{"workflow":{"id":13692,"name":"Monitor zero-day threats with Anthropic Claude, Airtable, Slack and Jira","views":189,"recentViews":1,"totalViews":189,"createdAt":"2026-02-25T08:16:19.701Z","description":"This workflow continuously monitors CVE databases, threat intelligence feeds, and public security advisories to surface emerging zero-day threats, correlates them against your registered infrastructure assets and software inventory, and uses Claude AI to score exploitability, assess business impact, and generate actionable remediation playbooks — all before attackers can operationalise the vulnerability.\n\n### How it works\n\n1. **Trigger** — Hourly schedule or on-demand webhook for immediate threat scans\n2. **Load Asset Inventory** — Fetches registered infrastructure (IPs, hostnames, software, versions) from Airtable\n3. **Scrape CVE Sources** — Queries NVD API, CISA KEV, and GitHub Security Advisories in parallel\n4. **Fetch Threat Feeds** — Pulls OSINT feeds (AlienVault OTX, abuse.ch, Shodan) for active exploitation signals\n5. **Normalise & Deduplicate** — Merges all findings, deduplicates by CVE ID, enriches with CVSS scores\n6. **Correlate with Assets** — Matches CVEs to your specific software/version inventory\n7. **AI Threat Assessment** — Claude AI scores exploitability, blast radius, and urgency per matched threat\n8. **Filter Critical Findings** — Keeps only threats scoring above configurable risk threshold\n9. **Route by Severity** — Branches CRITICAL / HIGH / MEDIUM for different response paths\n10. **Alert SOC via Slack** — Immediate notification with threat summary and patch status\n11. **Create Incident Tickets** — Auto-opens Jira/ServiceNow issues for CRITICAL and HIGH threats\n12. **Email Security Team** — Detailed HTML threat brief with CVE details and remediation steps\n13. **Update Threat Register** — Appends findings to Google Sheets threat intelligence log\n14. **Trigger Patch Workflow** — Webhooks downstream patch management system for auto-remediation\n15. **Return API Response** — Structured JSON result for SIEM/SOAR integration\n\n### Setup Steps\n\n1. Import workflow into n8n\n2. Configure credentials:\n   - **Anthropic API** — Claude AI for threat assessment\n   - **NVD API Key** — NIST National Vulnerability Database\n   - **CISA KEV** — Known Exploited Vulnerabilities catalogue (public)\n   - **AlienVault OTX API** — Open Threat Exchange pulses\n   - **Shodan API** — Internet exposure checks\n   - **Airtable** — Asset/software inventory\n   - **Google Sheets OAuth** — Threat intelligence log\n   - **Slack OAuth** — SOC alerts\n   - **Jira API** — Incident ticket creation\n   - **SendGrid / SMTP** — Security team email digests\n3. Register your asset inventory in Airtable (hostnames, IPs, software, versions)\n4. Set your risk score threshold (default: 65) in the filter node\n5. Set your Slack SOC channel IDs\n6. Configure downstream patch webhook URL\n7. Activate the workflow\n\n### Sample Webhook Payload (On-Demand Scan)\n```json\n{\n  \"scanType\": \"targeted\",\n  \"software\": \"Apache HTTP Server\",\n  \"version\": \"2.4.51\",\n  \"urgency\": \"high\",\n  \"requestedBy\": \"soc-analyst@company.com\"\n}\n```\n\n### Threat Sources Monitored\n- **NVD (NIST)** — Full CVE database with CVSS v3.1 scores\n- **CISA KEV** — Actively exploited vulnerabilities catalogue\n- **GitHub Security Advisories** — Open source dependency vulnerabilities\n- **AlienVault OTX** — Community threat intelligence pulses\n- **abuse.ch URLhaus** — Malware distribution and C2 URLs\n- **Shodan** — Internet-exposed asset enumeration\n- **EPSS** — Exploit Prediction Scoring System probabilities\n\n### AI Assessment Dimensions\n- **CVSS Score** — Base, temporal, and environmental scoring\n- **EPSS Probability** — Likelihood of exploitation in the wild\n- **Asset Exposure** — Internal vs external facing, attack surface\n- **Patch Availability** — Vendor patch, workaround, or no fix status\n- **Active Exploitation** — CISA KEV / OTX confirmation\n- **Business Impact** — Confidentiality, integrity, availability impact\n- **Blast Radius** — Number of affected assets and systems\n- **Urgency Score** — Composite prioritisation score (0–100)\n\n### Features\n- Multi-source CVE aggregation with deduplication\n- Asset correlation against software/version inventory\n- EPSS-weighted AI exploitability scoring\n- Automated CRITICAL/HIGH/MEDIUM severity routing\n- Jira ticket creation with full CVE context\n- Patch management webhook integration\n- Full threat intelligence audit log\n- SIEM/SOAR-ready JSON output\n\n\n**Explore More Automation:**  \n[Contact us](https://www.oneclickitsolution.com/contact-us/) to design AI-powered lead nurturing, content engagement, and multi-platform reply workflows tailored to your growth strategy.","workflow":{"id":"JPbwQJMuUKgxecyr","meta":{"instanceId":"dd69efaf8212c74ad206700d104739d3329588a6f3f8381a46a481f34c9cc281","templateCredsSetupCompleted":true},"name":"AI Zero-Day Threat Intelligence Monitor","tags":[],"nodes":[{"id":"ef9931f7-9320-43de-9bab-be44eac1aa83","name":"Sticky Note","type":"n8n-nodes-base.stickyNote","position":[0,-224],"parameters":{"width":1000,"height":1984,"content":"## AI Zero-Day Threat Intelligence Monitor\n\nThis workflow continuously monitors CVE databases, threat intelligence feeds, and public security advisories to surface emerging zero-day threats, correlates them against your registered infrastructure assets and software inventory, and uses Claude AI to score exploitability, assess business impact, and generate actionable remediation playbooks — all before attackers can operationalise the vulnerability.\n\n### How it works\n\n1. **Trigger** — Hourly schedule or on-demand webhook for immediate threat scans\n2. **Load Asset Inventory** — Fetches registered infrastructure (IPs, hostnames, software, versions) from Airtable\n3. **Scrape CVE Sources** — Queries NVD API, CISA KEV, and GitHub Security Advisories in parallel\n4. **Fetch Threat Feeds** — Pulls OSINT feeds (AlienVault OTX, abuse.ch, Shodan) for active exploitation signals\n5. **Normalise & Deduplicate** — Merges all findings, deduplicates by CVE ID, enriches with CVSS scores\n6. **Correlate with Assets** — Matches CVEs to your specific software/version inventory\n7. **AI Threat Assessment** — Claude AI scores exploitability, blast radius, and urgency per matched threat\n8. **Filter Critical Findings** — Keeps only threats scoring above configurable risk threshold\n9. **Route by Severity** — Branches CRITICAL / HIGH / MEDIUM for different response paths\n10. **Alert SOC via Slack** — Immediate notification with threat summary and patch status\n11. **Create Incident Tickets** — Auto-opens Jira/ServiceNow issues for CRITICAL and HIGH threats\n12. **Email Security Team** — Detailed HTML threat brief with CVE details and remediation steps\n13. **Update Threat Register** — Appends findings to Google Sheets threat intelligence log\n14. **Trigger Patch Workflow** — Webhooks downstream patch management system for auto-remediation\n15. **Return API Response** — Structured JSON result for SIEM/SOAR integration\n\n### Setup Steps\n\n1. Import workflow into n8n\n2. Configure credentials:\n   - **Anthropic API** — Claude AI for threat assessment\n   - **NVD API Key** — NIST National Vulnerability Database\n   - **CISA KEV** — Known Exploited Vulnerabilities catalogue (public)\n   - **AlienVault OTX API** — Open Threat Exchange pulses\n   - **Shodan API** — Internet exposure checks\n   - **Airtable** — Asset/software inventory\n   - **Google Sheets OAuth** — Threat intelligence log\n   - **Slack OAuth** — SOC alerts\n   - **Jira API** — Incident ticket creation\n   - **SendGrid / SMTP** — Security team email digests\n3. Register your asset inventory in Airtable (hostnames, IPs, software, versions)\n4. Set your risk score threshold (default: 65) in the filter node\n5. Set your Slack SOC channel IDs\n6. Configure downstream patch webhook URL\n7. Activate the workflow\n\n### Sample Webhook Payload (On-Demand Scan)\n```json\n{\n  \"scanType\": \"targeted\",\n  \"software\": \"Apache HTTP Server\",\n  \"version\": \"2.4.51\",\n  \"urgency\": \"high\",\n  \"requestedBy\": \"soc-analyst@company.com\"\n}\n```\n\n### Threat Sources Monitored\n- **NVD (NIST)** — Full CVE database with CVSS v3.1 scores\n- **CISA KEV** — Actively exploited vulnerabilities catalogue\n- **GitHub Security Advisories** — Open source dependency vulnerabilities\n- **AlienVault OTX** — Community threat intelligence pulses\n- **abuse.ch URLhaus** — Malware distribution and C2 URLs\n- **Shodan** — Internet-exposed asset enumeration\n- **EPSS** — Exploit Prediction Scoring System probabilities\n\n### AI Assessment Dimensions\n- **CVSS Score** — Base, temporal, and environmental scoring\n- **EPSS Probability** — Likelihood of exploitation in the wild\n- **Asset Exposure** — Internal vs external facing, attack surface\n- **Patch Availability** — Vendor patch, workaround, or no fix status\n- **Active Exploitation** — CISA KEV / OTX confirmation\n- **Business Impact** — Confidentiality, integrity, availability impact\n- **Blast Radius** — Number of affected assets and systems\n- **Urgency Score** — Composite prioritisation score (0–100)\n\n### Features\n- Multi-source CVE aggregation with deduplication\n- Asset correlation against software/version inventory\n- EPSS-weighted AI exploitability scoring\n- Automated CRITICAL/HIGH/MEDIUM severity routing\n- Jira ticket creation with full CVE context\n- Patch management webhook integration\n- Full threat intelligence audit log\n- SIEM/SOAR-ready JSON output\n\n---\n\n**Explore More Automation:**  \n[Contact us](https://www.oneclickitsolution.com/contact-us/) to design AI-powered lead nurturing, content engagement, and multi-platform reply workflows tailored to your growth strategy."},"typeVersion":1},{"id":"fd75b7f9-7c5e-4160-93c7-d5a97b9f0a0c","name":"Sticky Note1","type":"n8n-nodes-base.stickyNote","position":[1056,640],"parameters":{"color":4,"width":500,"height":552,"content":"## 1. Trigger & Asset Inventory Load\n### Hourly Schedule · On-Demand Webhook · Airtable Asset Pull"},"typeVersion":1},{"id":"841206c3-7598-47c9-b1e1-15b6c50f5b23","name":"Sticky Note2","type":"n8n-nodes-base.stickyNote","position":[1584,384],"parameters":{"color":4,"width":820,"height":1068,"content":"## 2. Multi-Source Threat Intelligence Collection\n### NVD · CISA KEV · GitHub Advisories · AlienVault OTX · EPSS · Shodan"},"typeVersion":1},{"id":"66a4f898-f60e-4efc-9912-33bbe506c113","name":"Sticky Note3","type":"n8n-nodes-base.stickyNote","position":[2448,784],"parameters":{"color":4,"width":796,"height":464,"content":"## 3. Normalisation · Asset Correlation · Claude AI Threat Scoring"},"typeVersion":1},{"id":"e66d305b-a04d-4e78-8cf4-23cbdf4b409a","name":"Sticky Note4","type":"n8n-nodes-base.stickyNote","position":[3312,496],"parameters":{"color":4,"width":1548,"height":852,"content":"## 4. Severity Routing · SOC Alerts · Jira Tickets · Patch Trigger · Threat Log"},"typeVersion":1},{"id":"839596de-1cc8-45b8-94ea-a561f053db46","name":"On-Demand Scan Webhook","type":"n8n-nodes-base.webhook","position":[1184,832],"webhookId":"zero-day-threat-monitor-webhook","parameters":{"path":"scan-threats","options":{"allowedOrigins":"*"},"httpMethod":"POST","responseMode":"responseNode"},"typeVersion":2},{"id":"2130e835-8065-422a-83e7-3d4bb76f9da5","name":"Hourly Threat Scan Schedule","type":"n8n-nodes-base.scheduleTrigger","position":[1184,1024],"parameters":{"rule":{"interval":[{"field":"cronExpression","expression":"0 * * * *"}]}},"typeVersion":1.2},{"id":"72d60fee-69c2-4697-86c2-fd0024aba31e","name":"Load Asset & Software Inventory","type":"n8n-nodes-base.airtable","position":[1408,928],"parameters":{"base":{"__rl":true,"mode":"id","value":"="},"table":{"__rl":true,"mode":"id","value":"="},"options":{},"operation":"search","filterByFormula":"AND({Status} = 'Active', {Monitor} = TRUE())"},"credentials":{"airtableTokenApi":{"id":"credential-id","name":"Airtable - test"}},"typeVersion":2.1,"continueOnFail":true},{"id":"e54cb6da-9dec-4332-bf4b-9a49564e9e12","name":"Build Scan Context & Search Terms","type":"n8n-nodes-base.code","position":[1632,928],"parameters":{"jsCode":"const allItems = $input.all();\nconst webhookBody = allItems[0]?.json?.body || allItems[0]?.json || {};\nconst isWebhook = !!(webhookBody.scanType || webhookBody.software);\n\n// Build asset inventory from Airtable\nconst assets = allItems\n  .filter(i => i.json.fields?.['Asset ID'])\n  .map(i => {\n    const f = i.json.fields;\n    return {\n      assetId: f['Asset ID'],\n      hostname: f['Hostname'] || '',\n      ipAddress: f['IP Address'] || '',\n      assetType: f['Asset Type'] || 'Server',\n      os: f['Operating System'] || '',\n      osVersion: f['OS Version'] || '',\n      software: (f['Software'] || '').split(',').map(s => s.trim()).filter(Boolean),\n      softwareVersion: (f['Software Version'] || '').split(',').map(s => s.trim()).filter(Boolean),\n      vendor: f['Vendor'] || '',\n      environment: f['Environment'] || 'Production',\n      internetFacing: f['Internet Facing'] === true || f['Internet Facing'] === 'Yes',\n      criticality: f['Criticality'] || 'MEDIUM',\n      owner: f['Owner'] || '',\n      lastPatched: f['Last Patched'] || null\n    };\n  });\n\n// Demo assets if none loaded\nconst demoAssets = assets.length > 0 ? assets : [\n  { assetId: 'ASSET-001', hostname: 'web-prod-01', ipAddress: '203.0.113.10', assetType: 'Web Server', os: 'Ubuntu', osVersion: '22.04', software: ['Apache HTTP Server', 'OpenSSL', 'PHP'], softwareVersion: ['2.4.54', '3.0.2', '8.1.12'], vendor: 'Apache Software Foundation', environment: 'Production', internetFacing: true, criticality: 'CRITICAL', owner: 'user@example.com', lastPatched: '2024-11-01' },\n  { assetId: 'ASSET-002', hostname: 'db-prod-01', ipAddress: '10.0.1.5', assetType: 'Database Server', os: 'CentOS', osVersion: '7.9', software: ['MySQL', 'OpenSSH'], softwareVersion: ['8.0.31', '7.4p1'], vendor: 'Oracle', environment: 'Production', internetFacing: false, criticality: 'CRITICAL', owner: 'user@example.com', lastPatched: '2024-10-15' },\n  { assetId: 'ASSET-003', hostname: 'k8s-master-01', ipAddress: '10.0.2.1', assetType: 'Container Orchestrator', os: 'Ubuntu', osVersion: '20.04', software: ['Kubernetes', 'Docker', 'containerd'], softwareVersion: ['1.26.0', '24.0.5', '1.6.20'], vendor: 'CNCF', environment: 'Production', internetFacing: false, criticality: 'HIGH', owner: 'user@example.com', lastPatched: '2024-09-20' },\n  { assetId: 'ASSET-004', hostname: 'vpn-gateway-01', ipAddress: '203.0.113.20', assetType: 'Network Appliance', os: 'FortiOS', osVersion: '7.2.4', software: ['FortiGate', 'FortiSSL'], softwareVersion: ['7.2.4', '7.2.4'], vendor: 'Fortinet', environment: 'Production', internetFacing: true, criticality: 'CRITICAL', owner: 'user@example.com', lastPatched: '2024-08-30' }\n];\n\nconst finalAssets = demoAssets;\n\n// Build search terms from asset inventory\nconst searchTerms = [];\nfor (const asset of finalAssets) {\n  searchTerms.push(asset.os + ' ' + asset.osVersion);\n  for (let i = 0; i < asset.software.length; i++) {\n    searchTerms.push(asset.software[i]);\n    if (asset.softwareVersion[i]) searchTerms.push(asset.software[i] + ' ' + asset.softwareVersion[i]);\n  }\n}\nconst uniqueTerms = [...new Set(searchTerms.filter(Boolean))];\n\n// Also include webhook-specified software if provided\nif (isWebhook && webhookBody.software) {\n  uniqueTerms.unshift(webhookBody.software + (webhookBody.version ? ' ' + webhookBody.version : ''));\n}\n\nconst scanRunId = `SCAN-${Date.now()}-${Math.random().toString(36).substr(2,5).toUpperCase()}`;\n\nreturn [{\n  json: {\n    assets: finalAssets,\n    searchTerms: uniqueTerms.slice(0, 20),\n    scanRunId,\n    scanType: isWebhook ? (webhookBody.scanType || 'targeted') : 'scheduled',\n    requestedBy: webhookBody.requestedBy || 'system',\n    scanStartedAt: new Date().toISOString()\n  }\n}];"},"typeVersion":2},{"id":"2106a468-24a6-46dc-adfe-ef9afce7bcc3","name":"Query NVD CVE Database","type":"n8n-nodes-base.httpRequest","position":[1856,512],"parameters":{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0","options":{"timeout":20000},"sendQuery":true,"sendHeaders":true,"queryParameters":{"parameters":[{"name":"keywordSearch","value":"={{ $json.searchTerms.slice(0,3).join(' OR ') }}"},{"name":"pubStartDate","value":"={{ new Date(Date.now() - 72*60*60*1000).toISOString().split('.')