malicious || 0,\n      suspiciousVotes: stats.suspicious || 0,\n      harmlessVotes: stats.harmless || 0,\n      totalEngines: (stats.malicious || 0) + (stats.suspicious || 0) + (stats.harmless || 0) + (stats.undetected || 0),\n      country: attrs.country || 'Unknown',\n      asOwner: attrs.as_owner || 'Unknown',\n      reputation: attrs.reputation || 0,\n      lastAnalysisDate: attrs.last_analysis_date ? new Date(attrs.last_analysis_date * 1000).toISOString() : null\n    };\n  }\n} catch (e) { console.log('VT parse error:', e.message); }\n\n// Parse AbuseIPDB\nlet abuseIPData = { abuseConfidenceScore: 0, totalReports: 0, isWhitelisted: false, isp: 'Unknown', usageType: 'Unknown', countryCode: 'Unknown' };\ntry {\n  if (abuseResponse && abuseResponse.data) {\n    const d = abuseResponse.data;\n    abuseIPData = {\n      abuseConfidenceScore: d.abuseConfidenceScore || 0,\n      totalReports: d.totalReports || 0,\n      isWhitelisted: d.isWhitelisted || false,\n      isp: d.isp || 'Unknown',\n      usageType: d.usageType || 'Unknown',\n      countryCode: d.countryCode || 'Unknown',\n      lastReportedAt: d.lastReportedAt || null\n    };\n  }\n} catch (e) { console.log('AbuseIPDB parse error:', e.message); }\n\n// Parse Shodan\nlet shodanData = { openPorts: [], vulns: [], hostnames: [], os: 'Unknown', org: 'Unknown' };\ntry {\n  if (shodanResponse && !shodanResponse.error) {\n    shodanData = {\n      openPorts: shodanResponse.ports || [],\n      vulns: Object.keys(shodanResponse.vulns || {}),\n      hostnames: shodanResponse.hostnames || [],\n      os: shodanResponse.os || 'Unknown',\n      org: shodanResponse.org || 'Unknown',\n      isp: shodanResponse.isp || 'Unknown'\n    };\n  }\n} catch (e) { console.log('Shodan parse error:', e.message); }\n\n// Calculate composite threat score (0-100)\nconst vtScore = virusTotalData.totalEngines > 0\n  ? Math.round((virusTotalData.maliciousVotes / virusTotalData.totalEngines) * 40)\n  : 0;\nconst abuseScore = Math.round((abuseIPData.abuseConfidenceScore / 100) * 35);\nconst shodanScore = Math.min(shodanData.vulns.length * 5 + shodanData.openPorts.length * 0.5, 25);\nconst compositeThreatScore = Math.min(Math.round(vtScore + abuseScore + shodanScore), 100);\n\nreturn {\n  json: {\n    incident,\n    threatIntelligence: {\n      virusTotal: virusTotalData,\n      abuseIPDB: abuseIPData,\n      shodan: shodanData,\n      compositeThreatScore,\n      enrichedAt: new Date().toISOString()\n    }\n  }\n};"},"typeVersion":2},{"id":"44879567-ed26-40bd-bcde-f5d2b7d7e278","name":"Assess Severity with Claude AI","type":"@n8n/n8n-nodes-langchain.agent","position":[1968,672],"parameters":{"text":"=You are an expert cybersecurity incident responder (CISSP, CISM certified). Analyze this security incident and provide a structured severity assessment with response playbook.\n\n**Incident Details:**\n- Incident ID: {{ $json.incident.incidentId }}\n- Alert Type: {{ $json.incident.alertType }}\n- Source: {{ $json.incident.source }} ({{ $json.incident.sourceCategory }})\n- Source IP: {{ $json.incident.sourceIP || 'N/A' }}\n- Destination IP: {{ $json.incident.destinationIP || 'N/A' }}\n- Affected Host: {{ $json.incident.affectedHost || 'N/A' }}\n- Affected User: {{ $json.incident.affectedUser || 'N/A' }}\n- Timestamp: {{ $json.incident.originalTimestamp }}\n- Raw Log: {{ $json.incident.rawLog }}\n\n**Threat Intelligence:**\n- VirusTotal Malicious Votes: {{ $json.threatIntelligence.virusTotal.maliciousVotes }} / {{ $json.threatIntelligence.virusTotal.totalEngines }} engines\n- AbuseIPDB Confidence Score: {{ $json.threatIntelligence.abuseIPDB.abuseConfidenceScore }}%\n- AbuseIPDB Total Reports: {{ $json.threatIntelligence.abuseIPDB.totalReports }}\n- Source IP Country: {{ $json.threatIntelligence.virusTotal.country }}\n- IP Owner/ISP: {{ $json.threatIntelligence.abuseIPDB.isp }}\n- Open Ports on Host: {{ JSON.stringify($json.threatIntelligence.shodan.openPorts) }}\n- Known Vulnerabilities: {{ JSON.stringify($json.threatIntelligence.shodan.vulns) }}\n- Composite Threat Score: {{ $json.threatIntelligence.compositeThreatScore }}/100\n\n**Assessment Guidelines:**\n- CRITICAL: Active breach, ransomware, data exfiltration, C2 confirmed — immediate containment\n- HIGH: Confirmed malicious activity, privilege escalation, lateral movement — rapid response\n- MEDIUM: Suspicious activity, multiple failed logins, known bad IP — investigate and monitor\n- LOW: Single anomaly, low-confidence detection, likely false positive — log and review\n\n**Response Format (JSON only, no markdown):**\n{\n  \"severity\": \"CRITICAL | HIGH | MEDIUM | LOW\",\n  \"severityScore\": 95,\n  \"confidence\": \"HIGH | MEDIUM | LOW\",\n  \"threatCategory\": \"brief category name\",\n  \"summary\": \"2-3 sentence plain-English summary of the incident\",\n  \"isFalsePositive\": false,\n  \"falsePositiveReason\": null,\n  \"immediateActions\": [\"ordered list of actions to take right now\"],\n  \"containmentSteps\": [\"specific technical containment actions\"],\n  \"investigationSteps\": [\"forensic investigation steps\"],\n  \"affectedSystems\": [\"list of potentially affected systems/services\"],\n  \"iocList\": [\"indicators of compromise to hunt for\"],\n  \"mitreTactics\": [\"MITRE ATT&CK tactic names\"],\n  \"mitreTechniques\": [\"MITRE ATT&CK technique IDs like T1110\"],\n  \"recommendedPlaybook\": \"BRUTE_FORCE | MALWARE | RANSOMWARE | PHISHING | DATA_EXFIL | INSIDER_THREAT | WEB_ATTACK | GENERIC\",\n  \"escalateToManagement\": true,\n  \"requiresForensics\": false,\n  \"estimatedImpact\": \"brief impact statement\"\n}","options":{"systemMessage":"You are a cybersecurity incident response expert. Respond with JSON only — no markdown, no code blocks, no additional text. Your assessments must be accurate, actionable, and aligned with NIST IR framework and MITRE ATT&CK."