[0] + '+00:00' }}"},{"name":"cvssV3Severity","value":"HIGH,CRITICAL"},{"name":"resultsPerPage","value":"50"}]},"headerParameters":{"parameters":[{"name":"apiKey","value":"YOUR_NVD_API_KEY"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"af006cc1-356d-4673-853e-eac2332ff6ea","name":"Fetch CISA Known Exploited Vulns","type":"n8n-nodes-base.httpRequest","position":[1856,704],"parameters":{"url":"https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json","options":{"timeout":15000}},"typeVersion":4.2,"continueOnFail":true},{"id":"7862a1df-aef9-4898-ad4e-487910472c8e","name":"Query GitHub Security Advisories","type":"n8n-nodes-base.httpRequest","position":[1856,896],"parameters":{"url":"https://api.github.com/advisories","options":{"timeout":15000},"sendQuery":true,"sendHeaders":true,"queryParameters":{"parameters":[{"name":"severity","value":"critical,high"},{"name":"per_page","value":"50"},{"name":"published","value":"={{ '>' + new Date(Date.now() - 72*60*60*1000).toISOString().split('T')[0] }}"}]},"headerParameters":{"parameters":[{"name":"Accept","value":"application/vnd.github+json"},{"name":"X-GitHub-Api-Version","value":"2022-11-28"},{"name":"Authorization","value":"Bearer YOUR_TOKEN_HERE"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"bd982345-90b4-49f1-85a3-d98ac21b8239","name":"Fetch AlienVault OTX Pulses","type":"n8n-nodes-base.httpRequest","position":[1856,1088],"parameters":{"url":"https://otx.alienvault.com/api/v1/pulses/subscribed","options":{"timeout":15000},"sendQuery":true,"sendHeaders":true,"queryParameters":{"parameters":[{"name":"limit","value":"25"},{"name":"modified_since","value":"={{ new Date(Date.now() - 24*60*60*1000).toISOString() }}"}]},"headerParameters":{"parameters":[{"name":"X-OTX-API-KEY","value":"YOUR_OTX_API_KEY"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"3f6e6c47-bf5b-4e3b-95b9-d4f6dc8bf96a","name":"Fetch EPSS Exploit Probability Scores","type":"n8n-nodes-base.httpRequest","position":[1856,1280],"parameters":{"url":"https://api.first.org/data/v1/epss","options":{"timeout":12000},"sendQuery":true,"queryParameters":{"parameters":[{"name":"order","value":"!epss"},{"name":"limit","value":"100"},{"name":"epss-gt","value":"0.5"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"766d13c2-b4ff-468a-b835-9cc2e898373c","name":"Merge All Threat Feed Results","type":"n8n-nodes-base.merge","position":[2080,896],"parameters":{"mode":"mergeByPosition"},"typeVersion":3},{"id":"ff28594d-6674-47fc-a179-7177ec5529ad","name":"Normalise, Deduplicate & Correlate","type":"n8n-nodes-base.code","position":[2304,896],"parameters":{"jsCode":"const items = $input.all();\nconst scanContext = $('Build Scan Context & Search Terms').first().json;\nconst { assets, searchTerms, scanRunId } = scanContext;\n\n// ── Parse NVD Results ──\nconst nvdRaw = $('Query NVD CVE Database').first()?.json || {};\nconst nvdCVEs = (nvdRaw.vulnerabilities || []).map(v => {\n  const cve = v.cve || {};\n  const metrics = cve.metrics?.cvssMetricV31?.[0] || cve.metrics?.cvssMetricV30?.[0] || {};\n  const cvssData = metrics.cvssData || {};\n  return {\n    cveId: cve.id || '',\n    source: 'NVD',\n    description: cve.descriptions?.find(d => d.lang === 'en')?.value || '',\n    cvssScore: cvssData.baseScore || 0,\n    cvssVector: cvssData.vectorString || '',\n    severity: cvssData.baseSeverity || metrics.baseSeverity || 'UNKNOWN',\n    publishedDate: cve.published || '',\n    lastModified: cve.lastModified || '',\n    affectedProducts: (cve.configurations || []).flatMap(c =>\n      c.nodes?.flatMap(n => n.cpeMatch?.map(m => m.criteria) || []) || []\n    ).slice(0, 10),\n    references: (cve.references || []).map(r => r.url).slice(0, 3),\n    patchAvailable: (cve.references || []).some(r => r.tags?.includes('Patch') || r.tags?.includes('Vendor Advisory')),\n    cisaKev: false,\n    epssScore: null\n  };\n});\n\n// ── Parse CISA KEV ──\nconst cisaRaw = $('Fetch CISA Known Exploited Vulns').first()?.json || {};\nconst kevSet = new Set();\nconst kevDetails = {};\nfor (const v of (cisaRaw.vulnerabilities || [])) {\n  kevSet.add(v.cveID);\n  kevDetails[v.cveID] = {\n    vendorProject: v.vendorProject,\n    product: v.product,\n    vulnerabilityName: v.vulnerabilityName,\n    dateAdded: v.dateAdded,\n    requiredAction: v.requiredAction,\n    dueDate: v.dueDate\n  };\n}\n\n// ── Parse GitHub Advisories ──\nconst ghRaw = $('Query GitHub Security Advisories').first()?.json || [];\nconst ghCVEs = (Array.isArray(ghRaw) ? ghRaw : []).map(a => ({\n  cveId: a.cve_id || a.ghsa_id || '',\n  source: 'GitHub',\n  description: a.summary || a.description || '',\n  cvssScore: a.cvss?.score || 0,\n  cvssVector: a.cvss?.vector_string || '',\n  severity: (a.severity || 'UNKNOWN').toUpperCase(),\n  publishedDate: a.published_at || '',\n  lastModified: a.updated_at || '',\n  affectedProducts: (a.vulnerabilities || []).map(v => `${v.package?.ecosystem}:${v.package?.name}@${v.vulnerable_version_range}`).slice(0, 5),\n  references: [a.html_url || ''].filter(Boolean),\n  patchAvailable: !!(a.vulnerabilities?.[0]?.patched_versions),\n  cisaKev: false,\n  epssScore: null\n}));\n\n// ── Parse EPSS Scores ──\nconst epssRaw = $('Fetch EPSS Exploit Probability Scores').first()?.json || {};\nconst epssMap = {};\nfor (const e of (epssRaw.data || [])) {\n  epssMap[e.cve] = parseFloat(e.epss);\n}\n\n// ── Parse OTX Pulses for CVE mentions ──\nconst otxRaw = $('Fetch AlienVault OTX Pulses').first()?.json || {};\nconst otxCveIds = new Set();\nfor (const pulse of (otxRaw.results || [])) {\n  for (const tag of (pulse.tags || [])) {\n    if (/CVE-\\d{4}-\\d{4,}/i.test(tag)) otxCveIds.add(tag.toUpperCase());\n  }\n  const cveRefs = (pulse.references || []).filter(r => /CVE-\\d{4}-\\d{4,}/i.test(r));\n  for (const r of cveRefs) {\n    const m = r.match(/CVE-\\d{4}-\\d{4,}/i);\n    if (m) otxCveIds.add(m[0].toUpperCase());\n  }\n}\n\n// ── Merge & Deduplicate ──\nconst allCVEs = [...nvdCVEs, ...ghCVEs];\nconst cveMap = {};\nfor (const cve of allCVEs) {\n  if (!cve.cveId) continue;\n  const id = cve.cveId.toUpperCase();\n  if (!cveMap[id] || (cve.cvssScore > (cveMap[id].cvssScore || 0))) {\n    cveMap[id] = {\n      ...cve,\n      cveId: id,\n      cisaKev: kevSet.has(id),\n      kevDetails: kevDetails[id] || null,\n      epssScore: epssMap[id] || null,\n      activelyExploited: kevSet.has(id) || otxCveIds.has(id),\n      otxMentioned: otxCveIds.has(id)\n    };\n  }\n}\n\n// Add high-EPSS CVEs not yet in map\nfor (const [cveId, epss] of Object.entries(epssMap)) {\n  if (!cveMap[cveId] && epss > 0.7) {\n    cveMap[cveId] = {\n      cveId, source: 'EPSS', description: 'High exploit probability — check NVD for details',\n      cvssScore: 0, severity: 'UNKNOWN', publishedDate: '', affectedProducts: [],\n      references: [`https://nvd.nist.gov/vuln/detail/${cveId}`],\n      patchAvailable: false, cisaKev: kevSet.has(cveId),\n      kevDetails: kevDetails[cveId] || null,\n      epssScore: epss, activelyExploited: kevSet.has(cveId) || otxCveIds.has(cveId), otxMentioned: otxCveIds.has(cveId)\n    };\n  }\n}\n\n// ── Asset Correlation ──\nconst softwareKeywords = assets.flatMap(a => [\n  ...a.software.map(s => s.toLowerCase()),\n  a.os.toLowerCase(),\n  a.vendor.toLowerCase()\n].filter(Boolean));\n\nconst correlatedThreats = [];\nfor (const cve of Object.values(cveMap)) {\n  // Match CVE to assets\n  const matchedAssets = [];\n  const descLower = cve.description.toLowerCase();\n  const productsLower = cve.affectedProducts.map(p => p.toLowerCase()).join(' ');\n  const searchText = descLower + ' ' + productsLower;\n\n  for (const asset of assets) {\n    let matched = false;\n    for (const sw of asset.software) {\n      