},"promptType":"define"},"typeVersion":1.6},{"id":"587a614a-3619-48ee-9aff-be85263de995","name":"Claude AI Model","type":"@n8n/n8n-nodes-langchain.lmChatAnthropic","position":[2040,896],"parameters":{"model":"=claude-sonnet-4-20250514","options":{"temperature":0.2}},"credentials":{"anthropicApi":{"id":"credential-id","name":"Anthropic account - test"}},"typeVersion":1},{"id":"13b1ed17-d525-4cb3-8b00-19922a6eee68","name":"Parse AI Assessment","type":"n8n-nodes-base.code","position":[2320,672],"parameters":{"mode":"runOnceForEachItem","jsCode":"const aiResponse = $input.item.json;\nlet aiText = aiResponse.response || aiResponse.output || aiResponse.text || '';\n\n// Handle content array format from Anthropic\nif (aiResponse.content && Array.isArray(aiResponse.content)) {\n  aiText = aiResponse.content[0]?.text || '';\n}\n\n// Strip markdown code blocks if present\nconst cleanText = aiText\n  .replace(/```json\\s*/g, '')\n  .replace(/```\\s*/g, '')\n  .trim();\n\nlet assessment;\ntry {\n  assessment = JSON.parse(cleanText);\n} catch (error) {\n  throw new Error(`Failed to parse Claude AI response: ${error.message}. Raw: ${cleanText.substring(0, 200)}`);\n}\n\n// Pull enriched incident from upstream\nconst enrichedData = $('Combine Enrichment Data').item.json;\n\n// Determine auto-containment flag (Critical or High non-false-positive)\nconst autoContain = ['CRITICAL', 'HIGH'].includes(assessment.severity) && !assessment.isFalsePositive;\n\n// Determine notification level\nconst notifyLevel = {\n  'CRITICAL': 'P1_IMMEDIATE',\n  'HIGH': 'P2_URGENT',\n  'MEDIUM': 'P3_STANDARD',\n  'LOW': 'P4_INFORMATIONAL'\n}[assessment.severity] || 'P3_STANDARD';\n\nreturn {\n  json: {\n    incident: enrichedData.incident,\n    threatIntelligence: enrichedData.threatIntelligence,\n    assessment,\n    responseDecision: {\n      autoContain,\n      notifyLevel,\n      createTicket: true,\n      requiresEscalation: assessment.escalateToManagement || assessment.severity === 'CRITICAL',\n      requiresForensics: assessment.requiresForensics || false\n    },\n    assessedAt: new Date().toISOString()\n  }\n};"},"typeVersion":2},{"id":"42cd014f-9347-41db-8538-be5284179da6","name":"Check Severity for Auto-Containment","type":"n8n-nodes-base.if","position":[2544,672],"parameters":{"options":{},"conditions":{"options":{"leftValue":"","caseSensitive":false,"typeValidation":"strict"},"combinator":"and","conditions":[{"operator":{"type":"boolean","operation":"true"},"leftValue":"={{ $json.responseDecision.autoContain }}"}]}},"typeVersion":2},{"id":"0d4cfc9b-7215-4b30-917d-563c4b7e42c2","name":"Block Malicious IP on Firewall","type":"n8n-nodes-base.httpRequest","position":[2768,384],"parameters":{"url":"https://YOUR_FIREWALL_API/api/v1/blocked-ips","method":"POST","options":{"timeout":10000},"jsonBody":"={\n  \"ip\": \"{{ $json.incident.sourceIP }}\",\n  \"reason\": \"Auto-blocked by IRT: {{ $json.incident.incidentId }} - {{ $json.assessment.severity }} {{ $json.incident.alertType }}\",\n  \"duration\": \"{{ $json.assessment.severity === 'CRITICAL' ? 'permanent' : '24h' }}\",\n  \"addedBy\": \"n8n-incident-response\",\n  \"timestamp\": \"{{ new Date().toISOString() }}\"\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","headerParameters":{"parameters":[{"name":"Authorization","value":"Bearer YOUR_TOKEN_HERE"},{"name":"Content-Type","value":"application/json"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"b262e14b-1082-4436-bd03-44df626ca148","name":"Isolate Affected Host via EDR","type":"n8n-nodes-base.httpRequest","position":[2768,672],"parameters":{"url":"https://YOUR_EDR_API/api/v1/devices/isolate","method":"POST","options":{"timeout":15000},"jsonBody":"={\n  \"hostname\": \"{{ $json.incident.affectedHost }}\",\n  \"incidentId\": \"{{ $json.incident.incidentId }}\",\n  \"severity\": \"{{ $json.assessment.severity }}\",\n  \"reason\": \"{{ $json.assessment.summary }}\",\n  \"isolationType\": \"{{ $json.assessment.severity === 'CRITICAL' ? 'full' : 'network' }}\",\n  \"isolatedBy\": \"n8n-incident-response\",\n  \"timestamp\": \"{{ new Date().toISOString() }}\"\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","headerParameters":{"parameters":[{"name":"Authorization","value":"Bearer YOUR_TOKEN_HERE"},{"name":"Content-Type","value":"application/json"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"d23ef0a4-a970-4569-8794-deddbc19e571","name":"Revoke User Tokens and Sessions","type":"n8n-nodes-base.httpRequest","position":[2768,960],"parameters":{"url":"https://YOUR_IDP_API/api/v1/users/revoke-sessions","method":"POST","options":{"timeout":10000},"jsonBody":"={\n  \"userEmail\": \"{{ $json.incident.affectedUser }}\",\n  \"incidentId\": \"{{ $json.incident.incidentId }}\",\n  \"revokeAll\": true,\n  \"reason\": \"Security incident: {{ $json.assessment.severity }} {{ $json.incident.alertType }}\",\n  \"revokedBy\": \"n8n-incident-response\"\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","headerParameters":{"parameters":[{"name":"Authorization","value":"Bearer YOUR_TOKEN_HERE"},{"name":"Content-Type","value":"application/json"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"84aa8a76-5002-4bdb-8633-d0cfe9172329","name":"Notify SOC Team on Slack","type":"n8n-nodes-base.httpRequest","position":[2992,464],"parameters":{"url":"https://slack.com/api/chat.postMessage","method":"POST","options":{"timeout":10000},"jsonBody":"={\n  \"channel\": \"{{ $json.assessment.severity === 'CRITICAL' ? '#soc-critical' : $json.assessment.severity === 'HIGH' ? '#soc-alerts' : '#soc-monitoring' }}\",\n  \"text\": \"🚨 *{{ $json.assessment.severity }} Security Incident Detected*\",\n  \"blocks\": [\n    {\n      \"type\": \"header\",\n      \"text\": {\n        \"type\": \"plain_text\",\n        \"text\": \"🚨 {{ $json.assessment.severity }} Incident: {{ $json.incident.alertType }}\"\n      }\n    },\n    {\n      \"type\": \"section\",\n      \"fields\": [\n        { \"type\": \"mrkdwn\", \"text\": \"*Incident ID:*\\n{{ $json.incident.incidentId }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Severity:*\\n{{ $json.assessment.severity }} ({{ $json.assessment.severityScore }}/100)\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Source IP:*\\n{{ $json.incident.sourceIP || 'N/A' }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Affected Host:*\\n{{ $json.incident.affectedHost || 'N/A' }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Alert Source:*\\n{{ $json.incident.source }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Containment:*\\n{{ $json.responseDecision.autoContain ? '✅ Auto-contained' : '⚠️ Manual action required' }}\" }\n      ]\n    },\n    {\n      \"type\": \"section\",\n      \"text\": {\n        \"type\": \"mrkdwn\",\n        \"text\": \"*Summary:*\\n{{ $json.assessment.summary }}\"\n      }\n    },\n    {\n      \"type\": \"section\",\n      \"text\": {\n        \"type\": \"mrkdwn\",\n        \"text\": \"*MITRE ATT&CK:* {{ $json.assessment.mitreTechniques.join(', ') }}\\n*Playbook:* {{ $json.assessment.recommendedPlaybook }}\"\n      }\n    }\n  ]\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","authentication":"predefinedCredentialType","headerParameters":{"parameters":[{"name":"Content-Type","value":"application/json"}]},"nodeCredentialType":"slackApi"},"credentials":{"slackApi":{"id":"credential-id","name":"Slack account - test "}},"typeVersion":4.2,"continueOnFail":true},{"id":"fed148a8-b3b9-4035-a4a3-f95d70973808","name":"Create Incident Ticket in Jira","type":"n8n-nodes-base.httpRequest","position":[2992,816],"parameters":{"url":"https://YOUR_JIRA_DOMAIN.atlassian.net/rest/api/3/issue","method":"POST","options":{"timeout":15000},"jsonBody":"={\n  \"fields\": {\n    \"project\": { \"key\": \"SEC\" },\n    \"issuetype\": { \"name\": \"Incident\" },\n    \"summary\": \"[{{ $json.assessment.severity }}] {{ $json.incident.alertType }} - {{ $json.incident.incidentId }}\",\n    \"priority\": { \"name\": \"{{ $json.assessment.severity === 'CRITICAL' ? 'Highest' : $json.assessment.severity === 'HIGH' ? 'High' : $json.assessment.severity === 'MEDIUM' ? 'Medium' : 'Low' }}\" },\n    \"description\": {\n      \"type\": \"doc\",\n      \"version\": 1,\n      \"content\": [\n        {\n          \"type\": \"paragraph\",\n          \"content\": [{ \"type\": \"text\", \"text\": \"Incident ID: {{ $json.incident.incidentId }}\" }]\n        },\n        {\n          \"type\": \"paragraph\",\n          \"content\": [{ \"type\": \"text\", \"text\": \"Summary: {{ $json.assessment.summary }}\" }]\n        },\n        {\n          \"type\": \"paragraph\",\n          \"content\": [{ \"type\": \"text\", \"text\": \"Source IP: {{ $json.incident.sourceIP || 'N/A' }} | AbuseIPDB Score: {{ $json.threatIntelligence.abuseIPDB.abuseConfidenceScore }}%\" }]\n        },\n        {\n          \"type\": \"paragraph\",\n          \"content\": [{ \"type\": \"text\", \"text\": \"MITRE Techniques: {{ $json.assessment.mitreTechniques.join(', ') }}\" }]\n        },\n        {\n          \"type\": \"paragraph\",\n          \"content\": [{ \"type\": \"text\", \"text\": \"Playbook: {{ $json.assessment.recommendedPlaybook }}\" }]\n        }\n      ]\n    },\n    \"labels\": [\"security-incident\", \"{{ $json.incident.alertType.toLowerCase().replace(/_/g, '-') }}\", \"{{ $json.assessment.severity.toLowerCase() }}\"],\n    \"customfield_10016\": \"{{ $json.incident.incidentId }}\"\n  }\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","authentication":"predefinedCredentialType","headerParameters":{"parameters":[{"name":"Content-Type","value":"application/json"}]},"nodeCredentialType":"jiraSoftwareCloudApi"},"credentials":{"jiraSoftwareCloudApi":{"id":"credential-id","name":"Jira SW Cloud account"}},"typeVersion":4.2,"continueOnFail":true},{"id":"8c38991d-dd66-4350-935e-a62599d387b9","name":"Build Final Incident Report","type":"n8n-nodes-base.code","position":[3216,600],"parameters":{"mode":"runOnceForEachItem","jsCode":"const data = $('Parse AI Assessment').item.json;\nconst slackResponse = $('Notify SOC Team on Slack').item.json;\nconst jiraResponse = $('Create Incident Ticket in Jira').item.json;\n\n// Extract Jira ticket key\nconst jiraTicketKey = jiraResponse?.key || jiraResponse?.id || 'TICKET_CREATION_FAILED';\nconst jiraTicketUrl = jiraResponse?.key\n  ? `https://YOUR_JIRA_DOMAIN.atlassian.net/browse/${jiraResponse.key}`\n  : null;\n\n// Containment summary\nconst containmentActions = [];\nif (data.responseDecision.autoContain) {\n  if (data.incident.sourceIP) containmentActions.push('IP blocked on firewall');\n  if (data.incident.affectedHost) containmentActions.push('Host isolated via EDR');\n  if (data.incident.affectedUser) containmentActions.push('User sessions revoked');\n}\n\nconst report = {\n  success: true,\n  incidentId: data.incident.incidentId,\n  severity: data.assessment.severity,\n  severityScore: data.assessment.severityScore,\n  confidence: data.assessment.confidence,\n  alertType: data.incident.alertType,\n  source: data.incident.source,\n  summary: data.assessment.summary,\n  affectedAssets: {\n    host: data.incident.affectedHost,\n    user: data.incident.affectedUser,\n    sourceIP: data.incident.sourceIP,\n    destinationIP: data.incident.destinationIP\n  },\n  threatIntelligence: {\n    compositeThreatScore: data.threatIntelligence.compositeThreatScore,\n    virusTotalMalicious: data.threatIntelligence.virusTotal.maliciousVotes,\n    abuseConfidenceScore: data.threatIntelligence.abuseIPDB.abuseConfidenceScore,\n    knownVulnerabilities: data.threatIntelligence.shodan.vulns\n  },\n  containment: {\n    autoContainmentExecuted: data.responseDecision.autoContain,\n    actionsExecuted: containmentActions\n  },\n  response: {\n    jiraTicket: jiraTicketKey,\n    jiraTicketUrl,\n    slackNotified: !slackResponse?.error,\n    notificationLevel: data.responseDecision.notifyLevel\n  },\n  playbook: data.assessment.recommendedPlaybook,\n  mitreTechniques: data.assessment.mitreTechniques,\n  iocList: data.assessment.iocList,\n  immediateActions: data.assessment.immediateActions,\n  investigationSteps: data.assessment.investigationSteps,\n  escalateToManagement: data.responseDecision.requiresEscalation,\n  requiresForensics: data.responseDecision.requiresForensics,\n  processedAt: new Date().toISOString()\n};\n\nreturn { json: report };"},"typeVersion":2},{"id":"2a25c98d-62f1-4622-ac2a-49d13d24e7f4","name":"Write Compliance Audit Log","type":"n8n-nodes-base.googleSheets","position":[3440,600],"parameters":{"columns":{"value":{},"schema":[],"mappingMode":"defineBelow","matchingColumns":[],"attemptToConvertTypes":false,"convertFieldsToString":false},"options":{},"operation":"append","sheetName":{"__rl":true,"mode":"id","value":"="},"documentId":{"__rl":true,"mode":"id","value":"="}},"credentials":{"googleSheetsOAuth2Api":{"id":"credential-id","name":"Google Sheets account"}},"typeVersion":4.5,"continueOnFail":true},{"id":"b1c1d7ae-abb6-43f1-a340-6f93f8223222","name":"Send Incident Response to Caller","type":"n8n-nodes-base.respondToWebhook","position":[3664,600],"parameters":{"options":{"responseHeaders":{"entries":[{"name":"Content-Type","value":"application/json"}]}},"respondWith":"json","responseBody":"={{ JSON.stringify($json, null, 2) }}"},"typeVersion":1}],"active":false,"pinData":{},"settings":{"executionOrder":"v1"},"versionId":"f722c8c5-0894-420a-9c28-2df92d606b75","connections":{"Claude AI Model":{"ai_languageModel":[[{"node":"Assess Severity with Claude AI","type":"ai_languageModel","index":0}]]},"Parse AI Assessment":{"main":[[{"node":"Check Severity for Auto-Containment","type":"main","index":0}]]},"Check IP on AbuseIPDB":{"main":[[{"node":"Merge Threat Intelligence","type":"main","index":1}]]},"Lookup Host on Shodan":{"main":[[{"node":"Merge Threat Intelligence","type":"main","index":1}]]},"Check IP on VirusTotal":{"main":[[{"node":"Merge Threat Intelligence","type":"main","index":0}]]},"Receive Security Alert":{"main":[[{"node":"Normalize and Validate Alert","type":"main","index":0}]]},"Combine Enrichment Data":{"main":[[{"node":"Assess Severity with Claude AI","type":"main","index":0}]]},"Notify SOC Team on Slack":{"main":[[{"node":"Build Final Incident Report","type":"main","index":0}]]},"Merge Threat Intelligence":{"main":[[{"node":"Combine Enrichment Data","type":"main","index":0}]]},"Write Compliance Audit Log":{"main":[[{"node":"Send Incident Response to Caller","type":"main","index":0}]]},"Build Final Incident Report":{"main":[[{"node":"Write Compliance Audit Log","type":"main","index":0}]]},"Normalize and Validate Alert":{"main":[[{"node":"Check IP on VirusTotal","type":"main","index":0},{"node":"Check IP on AbuseIPDB","type":"main","index":0},{"node":"Lookup Host on Shodan","type":"main","index":0}]]},"Isolate Affected Host via EDR":{"main":[[{"node":"Create Incident Ticket in Jira","type":"main","index":0}]]},"Assess Severity with Claude AI":{"main":[[{"node":"Parse AI Assessment","type":"main","index":0}]]},"Block Malicious IP on Firewall":{"main":[[{"node":"Notify SOC Team on Slack","type":"main","index":0}]]},"Create Incident Ticket in Jira":{"main":[[{"node":"Build Final Incident Report","type":"main","index":0}]]},"Revoke User Tokens and Sessions":{"main":[[{"node":"Create Incident Ticket in Jira","type":"main","index":0}]]},"Check Severity for Auto-Containment":{"main":[[{"node":"Block Malicious IP on Firewall","type":"main","index":0},{"node":"Isolate Affected Host via EDR","type":"main","index":0},{"node":"Revoke User Tokens and Sessions","type":"main","index":0}],[{"node":"Notify SOC Team on Slack","type":"main","index":0},{"node":"Create Incident Ticket in Jira","type":"main","index":0}]]}}},"lastUpdatedBy":1,"workflowInfo":{"nodeCount":24,"nodeTypes":{"n8n-nodes-base.if":{"count":1},"n8n-nodes-base.code":{"count":4},"n8n-nodes-base.merge":{"count":1},"n8n-nodes-base.webhook":{"count":1},"n8n-nodes-base.stickyNote":{"count":5},"n8n-nodes-base.httpRequest":{"count":8},"n8n-nodes-base.googleSheets":{"count":1},"@n8n/n8n-nodes-langchain.agent":{"count":1},"n8n-nodes-base.respondToWebhook":{"count":1},"@n8n/n8n-nodes-langchain.lmChatAnthropic":{"count":1}}},"status":"published","readyToDemo":null,"user":{"name":"Oneclick AI Squad","username":"oneclick-ai","bio":"The AI Squad Initiative is a pioneering effort to build, automate and scale AI-powered workflows using n8n.io. Our mission is to help individuals and businesses integrate AI agents seamlessly into their daily operations  from automating tasks and enhancing productivity to creating innovative, intelligent solutions. We design