if (searchText.includes(sw.toLowerCase()) || sw.toLowerCase().split(' ').some(w => w.length > 3 && searchText.includes(w))) {\n        matched = true;\n        break;\n      }\n    }\n    if (!matched && (searchText.includes(asset.os.toLowerCase()) || searchText.includes(asset.vendor.toLowerCase()))) matched = true;\n    if (matched) matchedAssets.push({ assetId: asset.assetId, hostname: asset.hostname, criticality: asset.criticality, internetFacing: asset.internetFacing, environment: asset.environment });\n  }\n\n  // Only include CVEs that match assets OR are CISA KEV / EPSS > 0.8\n  if (matchedAssets.length > 0 || cve.cisaKev || (cve.epssScore || 0) > 0.8) {\n    correlatedThreats.push({ ...cve, matchedAssets, assetMatchCount: matchedAssets.length });\n  }\n}\n\n// Sort by severity composite\nconst sev = (c) => {\n  let score = c.cvssScore * 8;\n  if (c.cisaKev) score += 25;\n  if (c.activelyExploited) score += 20;\n  if ((c.epssScore || 0) > 0.7) score += 15;\n  if (c.assetMatchCount > 0) score += 10;\n  return score;\n};\ncorrelatedThreats.sort((a, b) => sev(b) - sev(a));\n\n// Demo threats if nothing found\nconst demoThreats = correlatedThreats.length > 0 ? correlatedThreats : [\n  { cveId: 'CVE-2024-38856', source: 'NVD', description: 'Apache OFBiz before 18.12.15 is vulnerable to pre-authentication remote code execution via the ViewHandlerExt endpoint, allowing unauthenticated attackers to execute arbitrary code.', cvssScore: 9.8, cvssVector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', severity: 'CRITICAL', publishedDate: '2024-08-05', affectedProducts: ['cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*'], references: ['https://nvd.nist.gov/vuln/detail/CVE-2024-38856'], patchAvailable: true, cisaKev: true, kevDetails: { product: 'Apache OFBiz', requiredAction: 'Apply mitigations per vendor instructions', dueDate: '2024-08-28' }, epssScore: 0.94, activelyExploited: true, otxMentioned: true, matchedAssets: [{ assetId: 'ASSET-001', hostname: 'web-prod-01', criticality: 'CRITICAL', internetFacing: true, environment: 'Production' }], assetMatchCount: 1 },\n  { cveId: 'CVE-2024-21762', source: 'NVD', description: 'Fortinet FortiOS out-of-bounds write vulnerability in sslvpnd allows a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.', cvssScore: 9.6, cvssVector: 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H', severity: 'CRITICAL', publishedDate: '2024-02-09', affectedProducts: ['cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*'], references: ['https://nvd.nist.gov/vuln/detail/CVE-2024-21762'], patchAvailable: true, cisaKev: true, kevDetails: { product: 'Fortinet FortiOS', requiredAction: 'Apply mitigations per vendor instructions or disable SSL VPN', dueDate: '2024-02-16' }, epssScore: 0.97, activelyExploited: true, otxMentioned: true, matchedAssets: [{ assetId: 'ASSET-004', hostname: 'vpn-gateway-01', criticality: 'CRITICAL', internetFacing: true, environment: 'Production' }], assetMatchCount: 1 },\n  { cveId: 'CVE-2024-6387', source: 'NVD', description: 'OpenSSH regreSSHion: A signal handler race condition in sshd(8) on glibc-based Linux systems allows unauthenticated remote code execution as root. Regression of CVE-2006-5051.', cvssScore: 8.1, cvssVector: 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H', severity: 'HIGH', publishedDate: '2024-07-01', affectedProducts: ['cpe:2.3:a:openbsd:openssh:*:*:*:*:*:*:*:*'], references: ['https://nvd.nist.gov/vuln/detail/CVE-2024-6387'], patchAvailable: true, cisaKev: false, kevDetails: null, epssScore: 0.88, activelyExploited: true, otxMentioned: false, matchedAssets: [{ assetId: 'ASSET-002', hostname: 'db-prod-01', criticality: 'CRITICAL', internetFacing: false, environment: 'Production' }], assetMatchCount: 1 }\n];\n\nreturn [{\n  json: {\n    scanRunId,\n    assets,\n    scanContext,\n    threats: demoThreats,\n    stats: {\n      totalCVEsFound: Object.keys(cveMap).length || demoThreats.length,\n      correlatedToAssets: demoThreats.filter(t => t.assetMatchCount > 0).length,\n      cisaKevCount: demoThreats.filter(t => t.cisaKev).length,\n      activelyExploited: demoThreats.filter(t => t.activelyExploited).length,\n      highEPSS: demoThreats.filter(t => (t.epssScore || 0) > 0.7).length\n    },\n    normalisedAt: new Date().toISOString()\n  }\n}];"},"typeVersion":2},{"id":"85a02970-fc2e-4c5e-933f-87790de20267","name":"AI Threat Assessment & Prioritisation","type":"@n8n/n8n-nodes-langchain.agent","position":[2528,896],"parameters":{"text":"=You are a Principal Threat Intelligence Analyst and Vulnerability Researcher (OSCP, CEH, GREM certified). Conduct a comprehensive threat assessment for the following correlated vulnerabilities against the organisation's asset inventory. Prioritise ruthlessly — SOC teams need to act, not analyse.\n\n**Scan Run:** {{ $json.scanRunId }}\n**Scan Time:** {{ $json.normalisedAt }}\n\n**Organisation Asset Inventory ({{ $json.assets.length }} assets):**\n{{ JSON.stringify($json.assets.map(a => ({ id: a.assetId, host: a.hostname, env: a.environment, facing: a.internetFacing ? 'Internet-facing' : 'Internal', criticality: a.criticality, software: a.software, versions: a.softwareVersion, lastPatched: a.lastPatched })), null, 2) }}\n\n**Correlated Threats ({{ $json.threats.length }} CVEs matched to assets):**\n{{ JSON.stringify($json.threats, null, 2) }}\n\n**Feed Statistics:**\n- Total CVEs Evaluated: {{ $json.stats.totalCVEsFound }}\n- Correlated to Your Assets: {{ $json.stats.correlatedToAssets }}\n- On CISA KEV (Actively Exploited): {{ $json.stats.cisaKevCount }}\n- Confirmed Active Exploitation: {{ $json.stats.activelyExploited }}\n- High EPSS Score (>70%): {{ $json.stats.highEPSS }}\n\n---\n\n**Assessment Requirements:**\n\nFor EACH threat, evaluate:\n1. **Exploitability** — How easily can this be weaponised? Public PoC available? Metasploit module? Automated scanning?\n2. **Asset Exposure** — Are affected assets internet-facing? What's the privilege level of compromise?\n3. **Business Impact** — What data/systems are at risk? RCE vs privilege escalation vs DoS?\n4. **Urgency** — CISA KEV + EPSS > 0.7 + internet-facing asset = drop everything right now\n5. **Patch Status** — Is a patch available? Is there a workaround? Any vendor advisory?\n6. **Blast Radius** — If exploited, what lateral movement paths exist? What can an attacker reach next?\n\n**Urgency Score Formula:**\n- Base: CVSS × 8 (max 80)\n- +25 if CISA KEV listed\n- +20 if active exploitation confirmed\n- +15 if EPSS > 0.7\n- +15 if internet-facing critical asset\n- +10 if no patch available\n- Cap at 100\n\n**Severity Thresholds:**\n- CRITICAL (80–100): Weaponised, CISA KEV, RCE on internet-facing — patch or isolate in 24 hours\n- HIGH (60–79): High CVSS + active exploitation signals — patch within 72 hours\n- MEDIUM (40–59): Elevated CVSS, not yet weaponised — patch in scheduled maintenance\n- LOW (0–39): Theoretical, no public exploit — monitor\n\n**Response Format (JSON only, no markdown):**\n{\n  \"scanRunId\": \"{{ $json.scanRunId }}\",\n  \"assessmentTimestamp\": \"ISO timestamp\",\n  \"overallThreatLevel\": \"CRITICAL | HIGH | MEDIUM | LOW\",\n  \"executiveSummary\": \"3-sentence plain-English summary for CISO\",\n  \"totalThreatsAssessed\": 3,\n  \"immediateActionRequired\": true,\n  \"threatAssessments\": [\n    {\n      \"cveId\": \"CVE-XXXX-XXXXX\",\n      \"threatName\": \"descriptive threat name\",\n      \"severity\": \"CRITICAL | HIGH | MEDIUM | LOW\",\n      \"urgencyScore\": 95,\n      \"cvssScore\": 9.8,\n      \"epssScore\": 0.94,\n      \"isActivelyExploited\": true,\n      \"isCisaKev\": true,\n      \"affectedAssets\": [\"hostname1\", \"hostname2\"],\n      \"internetFacingAssets\": [\"hostname1\"],\n      \"attackVector\": \"Network | Adjacent | Local | Physical\",\n      \"attackComplexity\": \"Low | High\",\n      \"privilegesRequired\": \"None | Low | High\",\n      \"impactType\": \"RCE | Privilege Escalation | Data Exfiltration | DoS | Information Disclosure\",\n      \"exploitMaturity\": \"Weaponised | PoC Available | Theoretical | No Known Exploit\",\n      \"patchAvailable\": true,\n      \"patchURL\": \"https://...