modular, reusable AI workflow templates that empower creators, developers and teams to supercharge their automation with minimal effort and maximum impact.","verified":true,"links":["https://www.oneclickitsolution.com/"],"avatar":"https://gravatar.com/avatar/848fca91367142f65f9e5c55d64e5c9952b160d7b060d103b52aa343c6bc7b3d?r=pg&d=retro&size=200"},"nodes":[{"id":18,"icon":"file:googleSheets.svg","name":"n8n-nodes-base.googleSheets","codex":{"data":{"alias":["CSV","Sheet","Spreadsheet","GS"],"resources":{"generic":[{"url":"https://n8n.io/blog/love-at-first-sight-ricardos-n8n-journey/","icon":"❤️","label":"Love at first sight: Ricardo’s n8n journey"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/supercharging-your-conference-registration-process-with-n8n/","icon":"🎫","label":"Supercharging your conference registration process with n8n"},{"url":"https://n8n.io/blog/creating-triggers-for-n8n-workflows-using-polling/","icon":"⏲","label":"Creating triggers for n8n workflows using polling"},{"url":"https://n8n.io/blog/no-code-ecommerce-workflow-automations/","icon":"store","label":"6 e-commerce workflows to power up your Shopify s"},{"url":"https://n8n.io/blog/migrating-community-metrics-to-orbit-using-n8n/","icon":"📈","label":"Migrating Community Metrics to Orbit using n8n"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/your-business-doesnt-need-you-to-operate/","icon":" 🖥️","label":"Hey founders! Your business doesn't need you to operate"},{"url":"https://n8n.io/blog/how-honest-burgers-use-automation-to-save-100k-per-year/","icon":"🍔","label":"How Honest Burgers Use Automation to Save $100k per year"},{"url":"https://n8n.io/blog/how-a-digital-strategist-uses-n8n-for-online-marketing/","icon":"💻","label":"How a digital strategist uses n8n for online marketing"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.googlesheets/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/google/oauth-single-service/"}]},"categories":["Data & Storage","Productivity"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"input\",\"output\"]","defaults":{"name":"Google Sheets"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2MCIgaGVpZ2h0PSI2MCI+PGcgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiPjxwYXRoIGZpbGw9IiMyOEI0NDYiIGQ9Ik0zNS42OSAxIDUyIDE3LjIyNXYzOS4wODdhMy42NyAzLjY3IDAgMCAxLTEuMDg0IDIuNjFBMy43IDMuNyAwIDAgMSA0OC4yOTMgNjBIMTIuNzA3YTMuNyAzLjcgMCAwIDEtMi42MjMtMS4wNzhBMy42NyAzLjY3IDAgMCAxIDkgNTYuMzEyVjQuNjg4YTMuNjcgMy42NyAwIDAgMSAxLjA4NC0yLjYxQTMuNyAzLjcgMCAwIDEgMTIuNzA3IDF6Ii8+PHBhdGggZmlsbD0iIzZBQ0U3QyIgZD0iTTM1LjY5IDEgNTIgMTcuMjI1SDM5LjM5N2MtMi4wNTQgMC0zLjcwNy0xLjgyOS0zLjcwNy0zLjg3MnoiLz48cGF0aCBmaWxsPSIjMjE5QjM4IiBkPSJNMzkuMjExIDE3LjIyNSA1MiAyMi40OHYtNS4yNTV6Ii8+PHBhdGggZmlsbD0iI0ZGRiIgZD0iTTIwLjEyIDMxLjk3NWMwLS44MTcuNjYyLTEuNDc1IDEuNDgzLTEuNDc1aDE3Ljc5NGMuODIxIDAgMS40ODIuNjU4IDEuNDgyIDEuNDc1djE1LjQ4N2MwIC44MTgtLjY2MSAxLjQ3NS0xLjQ4MiAxLjQ3NUgyMS42MDNhMS40NzYgMS40NzYgMCAwIDEtMS40ODItMS40NzRWMzEuOTc0em0yLjIyNSAxLjQ3NWg2LjY3MnYyLjIxMmgtNi42NzJ6bTAgNS4xNjJoNi42NzJ2Mi4yMTNoLTYuNjcyem0wIDUuMTYzaDYuNjcydjIuMjEyaC02LjY3MnptOS42MzgtMTAuMzI1aDYuNjcydjIuMjEyaC02LjY3MnptMCA1LjE2Mmg2LjY3MnYyLjIxM2gtNi42NzJ6bTAgNS4xNjNoNi42NzJ2Mi4yMTJoLTYuNjcyeiIvPjxwYXRoIGZpbGw9IiMyOEI0NDYiIGQ9Ik0zNC42OSAwIDUxIDE2LjIyNXYzOS4wODdhMy42NyAzLjY3IDAgMCAxLTEuMDg0IDIuNjFBMy43IDMuNyAwIDAgMSA0Ny4yOTMgNTlIMTEuNzA3YTMuNyAzLjcgMCAwIDEtMi42MjMtMS4wNzhBMy42NyAzLjY3IDAgMCAxIDggNTUuMzEyVjMuNjg4YTMuNjcgMy42NyAwIDAgMSAxLjA4NC0yLjYxQTMuNyAzLjcgMCAwIDEgMTEuNzA3IDB6Ii8+PHBhdGggZmlsbD0iIzZBQ0U3QyIgZD0iTTM0LjY5IDAgNTEgMTYuMjI1SDM4LjM5N2MtMi4wNTQgMC0zLjcwNy0xLjgyOS0zLjcwNy0zLjg3MnoiLz48cGF0aCBmaWxsPSIjMjE5QjM4IiBkPSJNMzguMjExIDE2LjIyNSA1MSAyMS40OHYtNS4yNTV6Ii8+PHBhdGggZmlsbD0iI0ZGRiIgZD0iTTE5LjEyIDMwLjk3NWMwLS44MTcuNjYyLTEuNDc1IDEuNDgzLTEuNDc1aDE3Ljc5NGMuODIxIDAgMS40ODIuNjU4IDEuNDgyIDEuNDc1djE1LjQ4N2MwIC44MTgtLjY2MSAxLjQ3NS0xLjQ4MiAxLjQ3NUgyMC42MDNhMS40NzYgMS40NzYgMCAwIDEtMS40ODItMS40NzRWMzAuOTc0em0yLjIyNSAxLjQ3NWg2LjY3MnYyLjIxMmgtNi42NzJ6bTAgNS4xNjJoNi42NzJ2Mi4yMTNoLTYuNjcyem0wIDUuMTYzaDYuNjcydjIuMjEyaC02LjY3MnptOS42MzgtMTAuMzI1aDYuNjcydjIuMjEyaC02LjY3MnptMCA1LjE2Mmg2LjY3MnYyLjIxM2gtNi42NzJ6bTAgNS4xNjNoNi42NzJ2Mi4yMTJoLTYuNjcyeiIvPjwvZz48L3N2Zz4="},"displayName":"Google Sheets","typeVersion":5,"nodeCategories":[{"id":3,"name":"Data & Storage"},{"id":4,"name":"Productivity"}]},{"id":19,"icon":"file:httprequest.svg","name":"n8n-nodes-base.httpRequest","codex":{"data":{"alias":["API","Request","URL","Build","cURL"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/automatically-pulling-and-visualizing-data-with-n8n/","icon":"📈","label":"Automatically pulling and visualizing data with n8n"},{"url":"https://n8n.io/blog/learn-how-to-automatically-cross-post-your-content-with-n8n/","icon":"✍️","label":"Learn how to automatically cross-post your content with n8n"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/what-are-apis-how-to-use-them-with-no-code/","icon":" 🪢","label":"What are APIs and how to use them with no code"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/world-poetry-day-workflow/","icon":"📜","label":"Celebrating World Poetry Day with a daily poem in Telegram"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/automate-designs-with-bannerbear-and-n8n/","icon":"🎨","label":"Automate Designs with Bannerbear and n8n"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/building-an-expense-tracking-app-in-10-minutes/","icon":"📱","label":"Building an expense tracking app in 10 minutes"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/how-to-use-the-http-request-node-the-swiss-army-knife-for-workflow-automation/","icon":"🧰","label":"How to use