\",\n      \"workaround\": \"description or null\",\n      \"blastRadius\": \"brief description of lateral movement risk\",\n      \"immediateActions\": [\"ordered action list\"],\n      \"remediationSteps\": [\"technical remediation steps\"],\n      \"detectionRules\": [\"SIEM/IDS detection suggestions\"],\n      \"mitreTechniques\": [\"T1190\", \"T1068\"],\n      \"threatSummary\": \"2-sentence threat summary\"\n    }\n  ],\n  \"topPriorityThreats\": [\"CVE-XXXX-XXXXX\"],\n  \"globalRemediationPriority\": [\"ordered list of org-wide actions to take right now\"],\n  \"threatLandscapeSummary\": \"paragraph on current threat landscape context\"\n}","options":{"systemMessage":"You are a threat intelligence expert. Return JSON only — no markdown, no code blocks, no preamble. Sort threatAssessments by urgencyScore descending. Be specific about attack paths and remediation. Every CRITICAL threat must have an immediateActions list that an engineer can execute within the hour. Do not inflate scores — accuracy saves lives."},"promptType":"define"},"typeVersion":1.6},{"id":"35456c82-8d41-4c7b-ba19-f5910050244a","name":"Claude AI Model","type":"@n8n/n8n-nodes-langchain.lmChatAnthropic","position":[2608,1120],"parameters":{"model":"=claude-sonnet-4-20250514","options":{"temperature":0.1}},"credentials":{"anthropicApi":{"id":"credential-id","name":"Anthropic account - test"}},"typeVersion":1},{"id":"49643df7-751c-4782-a2fc-affa54fef006","name":"Parse & Validate AI Assessment","type":"n8n-nodes-base.code","position":[2880,896],"parameters":{"mode":"runOnceForEachItem","jsCode":"const aiResp = $input.item.json;\nlet aiText = aiResp.response || aiResp.output || aiResp.text || '';\nif (aiResp.content && Array.isArray(aiResp.content)) aiText = aiResp.content[0]?.text || '';\n\nconst clean = aiText.replace(/```json\\s*/g,'').replace(/```\\s*/g,'').trim();\nlet assessment;\ntry {\n  assessment = JSON.parse(clean);\n} catch(e) {\n  const m = clean.match(/\\{[\\s\\S]*\\}/);\n  try { assessment = m ? JSON.parse(m[0]) : null; } catch(e2) { assessment = null; }\n  if (!assessment) {\n    assessment = {\n      overallThreatLevel: 'HIGH',\n      executiveSummary: 'Threat assessment processing error — manual review required.',\n      threatAssessments: [], immediateActionRequired: true,\n      topPriorityThreats: [], globalRemediationPriority: ['Review raw CVE data manually'],\n      threatLandscapeSummary: 'Unable to complete automated assessment.'\n    };\n  }\n}\n\nconst upstream = $('Normalise, Deduplicate & Correlate').first().json;\n\n// Sort by urgency score\nconst sorted = (assessment.threatAssessments || []).sort((a,b) => (b.urgencyScore||0) - (a.urgencyScore||0));\n\nconst criticalCount = sorted.filter(t => t.severity === 'CRITICAL').length;\nconst highCount = sorted.filter(t => t.severity === 'HIGH').length;\nconst activelyExploitedCount = sorted.filter(t => t.isActivelyExploited).length;\nconst kevCount = sorted.filter(t => t.isCisaKev).length;\nconst patchAvailableCount = sorted.filter(t => t.patchAvailable).length;\n\nreturn {\n  json: {\n    scanRunId: upstream.scanRunId,\n    scanContext: upstream.scanContext,\n    assets: upstream.assets,\n    rawThreats: upstream.threats,\n    assessment: { ...assessment, threatAssessments: sorted },\n    summary: {\n      overallThreatLevel: assessment.overallThreatLevel,\n      totalAssessed: sorted.length,\n      criticalCount, highCount,\n      mediumCount: sorted.filter(t => t.severity === 'MEDIUM').length,\n      lowCount: sorted.filter(t => t.severity === 'LOW').length,\n      activelyExploitedCount, kevCount, patchAvailableCount,\n      immediateActionRequired: assessment.immediateActionRequired\n    },\n    criticalAndHighThreats: sorted.filter(t => ['CRITICAL','HIGH'].includes(t.severity)),\n    assessedAt: new Date().toISOString()\n  }\n};"},"typeVersion":2},{"id":"92a36ab2-f6d3-4d46-bde6-da8905df2358","name":"Filter Above Risk Threshold","type":"n8n-nodes-base.filter","position":[3104,896],"parameters":{"options":{},"conditions":{"options":{"leftValue":"","caseSensitive":false,"typeValidation":"strict"},"combinator":"or","conditions":[{"operator":{"type":"number","operation":"gte"},"leftValue":"={{ $json.summary.criticalCount }}","rightValue":1},{"operator":{"type":"number","operation":"gte"},"leftValue":"={{ $json.summary.highCount }}","rightValue":1},{"operator":{"type":"boolean","operation":"true"},"leftValue":"={{ $json.summary.immediateActionRequired }}"}]}},"typeVersion":2.2},{"id":"fe90a723-97ca-4cff-9e1b-e7988289af58","name":"Route by Overall Threat Level","type":"n8n-nodes-base.switch","position":[3536,864],"parameters":{"mode":"expression","output":"={{ $json.summary.overallThreatLevel }}"},"typeVersion":3.1},{"id":"75d81c5f-ef33-4403-ab64-685cfccd6845","name":"Alert SOC Team on Slack","type":"n8n-nodes-base.httpRequest","position":[3984,592],"parameters":{"url":"https://slack.com/api/chat.postMessage","method":"POST","options":{"timeout":10000},"jsonBody":"={\n  \"channel\": \"{{ $json.summary.overallThreatLevel === 'CRITICAL' ? '#soc-critical' : '#soc-alerts' }}\",\n  \"text\": \"🔴 Zero-Day Threat Intel — {{ $json.summary.overallThreatLevel }}: {{ $json.summary.criticalCount }} CRITICAL, {{ $json.summary.highCount }} HIGH\",\n  \"blocks\": [\n    { \"type\": \"header\", \"text\": { \"type\": \"plain_text\", \"text\": \"{{ $json.summary.overallThreatLevel === 'CRITICAL' ? '🔴' : '🟡' }} Threat Intel — {{ $json.scanRunId }}\" } },\n    {\n      \"type\": \"section\",\n      \"fields\": [\n        { \"type\": \"mrkdwn\", \"text\": \"*Threat Level:*\\n{{ $json.summary.overallThreatLevel }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*CVEs Assessed:*\\n{{ $json.summary.totalAssessed }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Critical / High:*\\n{{ $json.summary.criticalCount }} / {{ $json.summary.highCount }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*CISA KEV Matches:*\\n{{ $json.summary.kevCount }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Actively Exploited:*\\n{{ $json.summary.activelyExploitedCount }}\" },\n        { \"type\": \"mrkdwn\", \"text\": \"*Patches Available:*\\n{{ $json.summary.patchAvailableCount }} / {{ $json.summary.totalAssessed }}\" }\n      ]\n    },\n    { \"type\": \"section\", \"text\": { \"type\": \"mrkdwn\", \"text\": \"*Executive Summary:*\\n{{ $json.assessment.executiveSummary }}\" } },\n    { \"type\": \"section\", \"text\": { \"type\": \"mrkdwn\", \"text\": \"*Top Priority CVE:*\\n*{{ $json.criticalAndHighThreats[0]?.cveId }}* — {{ $json.criticalAndHighThreats[0]?.threatName }}\\nUrgency: {{ $json.criticalAndHighThreats[0]?.urgencyScore }}/100 | CVSS: {{ $json.criticalAndHighThreats[0]?.cvssScore }} | EPSS: {{ ((($json.criticalAndHighThreats[0]?.epssScore||0)*100)).toFixed(0) }}%\" } },\n    { \"type\": \"section\", \"text\": { \"type\": \"mrkdwn\", \"text\": \"*Immediate Action #1:*\\n{{ $json.assessment.globalRemediationPriority?.[0] || 'See full report' }}\" } },\n    {{ $json.summary.kevCount > 0 ? JSON.stringify({ type: 'section', text: { type: 'mrkdwn', text: '⚠️ *CISA KEV ALERT:* ' + $json.summary.kevCount + ' CVE(s) on the Known Exploited Vulnerabilities catalogue — federal agencies must patch by due date.' } }) : '{ \"type\": \"divider\" }' }}\n  ]\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","authentication":"predefinedCredentialType","nodeCredentialType":"slackApi"},"credentials":{"slackApi":{"id":"credential-id","name":"Slack account - test "}},"typeVersion":4.2,"continueOnFail":true},{"id":"455f0720-c154-4fef-9dcd-9b505bfcbbb9","name":"Create Jira Threat Tickets","type":"n8n-nodes-base.code","position":[3632,640],"parameters":{"mode":"runOnceForEachItem","jsCode":"// Create one Jira ticket per CRITICAL/HIGH threat\nconst d = $input.item.json;\nconst threats = d.criticalAndHighThreats.slice(0, 5); // top 5\nconst results = [];\n\nfor (const threat of threats) {\n  results.push({\n    json: {\n      jiraPayload: {\n        fields: {\n          project: { key: 'SEC' },\n          issuetype: { name: 'Vulnerability' },\n          summary: `[${threat.severity}] ${threat.cveId} — ${threat.threatName}`,\n          priority: { name: threat.severity === 'CRITICAL' ? 'Highest' : 'High' },\n          description: {\n            type: 'doc', version: 1,\n            content: [\n              { type: 'paragraph', content: [{ type: 'text', text: `CVE: ${threat.cveId} | CVSS: ${threat.cvssScore} | EPSS: ${((threat.epssScore||0)*100).toFixed(1)}% | Urgency: ${threat.urgencyScore}/100` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `Impact: ${threat.impactType} | Exploit Maturity: ${threat.exploitMaturity}` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `Affected Assets: ${(threat.affectedAssets||[]).join(', ')}` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `CISA KEV: ${threat.isCisaKev} | Actively Exploited: ${threat.isActivelyExploited}` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `Summary: ${threat.threatSummary}` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `Immediate Action: ${(threat.immediateActions||[]).join(' | ')}` }] },\n              { type: 'paragraph', content: [{ type: 'text', text: `Patch URL: ${threat.patchURL || 'See vendor advisory'}` }] }\n            ]\n          },\n          labels: ['zero-day', 'vulnerability', threat.severity.toLowerCase(), threat.isCisaKev ? 'cisa-kev' : 'new-threat']\n        }\n      },\n      cveId: threat.cveId,\n      severity: threat.severity,\n      scanRunId: d.scanRunId\n    }\n  });\n}\n\nreturn results.length > 0 ? results : [{ json: { skip: true, reason: 'No CRITICAL/HIGH threats for ticketing', scanRunId: d.scanRunId } }];"},"typeVersion":2},{"id":"6bff06bf-4637-4e30-bdd3-3dc2e1a0a63c","name":"Submit Jira Issues via API","type":"n8n-nodes-base.httpRequest","position":[3984,784],"parameters":{"url":"https://YOUR_JIRA_DOMAIN.atlassian.net/rest/api/3/issue","method":"POST","options":{"timeout":15000},"jsonBody":"={{ JSON.stringify($json.jiraPayload) }}","sendBody":true,"sendHeaders":true,"specifyBody":"json","authentication":"predefinedCredentialType","nodeCredentialType":"jiraSoftwareCloudApi"},"credentials":{"jiraSoftwareCloudApi":{"id":"credential-id","name":"Jira SW Cloud account"}},"typeVersion":4.2,"continueOnFail":true},{"id":"9255330c-cef9-4ff8-9726-527a0790d288","name":"Send Threat Brief to Security Team","type":"n8n-nodes-base.emailSend","position":[3760,1200],"webhookId":"c03369cd-ccd3-4749-9cd8-5ab9f4c8f336","parameters":{"html":"=<html><body style=\"font-family:Arial,sans-serif;max-width:750px;margin:0 auto;padding:0;color:#222;\">\n<div style=\"background:linear-gradient(135deg,#0d0d0d 0%,#1a0a2e 50%,#0d1b2a 100%);padding:30px;\">\n  <h1 style=\"color:#ff4d4d;margin:0;font-size:1.5em;letter-spacing:1px;\">⚡ THREAT INTELLIGENCE BRIEF</h1>\n  <p style=\"color:#888;margin:8px 0 0;font-size:0.9em;\">{{ $json.scanRunId }} &bull; {{ new Date($json.assessedAt).toUTCString() }}</p>\n</div>\n<div style=\"background:white;padding:24px;border:1px solid #e0e0e0;\">\n  <div style=\"background:{{ $json.summary.overallThreatLevel === 'CRITICAL' ? '#fff0f0' : '#fff8e1' }};border-left:5px solid {{ $json.summary.overallThreatLevel === 'CRITICAL' ? '#ff4d4d' : '#ffa500' }};border-radius:4px;padding:16px;margin-bottom:20px;\">\n    <h2 style=\"margin:0;color:{{ $json.summary.overallThreatLevel === 'CRITICAL' ? '#cc0000' : '#e65c00' }};\">{{ $json.summary.overallThreatLevel }} THREAT LEVEL</h2>\n    <p style=\"margin:8px 0 0;color:#555;\">{{ $json.assessment.executiveSummary }}</p>\n  </div>\n  <table style=\"width:100%;border-collapse:collapse;margin-bottom:20px;font-size:0.9em;\">\n    <tr style=\"background:#f5f5f5;\"><td style=\"padding:8px;border:1px solid #ddd;\"><strong>CVEs Assessed</strong></td><td style=\"padding:8px;border:1px solid #ddd;\">{{ $json.summary.totalAssessed }}</td><td style=\"padding:8px;border:1px solid #ddd;\"><strong>CISA KEV</strong></td><td style=\"padding:8px;border:1px solid #ddd;\">{{ $json.summary.kevCount }}</td></tr>\n    <tr><td style=\"padding:8px;border:1px solid #ddd;\"><strong>Critical</strong></td><td style=\"padding:8px;border:1px solid #ddd;color:#cc0000;\"><strong>{{ $json.summary.criticalCount }}</strong></td><td style=\"padding:8px;border:1px solid #ddd;\"><strong>Actively Exploited</strong></td><td style=\"padding:8px;border:1px solid #ddd;color:#e65c00;\">{{ $json.summary.activelyExploitedCount }}</td></tr>\n    <tr style=\"background:#f5f5f5;\"><td style=\"padding:8px;border:1px solid #ddd;\"><strong>High</strong></td><td style=\"padding:8px;border:1px solid #ddd;\">{{ $json.summary.highCount }}</td><td style=\"padding:8px;border:1px solid #ddd;\"><strong>Patches Available</strong></td><td style=\"padding:8px;border:1px solid #ddd;color:#28a745;\">{{ $json.summary.patchAvailableCount }} / {{ $json.summary.totalAssessed }}</td></tr>\n  </table>\n  <h3 style=\"color:#0d1b2a;border-bottom:2px solid #ff4d4d;padding-bottom:6px;\">Threat Assessments</h3>\n  {{ ($json.criticalAndHighThreats || []).map(t => '<div style=\"border:1px solid #ddd;border-left:5px solid ' + (t.severity === 'CRITICAL' ? '#ff4d4d' : '#ffa500') + ';border-radius:4px;padding:14px;margin:12px 0;\"><div style=\"display:flex;justify-content:space-between;\"><div><strong style=\"font-size:1.05em;\">' + t.cveId + '</strong> &nbsp;<span style=\"background:' + (t.severity === 'CRITICAL' ? '#ff4d4d' : '#ffa500') + ';color:white;padding:2px 8px;border-radius:3px;font-size:0.8em;\">' + t.severity + '</span>' + (t.isCisaKev ? ' <span style=\"background:#7b2d8b;color:white;padding:2px 6px;border-radius:3px;font-size:0.75em;\">CISA KEV</span>' : '') + (t.isActivelyExploited ? ' <span style=\"background:#cc0000;color:white;padding:2px 6px;border-radius:3px;font-size:0.75em;\">EXPLOITED</span>' : '') + '</div><div style=\"text-align:right;\"><strong>Urgency: ' + t.urgencyScore + '/100</strong><br/><small>CVSS: ' + t.cvssScore + ' | EPSS: ' + ((t.epssScore||0)*100).toFixed(0) + '%</small></div></div><p style=\"margin:8px 0;font-size:0.9em;color:#333;\">' + t.threatSummary + '</p><p style=\"margin:4px 0;font-size:0.85em;\"><strong>Affected:</strong> ' + (t.affectedAssets||[]).join(', ') + ' | <strong>Impact:</strong> ' + t.impactType + ' | <strong>Exploit:</strong> ' + t.exploitMaturity + '</p>' + (t.immediateActions?.length > 0 ? '<div style=\"background:#fff0f0;border-radius:4px;padding:10px;margin-top:8px;\"><strong>⚡ Immediate Actions:</strong><ol style=\"margin:4px 0;\">' + t.immediateActions.slice(0,3).map(a => '<li style=\"font-size:0.85em;\">' + a + '</li>').join('') + '</ol></div>' : '') + '</div>').join('') }}\n  <h3 style=\"color:#0d1b2a;\">Global Remediation Priority</h3>\n  <ol>{{ ($json.assessment.globalRemediationPriority || []).map(a => '<li style=\"margin:6px 0;\">' + a + '</li>').join('') }}</ol>\n  <div style=\"background:#f0f0f0;border-radius:4px;padding:14px;margin-top:16px;\">\n    <strong>Threat Landscape:</strong><p style=\"margin:6px 0 0;font-size:0.9em;\">{{ $json.assessment.threatLandscapeSummary }}</p>\n  </div>\n  <p style=\"font-size:0.75em;color:#999;margin-top:20px;\">Automated threat intelligence — verify findings before actioning. This does not replace human analyst review for complex threats.