the HTTP Request Node - The Swiss Army Knife for Workflow Automation"},{"url":"https://n8n.io/blog/learn-how-to-use-webhooks-with-mattermost-slash-commands/","icon":"🦄","label":"Learn how to use webhooks with Mattermost slash commands"},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/a-low-code-bitcoin-ticker-built-with-questdb-and-n8n-io/","icon":"📈","label":"A low-code bitcoin ticker built with QuestDB and n8n.io"},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/automations-for-activists/","icon":"✨","label":"How Common Knowledge use workflow automation for activism"},{"url":"https://n8n.io/blog/creating-scheduled-text-affirmations-with-n8n/","icon":"🤟","label":"Creating scheduled text affirmations with n8n"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.httprequest/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"output\"]","defaults":{"name":"HTTP Request","color":"#0004F5"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHZpZXdCb3g9IjAgMCA0MCA0MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik00MCAyMEM0MCA4Ljk1MzE0IDMxLjA0NjkgMCAyMCAwQzguOTUzMTQgMCAwIDguOTUzMTQgMCAyMEMwIDMxLjA0NjkgOC45NTMxNCA0MCAyMCA0MEMzMS4wNDY5IDQwIDQwIDMxLjA0NjkgNDAgMjBaTTIwIDM2Ljk0NThDMTguODg1MiAzNi45NDU4IDE3LjEzNzggMzUuOTY3IDE1LjQ5OTggMzIuNjk4NUMxNC43OTY0IDMxLjI5MTggMTQuMTk2MSAyOS41NDMxIDEzLjc1MjYgMjcuNjg0N0gyNi4xODk4QzI1LjgwNDUgMjkuNTQwMyAyNS4yMDQ0IDMxLjI5MDEgMjQuNTAwMiAzMi42OTg1QzIyLjg2MjIgMzUuOTY3IDIxLjExNDggMzYuOTQ1OCAyMCAzNi45NDU4Wk0xMi45MDY0IDIwQzEyLjkwNjQgMjEuNjA5NyAxMy4wMDg3IDIzLjE2NCAxMy4yMDAzIDI0LjYzMDVIMjYuNzk5N0MyNi45OTEzIDIzLjE2NCAyNy4wOTM2IDIxLjYwOTcgMjcuMDkzNiAyMEMyNy4wOTM2IDE4LjM5MDMgMjYuOTkxMyAxNi44MzYgMjYuNzk5NyAxNS4zNjk1SDEzLjIwMDNDMTMuMDA4NyAxNi44MzYgMTIuOTA2NCAxOC4zOTAzIDEyLjkwNjQgMjBaTTIwIDMuMDU0MTlDMjEuMTE0OSAzLjA1NDE5IDIyLjg2MjIgNC4wMzA3OCAyNC41MDAxIDcuMzAwMzlDMjUuMjA2NiA4LjcxNDA4IDI1LjgwNzIgMTAuNDA2NyAyNi4xOTIgMTIuMzE1M0gxMy43NTAxQzE0LjE5MzMgMTAuNDA0NyAxNC43OTQyIDguNzEyNTQgMTUuNDk5OCA3LjMwMDY0QzE3LjEzNzcgNC4wMzA4MyAxOC44ODUxIDMuMDU0MTkgMjAgMy4wNTQxOVpNMzAuMTQ3OCAyMEMzMC4xNDc4IDE4LjQwOTkgMzAuMDU0MyAxNi44NjE3IDI5LjgyMjcgMTUuMzY5NUgzNi4zMDQyQzM2LjcyNTIgMTYuODQyIDM2Ljk0NTggMTguMzk2NCAzNi45NDU4IDIwQzM2Ljk0NTggMjEuNjAzNiAzNi43MjUyIDIzLjE1OCAzNi4zMDQyIDI0LjYzMDVIMjkuODIyN0MzMC4wNTQzIDIzLjEzODMgMzAuMTQ3OCAyMS41OTAxIDMwLjE0NzggMjBaTTI2LjI3NjcgNC4yNTUxMkMyNy42MzY1IDYuMzYwMTkgMjguNzExIDkuMTMyIDI5LjM3NzQgMTIuMzE1M0gzNS4xMDQ2QzMzLjI1MTEgOC42NjggMzAuMTA3IDUuNzgzNDYgMjYuMjc2NyA0LjI1NTEyWk0xMC42MjI2IDEyLjMxNTNINC44OTI5M0M2Ljc1MTQ3IDguNjY3ODQgOS44OTM1MSA1Ljc4MzQxIDEzLjcyMzIgNC4yNTUxM0MxMi4zNjM1IDYuMzYwMjEgMTEuMjg5IDkuMTMyMDEgMTAuNjIyNiAxMi4zMTUzWk0zLjA1NDE5IDIwQzMuMDU0MTkgMjEuNjAzIDMuMjc3NDMgMjMuMTU3NSAzLjY5NDg0IDI0LjYzMDVIMTAuMTIxN0M5Ljk0NjE5IDIzLjE0MiA5Ljg1MjIyIDIxLjU5NDMgOS44NTIyMiAyMEM5Ljg1MjIyIDE4LjQwNTcgOS45NDYxOSAxNi44NTggMTAuMTIxNyAxNS4zNjk1SDMuNjk0ODRDMy4yNzc0MyAxNi44NDI1IDMuMDU0MTkgMTguMzk3IDMuMDU0MTkgMjBaTTI2LjI3NjYgMzUuNzQyN0MyNy42MzY1IDMzLjYzOTMgMjguNzExIDMwLjg2OCAyOS4zNzc0IDI3LjY4NDdIMzUuMTA0NkMzMy4yNTEgMzEuMzMyMiAzMC4xMDY4IDM0LjIxNzkgMjYuMjc2NiAzNS43NDI3Wk0xMy43MjM0IDM1Ljc0MjdDOS44OTM2OSAzNC4yMTc5IDYuNzUxNTUgMzEuMzMyNCA0Ljg5MjkzIDI3LjY4NDdIMTAuNjIyNkMxMS4yODkgMzAuODY4IDEyLjM2MzUgMzMuNjM5MyAxMy43MjM0IDM1Ljc0MjdaIiBmaWxsPSIjM0E0MkU5Ii8+Cjwvc3ZnPgo="},"displayName":"HTTP Request","typeVersion":4,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":20,"icon":"fa:map-signs","name":"n8n-nodes-base.if","codex":{"data":{"alias":["Router","Filter","Condition","Logic","Boolean","Branch"],"details":"The IF node can be used to implement binary conditional logic in your workflow. You can set up one-to-many conditions to evaluate each item of data being inputted into the node. That data will either evaluate to TRUE or FALSE and route out of the node accordingly.\n\nThis node has multiple types of conditions: Bool, String, Number, and Date & Time.","resources":{"generic":[{"url":"https://n8n.io/blog/learn-to-automate-your-factorys-incident-reporting-a-step-by-step-guide/","icon":"🏭","label":"Learn to Automate Your Factory's Incident Reporting: A Step by Step Guide"},{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/create-a-toxic-language-detector-for-telegram/","icon":"🤬","label":"Create a toxic language detector for Telegram in 4 step"},{"url":"https://n8n.io/blog/no-code-ecommerce-workflow-automations/","icon":"store","label":"6 e-commerce workflows to power up your Shopify s"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/automate-your-data-processing-pipeline-in-9-steps-with-n8n/","icon":"⚙️","label":"Automate your data processing pipeline in 9 steps"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/automation-for-maintainers-of-open-source-projects/","icon":"🏷️","label":"How to automatically manage contributions to open-source projects"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/benefits-of-automation-and-n8n-an-interview-with-hubspots-hugh-durkin/","icon":"🎖","label":"Benefits of automation and n8n: An interview with HubSpot's Hugh Durkin"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.if/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow"]}}},"group":"[\"transform\"]","defaults":{"name":"If","color":"#408000"},"iconData":{"icon":"map-signs","type":"icon"},"displayName":"If","typeVersion":2,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":24,"icon":"file:merge.svg","name":"n8n-nodes-base.merge","codex":{"data":{"alias":["Join","Concatenate","Wait"],"resources":{"generic":[{"url":"https://n8n.io/blog/how-to-sync-data-between-two-systems/","icon":"🏬","label":"How to synchronize data between two systems (one-way vs. two-way