</p>\n</div>\n<div style=\"background:#0d0d0d;padding:14px 24px;text-align:center;\"><p style=\"color:#555;font-size:0.8em;margin:0;\">AI Zero-Day Threat Intelligence Monitor &bull; {{ $json.scanRunId }}</p></div>\n</body></html>","options":{"appendAttribution":false},"subject":"={{ '🔴 [' + $json.summary.overallThreatLevel + '] Zero-Day Threat Intel — ' + $json.summary.criticalCount + ' Critical, ' + $json.summary.highCount + ' High | ' + $json.scanRunId }}","toEmail":"user@example.com","fromEmail":"="},"credentials":{"smtp":{"id":"credential-id","name":"SMTP -test"}},"typeVersion":2.1,"continueOnFail":true},{"id":"7c3e99be-cf46-4c95-8b67-c47367d69e5e","name":"Trigger Patch Management System","type":"n8n-nodes-base.httpRequest","position":[3984,1136],"parameters":{"url":"https://YOUR_PATCH_MANAGEMENT_URL/api/v1/patch-jobs","method":"POST","options":{"timeout":12000},"jsonBody":"={\n  \"scanRunId\": \"{{ $json.scanRunId }}\",\n  \"priority\": \"{{ $json.summary.overallThreatLevel }}\",\n  \"urgentPatches\": {{ JSON.stringify($json.criticalAndHighThreats.filter(t => t.patchAvailable).map(t => ({ cveId: t.cveId, severity: t.severity, urgencyScore: t.urgencyScore, affectedAssets: t.affectedAssets, patchURL: t.patchURL, mitreTechniques: t.mitreTechniques }))) }},\n  \"triggeredAt\": \"{{ new Date().toISOString() }}\",\n  \"triggeredBy\": \"n8n-threat-monitor\"\n}","sendBody":true,"sendHeaders":true,"specifyBody":"json","headerParameters":{"parameters":[{"name":"Authorization","value":"Bearer YOUR_TOKEN_HERE"},{"name":"Content-Type","value":"application/json"}]}},"typeVersion":4.2,"continueOnFail":true},{"id":"6dc269bd-9036-401a-8c93-007f7273828e","name":"Append to Threat Intelligence Log","type":"n8n-nodes-base.googleSheets","position":[4240,848],"parameters":{"columns":{"value":{},"schema":[],"mappingMode":"autoMapInputData","matchingColumns":[],"attemptToConvertTypes":false,"convertFieldsToString":true},"options":{},"operation":"append","sheetName":{"__rl":true,"mode":"id","value":"=YOUR_SHEET_TAB_ID"},"documentId":{"__rl":true,"mode":"id","value":"=YOUR_GOOGLE_SHEET_ID"},"authentication":"serviceAccount"},"credentials":{"googleApi":{"id":"credential-id","name":"Google Sheets- test"}},"typeVersion":4.5,"continueOnFail":true},{"id":"4bc6c2aa-a237-4c5d-bd66-b9e19e9a2b44","name":"Build SIEM-Ready JSON Response","type":"n8n-nodes-base.code","position":[4432,848],"parameters":{"mode":"runOnceForEachItem","jsCode":"const d = $input.item.json;\nreturn {\n  json: {\n    success: true,\n    scanRunId: d.scanRunId,\n    timestamp: d.assessedAt,\n    overallThreatLevel: d.summary.overallThreatLevel,\n    immediateActionRequired: d.summary.immediateActionRequired,\n    summary: d.summary,\n    executiveSummary: d.assessment.executiveSummary,\n    topPriorityThreats: (d.assessment.topPriorityThreats || []),\n    criticalThreats: d.criticalAndHighThreats.filter(t => t.severity === 'CRITICAL').map(t => ({\n      cveId: t.cveId, threatName: t.threatName, urgencyScore: t.urgencyScore,\n      cvssScore: t.cvssScore, epssScore: t.epssScore, isCisaKev: t.isCisaKev,\n      affectedAssets: t.affectedAssets, impactType: t.impactType,\n      exploitMaturity: t.exploitMaturity, patchAvailable: t.patchAvailable,\n      patchURL: t.patchURL, immediateActions: t.immediateActions,\n      mitreTechniques: t.mitreTechniques\n    })),\n    highThreats: d.criticalAndHighThreats.filter(t => t.severity === 'HIGH').map(t => ({\n      cveId: t.cveId, threatName: t.threatName, urgencyScore: t.urgencyScore,\n      cvssScore: t.cvssScore, affectedAssets: t.affectedAssets, impactType: t.impactType\n    })),\n    globalRemediationPriority: d.assessment.globalRemediationPriority,\n    threatLandscapeSummary: d.assessment.threatLandscapeSummary\n  }\n};"},"typeVersion":2},{"id":"83da09e7-6469-4a20-989b-e50d1a751aa7","name":"Return Threat Intel to Caller","type":"n8n-nodes-base.respondToWebhook","position":[4656,848],"parameters":{"options":{"responseHeaders":{"entries":[{"name":"Content-Type","value":"application/json"}]}},"respondWith":"json","responseBody":"={{ JSON.stringify($json, null, 2) }}"},"typeVersion":1},{"id":"90f81122-44c5-4e98-9f12-54bab8030111","name":"Wait For Result","type":"n8n-nodes-base.wait","position":[3344,896],"webhookId":"ed4ff078-f526-4872-81b2-5b2d76d49237","parameters":{},"typeVersion":1.1}],"active":false,"pinData":{},"settings":{"executionOrder":"v1"},"versionId":"40017b5b-f38b-439f-a44a-fbcdaebe4c7f","connections":{"Claude AI Model":{"ai_languageModel":[[{"node":"AI Threat Assessment & Prioritisation","type":"ai_languageModel","index":0}]]},"Wait For Result":{"main":[[{"node":"Route by Overall Threat Level","type":"main","index":0}]]},"On-Demand Scan Webhook":{"main":[[{"node":"Load Asset & Software Inventory","type":"main","index":0}]]},"Query NVD CVE Database":{"main":[[{"node":"Merge All Threat Feed Results","type":"main","index":0}]]},"Alert SOC Team on Slack":{"main":[[{"node":"Append to Threat Intelligence Log","type":"main","index":0}]]},"Create Jira Threat Tickets":{"main":[[{"node":"Submit Jira Issues via API","type":"main","index":0}]]},"Submit Jira Issues via API":{"main":[[{"node":"Append to Threat Intelligence Log","type":"main","index":0}]]},"Fetch AlienVault OTX Pulses":{"main":[[{"node":"Merge All Threat Feed Results","type":"main","index":1}]]},"Filter Above Risk Threshold":{"main":[[{"node":"Wait For Result","type":"main","index":0}]]},"Hourly Threat Scan Schedule":{"main":[[{"node":"Load Asset & Software Inventory","type":"main","index":0}]]},"Merge All Threat Feed Results":{"main":[[{"node":"Normalise, Deduplicate & Correlate","type":"main","index":0}]]},"Route by Overall Threat Level":{"main":[[{"node":"Alert SOC Team on Slack","type":"main","index":0},{"node":"Create Jira Threat Tickets","type":"main","index":0},{"node":"Send Threat Brief to Security Team","type":"main","index":0},{"node":"Trigger Patch Management System","type":"main","index":0}],[{"node":"Alert SOC Team on Slack","type":"main","index":0},{"node":"Create Jira Threat Tickets","type":"main","index":0},{"node":"Send Threat Brief to Security Team","type":"main","index":0},{"node":"Trigger Patch Management System","type":"main","index":0}],[{"node":"Send Threat Brief to Security Team","type":"main","index":0},{"node":"Append to Threat Intelligence Log","type":"main","index":0}]]},"Build SIEM-Ready JSON Response":{"main":[[{"node":"Return Threat Intel to Caller","type":"main","index":0}]]},"Parse & Validate AI Assessment":{"main":[[{"node":"Filter Above Risk Threshold","type":"main","index":0}]]},"Load Asset & Software Inventory":{"main":[[{"node":"Build Scan Context & Search Terms","type":"main","index":0}]]},"Trigger Patch Management System":{"main":[[{"node":"Append to Threat Intelligence Log","type":"main","index":0}]]},"Fetch CISA Known Exploited Vulns":{"main":[[{"node":"Merge All Threat Feed Results","type":"main","index":1}]]},"Query GitHub Security Advisories":{"main":[[{"node":"Merge All Threat Feed Results","type":"main","index":1}]]},"Append to Threat Intelligence Log":{"main":[[{"node":"Build SIEM-Ready JSON Response","type":"main","index":0}]]},"Build Scan Context & Search Terms":{"main":[[{"node":"Query NVD CVE Database","type":"main","index":0},{"node":"Fetch CISA Known Exploited Vulns","type":"main","index":0},{"node":"Query GitHub Security Advisories","type":"main","index":0},{"node":"Fetch AlienVault OTX Pulses","type":"main","index":0},{"node":"Fetch EPSS Exploit Probability Scores","type":"main","index":0}]]},"Normalise, Deduplicate & Correlate":{"main":[[{"node":"AI Threat Assessment & Prioritisation","type":"main","index":0}]]},"Send Threat Brief to Security Team":{"main":[[{"node":"Trigger Patch Management System","type":"main","index":0}]]},"AI Threat Assessment & Prioritisation":{"main":[[{"node":"Parse & Validate AI Assessment","type":"main","index":0}]]},"Fetch EPSS Exploit Probability Scores":{"main":[[{"node":"Merge All Threat Feed Results","type":"main","index":1}]]}}},"lastUpdatedBy":1,"workflowInfo":{"nodeCount":30,"nodeTypes":{"n8n-nodes-base.code":{"count":5},"n8n-nodes-base.wait":{"count":1},"n8n-nodes-base.merge":{"count":1},"n8n-nodes-base.filter":{"count":1},"n8n-nodes-base.switch":{"count":1},"n8n-nodes-base.webhook":{"count":1},"n8n-nodes-base.airtable":{"count":1},"n8n-nodes-base.emailSend":{"count":1},"n8n-nodes-base.stickyNote":{"count":5},"n8n-nodes-base.httpRequest":{"count":8},"n8n-nodes-base.googleSheets":{"count":1},"@n8n/n8n-nodes-langchain.agent":{"count":1},"n8n-nodes-base.scheduleTrigger":{"count":1},"n8n-nodes-base.respondToWebhook":{"count":1},"@n8n/n8n-nodes-langchain.lmChatAnthropic":{"count":1}}},"status":"published","readyToDemo":null,"user":{"name":"Oneclick AI Squad","username":"oneclick-ai","bio":"The AI Squad Initiative is a pioneering effort to