sync"},{"url":"https://n8n.io/blog/supercharging-your-conference-registration-process-with-n8n/","icon":"🎫","label":"Supercharging your conference registration process with n8n"},{"url":"https://n8n.io/blog/migrating-community-metrics-to-orbit-using-n8n/","icon":"📈","label":"Migrating Community Metrics to Orbit using n8n"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.merge/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Merge"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTc3XzUxOCkiPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTAgNDhDMCAyMS40OTAzIDIxLjQ5MDMgMCA0OCAwSDExMkMxMzguNTEgMCAxNjAgMjEuNDkwMyAxNjAgNDhWNTZIMTk2LjI1MkMyNDAuNDM1IDU2IDI3Ni4yNTIgOTEuODE3MiAyNzYuMjUyIDEzNlYxOTJDMjc2LjI1MiAyMTQuMDkxIDI5NC4xNjEgMjMyIDMxNi4yNTIgMjMySDM1MlYyMjRDMzUyIDE5Ny40OSAzNzMuNDkgMTc2IDQwMCAxNzZINDY0QzQ5MC41MSAxNzYgNTEyIDE5Ny40OSA1MTIgMjI0VjI4OEM1MTIgMzE0LjUxIDQ5MC41MSAzMzYgNDY0IDMzNkg0MDBDMzczLjQ5IDMzNiAzNTIgMzE0LjUxIDM1MiAyODhWMjgwSDMxNi4yNTJDMjk0LjE2MSAyODAgMjc2LjI1MiAyOTcuOTA5IDI3Ni4yNTIgMzIwVjM3NkMyNzYuMjUyIDQyMC4xODMgMjQwLjQzNSA0NTYgMTk2LjI1MiA0NTZIMTYwVjQ2NEMxNjAgNDkwLjUxIDEzOC41MSA1MTIgMTEyIDUxMkg0OEMyMS40OTAzIDUxMiAwIDQ5MC41MSAwIDQ2NFY0MDBDMCAzNzMuNDkgMjEuNDkwMyAzNTIgNDggMzUySDExMkMxMzguNTEgMzUyIDE2MCAzNzMuNDkgMTYwIDQwMFY0MDhIMTk2LjI1MkMyMTMuOTI1IDQwOCAyMjguMjUyIDM5My42NzMgMjI4LjI1MiAzNzZWMzIwQzIyOC4yNTIgMjk0Ljc4NCAyMzguODU5IDI3Mi4wNDQgMjU1Ljg1MyAyNTZDMjM4Ljg1OSAyMzkuOTU2IDIyOC4yNTIgMjE3LjIxNiAyMjguMjUyIDE5MlYxMzZDMjI4LjI1MiAxMTguMzI3IDIxMy45MjUgMTA0IDE5Ni4yNTIgMTA0SDE2MFYxMTJDMTYwIDEzOC41MSAxMzguNTEgMTYwIDExMiAxNjBINDhDMjEuNDkwMyAxNjAgMCAxMzguNTEgMCAxMTJWNDhaTTEwNCA0OEMxMDguNDE4IDQ4IDExMiA1MS41ODE3IDExMiA1NlYxMDRDMTEyIDEwOC40MTggMTA4LjQxOCAxMTIgMTA0IDExMkg1NkM1MS41ODE3IDExMiA0OCAxMDguNDE4IDQ4IDEwNFY1NkM0OCA1MS41ODE3IDUxLjU4MTcgNDggNTYgNDhIMTA0Wk00NTYgMjI0QzQ2MC40MTggMjI0IDQ2NCAyMjcuNTgyIDQ2NCAyMzJWMjgwQzQ2NCAyODQuNDE4IDQ2MC40MTggMjg4IDQ1NiAyODhINDA4QzQwMy41ODIgMjg4IDQwMCAyODQuNDE4IDQwMCAyODBWMjMyQzQwMCAyMjcuNTgyIDQwMy41ODIgMjI0IDQwOCAyMjRINDU2Wk0xMTIgNDA4QzExMiA0MDMuNTgyIDEwOC40MTggNDAwIDEwNCA0MDBINTZDNTEuNTgxNyA0MDAgNDggNDAzLjU4MiA0OCA0MDhWNDU2QzQ4IDQ2MC40MTggNTEuNTgxNyA0NjQgNTYgNDY0SDEwNEMxMDguNDE4IDQ2NCAxMTIgNDYwLjQxOCAxMTIgNDU2VjQwOFoiIGZpbGw9IiM1NEI4QzkiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTc3XzUxOCI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Merge","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":47,"icon":"file:webhook.svg","name":"n8n-nodes-base.webhook","codex":{"data":{"alias":["HTTP","API","Build","WH"],"resources":{"generic":[{"url":"https://n8n.io/blog/learn-how-to-automatically-cross-post-your-content-with-n8n/","icon":"✍️","label":"Learn how to automatically cross-post your content with n8n"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/what-are-apis-how-to-use-them-with-no-code/","icon":" 🪢","label":"What are APIs and how to use them with no code"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/how-a-digital-strategist-uses-n8n-for-online-marketing/","icon":"💻","label":"How a digital strategist uses n8n for online marketing"},{"url":"https://n8n.io/blog/the-ultimate-guide-to-automate-your-video-collaboration-with-whereby-mattermost-and-n8n/","icon":"📹","label":"The ultimate guide to automate your video collaboration with Whereby, Mattermost, and n8n"},{"url":"https://n8n.io/blog/how-to-automatically-give-kudos-to-contributors-with-github-slack-and-n8n/","icon":"👏","label":"How to automatically give kudos to contributors with GitHub, Slack, and n8n"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/creating-custom-incident-response-workflows-with-n8n/","label":"How to automate every step of an incident response workflow"},{"url":"https://n8n.io/blog/learn-to-build-powerful-api-endpoints-using-webhooks/","icon":"🧰","label":"Learn to Build Powerful API Endpoints Using Webhooks"},{"url":"https://n8n.io/blog/learn-how-to-use-webhooks-with-mattermost-slash-commands/","icon":"🦄","label":"Learn how to use webhooks with Mattermost slash commands"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.webhook/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"trigger\"]","defaults":{"name":"Webhook"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0OCIgaGVpZ2h0PSI0OCI+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTM1IDM3Yy0yLjIgMC00LTEuOC00LTRzMS44LTQgNC00IDQgMS44IDQgNC0xLjggNC00IDQiLz48cGF0aCBmaWxsPSIjMzc0NzRmIiBkPSJNMzUgNDNjLTMgMC01LjktMS40LTcuOC0zLjdsMy4xLTIuNWMxLjEgMS40IDIuOSAyLjMgNC43IDIuMyAzLjMgMCA2LTIuNyA2LTZzLTIuNy02LTYtNmMtMSAwLTIgLjMtMi45LjdsLTEuNyAxTDIzLjMgMTZsMy41LTEuOSA1LjMgOS40YzEtLjMgMi0uNSAzLS41IDUuNSAwIDEwIDQuNSAxMCAxMFM0MC41IDQzIDM1IDQzIi8+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTE0IDQzQzguNSA0MyA0IDM4LjUgNCAzM2MwLTQuNiAzLjEtOC41IDcuNS05LjdsMSAzLjlDOS45IDI3LjkgOCAzMC4zIDggMzNjMCAzLjMgMi43IDYgNiA2czYtMi43IDYtNnYtMmgxNXY0SDIzLjhjLS45IDQuNi01IDgtOS44IDgiLz48cGF0aCBmaWxsPSIjZTkxZTYzIiBkPSJNMTQgMzdjLTIuMiAwLTQtMS44LTQtNHMxLjgtNCA0LTQgNCAxLjggNCA0LTEuOCA0LTQgNCIvPjxwYXRoIGZpbGw9IiMzNzQ3NGYiIGQ9Ik0yNSAxOWMtMi4yIDAtNC0xLjgtNC00czEuOC00IDQtNCA0IDEuOCA0IDQtMS44IDQtNCA0Ii8+PHBhdGggZmlsbD0iI2U5MWU2MyIgZD0ibTE1LjcgMzQtMy40LTIgNS45LTkuN2MtMi0xLjktMy4yLTQuNS0zLjItNy4zIDAtNS41IDQuNS0xMCAxMC0xMHMxMCA0LjUgMTAgMTBjMCAuOS0uMSAxLjctLjMgMi41bC0zLjktMWMuMS0uNS4yLTEgLjItMS41IDAtMy4zLTIuNy02LTYtNnMtNiAyLjctNiA2YzAgMi4xIDEuMSA0IDIuOSA1LjFsMS43IDF6Ii8+PC9zdmc+"},"displayName":"Webhook","typeVersion":2,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":535,"icon":"file:webhook.svg","name":"n8n-nodes-base.respondToWebhook","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.respondtowebhook/"}]},"categories":["Core Nodes","Utility"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"transform\"]","defaults":{"name":"Respond to Webhook"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0OCIgaGVpZ2h0PSI0OCI+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTM1IDM3Yy0yLjIgMC00LTEuOC00LTRzMS44LTQgNC00IDQgMS44IDQgNC0xLjggNC00IDQiLz48cGF0aCBmaWxsPSIjMzc0NzRmIiBkPSJNMzUgNDNjLTMgMC01LjktMS40LTcuOC0zLjdsMy4xLTIuNWMxLjEgMS40IDIuOSAyLjMgNC43IDIuMyAzLjMgMCA2LTIuNyA2LTZzLTIuNy02LTYtNmMtMSAwLTIgLjMtMi45LjdsLTEuNyAxTDIzLjMgMTZsMy41LTEuOSA1LjMgOS40YzEtLjMgMi0uNSAzLS41IDUuNSAwIDEwIDQuNSAxMCAxMFM0MC41IDQzIDM1IDQzIi8+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTE0IDQzQzguNSA0MyA0IDM4LjUgNCAzM2MwLTQuNiAzLjEtOC41IDcuNS05LjdsMSAzLjlDOS45IDI3LjkgOCAzMC4zIDggMzNjMCAzLjMgMi43IDYgNiA2czYtMi43IDYtNnYtMmgxNXY0SDIzLjhjLS45IDQuNi01IDgtOS44IDgiLz48cGF0aCBmaWxsPSIjZTkxZTYzIiBkPSJNMTQgMzdjLTIuMiAwLTQtMS44LTQtNHMxLjgtNCA0LTQgNCAxLjggNCA0LTEuOCA0LTQgNCIvPjxwYXRoIGZpbGw9IiMzNzQ3NGYiIGQ9Ik0yNSAxOWMtMi4yIDAtNC0xLjgtNC00czEuOC00IDQtNCA0IDEuOCA0IDQtMS44IDQtNCA0Ii8+PHBhdGggZmlsbD0iI2U5MWU2MyIgZD0ibTE1LjcgMzQtMy40LTIgNS45LTkuN2MtMi0xLjktMy4yLTQuNS0zLjItNy4zIDAtNS41IDQuNS0xMCAxMC0xMHMxMCA0LjUgMTAgMTBjMCAuOS0uMSAxLjctLjMgMi41bC0zLjktMWMuMS0uNS4yLTEgLjItMS41IDAtMy4zLTIuNy02LTYtNnMtNiAyLjctNiA2YzAgMi4xIDEuMSA0IDIuOSA1LjFsMS43IDF6Ii8+PC9zdmc+"},"displayName":"Respond to Webhook","typeVersion":2,"nodeCategories":[{"id":7,"name":"Utility"},{"id":9,"name":"Core Nodes"}]},{"id":565,"icon":"fa:sticky-note","name":"n8n-nodes-base.stickyNote","codex":{"data":{"alias":["Comments","Notes","Sticky"],"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"input\"]","defaults":{"name":"Sticky Note","color":"#FFD233"},"iconData":{"icon":"sticky-note","type":"icon"},"displayName":"Sticky Note","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":834,"icon":"file:code.svg","name":"n8n-nodes-base.code","codex":{"data":{"alias":["cpde","Javascript","JS","Python","Script","Custom Code","Function"],"details":"The Code node allows you to execute JavaScript in your workflow.","resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.code/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Code"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTcxXzQ0MSkiPgo8cGF0aCBkPSJNMTcwLjI4MyA0OEgxOTYuNUMyMDMuMTI3IDQ4IDIwOC41IDQyLjYyNzQgMjA4LjUgMzZWMTJDMjA4LjUgNS4zNzI1OCAyMDMuMTI3IDAgMTk2LjUgMEgxNzAuMjgzQzEyNi4xIDAgOTAuMjgzIDM1LjgxNzIgOTAuMjgzIDgwVjE3NkM5MC4yODMgMjA2LjkyOCA2NS4yMTA5IDIzMiAzNC4yODMgMjMySDIzQzE2LjM3MjYgMjMyIDExIDIzNy4zNzIgMTEgMjQ0VjI2OEMxMSAyNzQuNjI3IDE2LjM3MjQgMjgwIDIyLjk5OTYgMjgwTDM0LjI4MyAyODBDNjUuMjEwOSAyODAgOTAuMjgzIDMwNS4wNzIgOTAuMjgzIDMzNlY0NDBDOTAuMjgzIDQ3OS43NjQgMTIyLjUxOCA1MTIgMTYyLjI4MyA1MTJIMTk2LjVDMjAzLjEyNyA1MTIgMjA4LjUgNTA2LjYyNyAyMDguNSA1MDBWNDc2QzIwOC41IDQ2OS4zNzMgMjAzLjEyNyA0NjQgMTk2LjUgNDY0SDE2Mi4yODNDMTQ5LjAyOCA0NjQgMTM4LjI4MyA0NTMuMjU1IDEzOC4yODMgNDQwVjMzNkMxMzguMjgzIDMwOS4wMjIgMTI4LjAxMSAyODQuNDQzIDExMS4xNjQgMjY1Ljk2MUMxMDYuMTA5IDI2MC40MTYgMTA2LjEwOSAyNTEuNTg0IDExMS4xNjQgMjQ2LjAzOUMxMjguMDExIDIyNy41NTcgMTM4LjI4MyAyMDIuOTc4IDEzOC4yODMgMTc2VjgwQzEzOC4yODMgNjIuMzI2OSAxNTIuNjEgNDggMTcwLjI4MyA0OFoiIGZpbGw9IiNGRjk5MjIiLz4KPHBhdGggZD0iTTMwNSAzNkMzMDUgNDIuNjI3NCAzMTAuMzczIDQ4IDMxNyA0OEgzNDIuOTc5QzM2MC42NTIgNDggMzc0Ljk3OCA2Mi4zMjY5IDM3NC45NzggODBWMTc2QzM3NC45NzggMjAyLjk3OCAzODUuMjUxIDIyNy41NTcgNDAyLjA5OCAyNDYuMDM5QzQwNy4xNTMgMjUxLjU4NCA0MDcuMTUzIDI2MC40MTYgNDAyLjA5OCAyNjUuOTYxQzM4NS4yNTEgMjg0LjQ0MyAzNzQuOTc4IDMwOS4wMjIgMzc0Ljk3OCAzMzZWNDMyQzM3NC45NzggNDQ5LjY3MyAzNjAuNjUyIDQ2NCAzNDIuOTc5IDQ2NEgzMTdDMzEwLjM3MyA0NjQgMzA1IDQ2OS4zNzMgMzA1IDQ3NlY1MDBDMzA1IDUwNi42MjcgMzEwLjM3MyA1MTIgMzE3IDUxMkgzNDIuOTc5QzM4Ny4xNjEgNTEyIDQyMi45NzggNDc2LjE4MyA0MjIuOTc4IDQzMlYzMzZDNDIyLjk3OCAzMDUuMDcyIDQ0OC4wNTEgMjgwIDQ3OC45NzkgMjgwSDQ5MEM0OTYuNjI3IDI4MCA1MDIgMjc0LjYyOCA1MDIgMjY4VjI0NEM1MDIgMjM3LjM3MyA0OTYuNjI4IDIzMiA0OTAgMjMyTDQ3OC45NzkgMjMyQzQ0OC4wNTEgMjMyIDQyMi45NzggMjA2LjkyOCA0MjIuOTc4IDE3NlY4MEM0MjIuOTc4IDM1LjgxNzIgMzg3LjE2MSAwIDM0Mi45NzkgMEgzMTdDMzEwLjM3MyAwIDMwNSA1LjM3MjU4IDMwNSAxMlYzNloiIGZpbGw9IiNGRjk5MjIiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTcxXzQ0MSI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Code","typeVersion":2,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":1119,"icon":"fa:robot","name":"@n8n/n8n-nodes-langchain.agent","codex":{"data":{"alias":["LangChain","Chat","Conversational","Plan and Execute","ReAct","Tools"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/root-nodes/n8n-nodes-langchain.agent/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Agents","Root Nodes"]}}},"group":"[\"transform\"]","defaults":{"name":"AI Agent","color":"#404040"},"iconData":{"icon":"robot","type":"icon"},"displayName":"AI Agent","typeVersion":3,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1145,"icon":"file:anthropic.svg","name":"@n8n/n8n-nodes-langchain.lmChatAnthropic","codex":{"data":{"alias":["claude","sonnet","opus"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.lmchatanthropic/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Language Models","Root Nodes"],"Language Models":["Chat Models (Recommended)"]}}},"group":"[\"transform\"]","defaults":{"name":"Anthropic Chat Model"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0NiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iIzdEN0Q4NyIgZD0iTTMyLjczIDBoLTYuOTQ1TDM4LjQ1IDMyaDYuOTQ1ek0xMi42NjUgMCAwIDMyaDcuMDgybDIuNTktNi43MmgxMy4yNWwyLjU5IDYuNzJoNy4wODJMMTkuOTI5IDB6bS0uNzAyIDE5LjMzNyA0LjMzNC0xMS4yNDYgNC4zMzQgMTEuMjQ2eiIvPjwvc3ZnPg=="},"displayName":"Anthropic Chat Model","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]}],"categories":[{"id":29,"name":"SecOps"},{"id":49,"name":"AI Summarization"}],"image":[]}}