build, automate and scale AI-powered workflows using n8n.io. Our mission is to help individuals and businesses integrate AI agents seamlessly into their daily operations  from automating tasks and enhancing productivity to creating innovative, intelligent solutions. We design modular, reusable AI workflow templates that empower creators, developers and teams to supercharge their automation with minimal effort and maximum impact.","verified":true,"links":["https://www.oneclickitsolution.com/"],"avatar":"https://gravatar.com/avatar/848fca91367142f65f9e5c55d64e5c9952b160d7b060d103b52aa343c6bc7b3d?r=pg&d=retro&size=200"},"nodes":[{"id":2,"icon":"file:airtable.svg","name":"n8n-nodes-base.airtable","codex":{"data":{"resources":{"generic":[{"url":"https://n8n.io/blog/2021-goals-level-up-your-vocabulary-with-vonage-and-n8n/","icon":"🎯","label":"2021 Goals: Level Up Your Vocabulary With Vonage and n8n"},{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/building-an-expense-tracking-app-in-10-minutes/","icon":"📱","label":"Building an expense tracking app in 10 minutes"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/learn-to-build-powerful-api-endpoints-using-webhooks/","icon":"🧰","label":"Learn to Build Powerful API Endpoints Using Webhooks"},{"url":"https://n8n.io/blog/sending-sms-the-low-code-way-with-airtable-twilio-programmable-sms-and-n8n/","icon":"📱","label":"Sending SMS the Low-Code Way with Airtable, Twilio Programmable SMS, and n8n"},{"url":"https://n8n.io/blog/automating-conference-organization-processes-with-n8n/","icon":"🙋‍♀️","label":"Automating Conference Organization Processes with n8n"},{"url":"https://n8n.io/blog/benefits-of-automation-and-n8n-an-interview-with-hubspots-hugh-durkin/","icon":"🎖","label":"Benefits of automation and n8n: An interview with HubSpot's Hugh Durkin"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.airtable/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/airtable/"}]},"categories":["Data & Storage"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"input\"]","defaults":{"name":"Airtable"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyMDAgMTcwIj48cGF0aCBmaWxsPSIjZmNiNDAwIiBkPSJNODkgNC44IDE2LjIgMzQuOWMtNC4xIDEuNy00IDcuNC4xIDkuMWw3My4yIDI5YzYuNCAyLjYgMTMuNiAyLjYgMjAgMGw3My4yLTI5YzQuMS0xLjYgNC4xLTcuNC4xLTkuMWwtNzMtMzAuMUMxMDMuMiAyIDk1LjcgMiA4OSA0LjgiLz48cGF0aCBmaWxsPSIjMThiZmZmIiBkPSJNMTA1LjkgODguOXY3Mi41YzAgMy40IDMuNSA1LjggNi43IDQuNWw4MS42LTMxLjdjMS45LS43IDMuMS0yLjUgMy4xLTQuNVY1Ny4yYzAtMy40LTMuNS01LjgtNi43LTQuNUwxMDkgODQuM2MtMS45LjgtMy4xIDIuNi0zLjEgNC42Ii8+PHBhdGggZmlsbD0iI2Y4MmI2MCIgZD0ibTg2LjkgOTIuNi0yNC4yIDExLjctMi41IDEuMkw5LjEgMTMwYy0zLjIgMS42LTcuNC0uOC03LjQtNC40VjU3LjVjMC0xLjMuNy0yLjQgMS42LTMuM3EuNi0uNiAxLjItLjljMS4yLS43IDMtLjkgNC40LS4zbDc3LjUgMzAuN2M0IDEuNSA0LjMgNy4xLjUgOC45Ii8+PHBhdGggZmlsbD0iI2JhMWU0NSIgZD0ibTg2LjkgOTIuNi0yNC4yIDExLjctNTkuNC01MHEuNi0uNiAxLjItLjljMS4yLS43IDMtLjkgNC40LS4zbDc3LjUgMzAuN2M0IDEuNCA0LjMgNyAuNSA4LjgiLz48L3N2Zz4="},"displayName":"Airtable","typeVersion":2,"nodeCategories":[{"id":3,"name":"Data & Storage"}]},{"id":11,"icon":"fa:envelope","name":"n8n-nodes-base.emailSend","codex":{"data":{"alias":["SMTP","email","human","form","wait","hitl","approval"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.sendemail/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/sendemail/"}]},"categories":["Communication","HITL","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"HITL":["Human in the Loop"]}}},"group":"[\"output\"]","defaults":{"name":"Send Email","color":"#00bb88"},"iconData":{"icon":"envelope","type":"icon"},"displayName":"Send Email","typeVersion":2,"nodeCategories":[{"id":6,"name":"Communication"},{"id":9,"name":"Core Nodes"},{"id":28,"name":"HITL"}]},{"id":18,"icon":"file:googleSheets.svg","name":"n8n-nodes-base.googleSheets","codex":{"data":{"alias":["CSV","Sheet","Spreadsheet","GS"],"resources":{"generic":[{"url":"https://n8n.io/blog/love-at-first-sight-ricardos-n8n-journey/","icon":"❤️","label":"Love at first sight: Ricardo’s n8n journey"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/supercharging-your-conference-registration-process-with-n8n/","icon":"🎫","label":"Supercharging your conference registration process with n8n"},{"url":"https://n8n.io/blog/creating-triggers-for-n8n-workflows-using-polling/","icon":"⏲","label":"Creating triggers for n8n workflows using polling"},{"url":"https://n8n.io/blog/no-code-ecommerce-workflow-automations/","icon":"store","label":"6 e-commerce workflows to power up your Shopify s"},{"url":"https://n8n.io/blog/migrating-community-metrics-to-orbit-using-n8n/","icon":"📈","label":"Migrating Community Metrics to Orbit using n8n"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/your-business-doesnt-need-you-to-operate/","icon":" 🖥️","label":"Hey founders! Your business doesn't need you to operate"},{"url":"https://n8n.io/blog/how-honest-burgers-use-automation-to-save-100k-per-year/","icon":"🍔","label":"How Honest Burgers Use Automation to Save $100k per year"},{"url":"https://n8n.io/blog/how-a-digital-strategist-uses-n8n-for-online-marketing/","icon":"💻","label":"How a digital strategist uses n8n for online marketing"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.googlesheets/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/google/oauth-single-service/"}]},"categories":["Data & Storage","Productivity"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"input\",\"output\"]","defaults":{"name":"Google Sheets"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2MCIgaGVpZ2h0PSI2MCI+PGcgZmlsbD0ibm9uZSIgZmlsbC1ydWxlPSJldmVub2RkIiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiPjxwYXRoIGZpbGw9IiMyOEI0NDYiIGQ9Ik0zNS42OSAxIDUyIDE3LjIyNXYzOS4wODdhMy42NyAzLjY3IDAgMCAxLTEuMDg0IDIuNjFBMy43IDMuNyAwIDAgMSA0OC4yOTMgNjBIMTIuNzA3YTMuNyAzLjcgMCAwIDEtMi42MjMtMS4wNzhBMy42NyAzLjY3IDAgMCAxIDkgNTYuMzEyVjQuNjg4YTMuNjcgMy42NyAwIDAgMSAxLjA4NC0yLjYxQTMuNyAzLjcgMCAwIDEgMTIuNzA3IDF6Ii8+PHBhdGggZmlsbD0iIzZBQ0U3QyIgZD0iTTM1LjY5IDEgNTIgMTcuMjI1SDM5LjM5N2MtMi4wNTQgMC0zLjcwNy0xLjgyOS0zLjcwNy0zLjg3MnoiLz48cGF0aCBmaWxsPSIjMjE5QjM4IiBkPSJNMzkuMjExIDE3LjIyNSA1MiAyMi40OHYtNS4yNTV6Ii8+PHBhdGggZmlsbD0iI0ZGRiIgZD0iTTIwLjEyIDMxLjk3NWMwLS44MTcuNjYyLTEuNDc1IDEuNDgzLTEuNDc1aDE3Ljc5NGMuODIxIDAgMS40ODIuNjU4IDEuNDgyIDEuNDc1djE1LjQ4N2MwIC44MTgtLjY2MSAxLjQ3NS0xLjQ4MiAxLjQ3NUgyMS42MDNhMS40NzYgMS40NzYgMCAwIDEtMS40ODItMS40NzRWMzEuOTc0em0yLjIyNSAxLjQ3NWg2LjY3MnYyLjIxMmgtNi42NzJ6bTAgNS4xNjJoNi42NzJ2Mi4yMTNoLTYuNjcyem0wIDUuMTYzaDYuNjcydjIuMjEyaC02LjY3MnptOS42MzgtMTAuMzI1aDYuNjcydjIuMjEyaC02LjY3MnptMCA1LjE2Mmg2LjY3MnYyLjIxM2gtNi42NzJ6bTAgNS4xNjNoNi42NzJ2Mi4yMTJoLTYuNjcyeiIvPjxwYXRoIGZpbGw9IiMyOEI0NDYiIGQ9Ik0zNC42OSAwIDUxIDE2LjIyNXYzOS4wODdhMy42NyAzLjY3IDAgMCAxLTEuMDg0IDIuNjFBMy43IDMuNyAwIDAgMSA0Ny4yOTMgNTlIMTEuNzA3YTMuNyAzLjcgMCAwIDEtMi42MjMtMS4wNzhBMy42NyAzLjY3IDAgMCAxIDggNTUuMzEyVjMuNjg4YTMuNjcgMy42NyAwIDAgMSAxLjA4NC0yLjYxQTMuNyAzLjcgMCAwIDEgMTEuNzA3IDB6Ii8+PHBhdGggZmlsbD0iIzZBQ0U3QyIgZD0iTTM0LjY5IDAgNTEgMTYuMjI1SDM4LjM5N2MtMi4wNTQgMC0zLjcwNy0xLjgyOS0zLjcwNy0zLjg3MnoiLz48cGF0aCBmaWxsPSIjMjE5QjM4IiBkPSJNMzguMjExIDE2LjIyNSA1MSAyMS40OHYtNS4yNTV6Ii8+PHBhdGggZmlsbD0iI0ZGRiIgZD0iTTE5LjEyIDMwLjk3NWMwLS44MTcuNjYyLTEuNDc1IDEuNDgzLTEuNDc1aDE3Ljc5NGMuODIxIDAgMS40ODIuNjU4IDEuNDgyIDEuNDc1djE1LjQ4N2MwIC44MTgtLjY2MSAxLjQ3NS0xLjQ4MiAxLjQ3NUgyMC42MDNhMS40NzYgMS40NzYgMCAwIDEtMS40ODItMS40NzRWMzAuOTc0em0yLjIyNSAxLjQ3NWg2LjY3MnYyLjIxMmgtNi42NzJ6bTAgNS4xNjJoNi42NzJ2Mi4yMTNoLTYuNjcyem0wIDUuMTYzaDYuNjcydjIuMjEyaC02LjY3MnptOS42MzgtMTAuMzI1aDYuNjcydjIuMjEyaC02LjY3MnptMCA1LjE2Mmg2LjY3MnYyLjIxM2gtNi42NzJ6bTAgNS4xNjNoNi42NzJ2Mi4yMTJoLTYuNjcyeiIvPjwvZz48L3N2Zz4="},"displayName":"Google Sheets","typeVersion":5,"nodeCategories":[{"id":3,"name":"Data & Storage"},{"id":4,"name":"Productivity"}]},{"id":19,"icon":"file:httprequest.svg","name":"n8n-nodes-base.httpRequest","codex":{"data":{"alias":["API","Request","URL","Build","cURL"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/automatically-pulling-and-visualizing-data-with-n8n/","icon":"📈","label":"Automatically pulling and visualizing data with n8n"},{"url":"https://n8n.io/blog/learn-how-to-automatically-cross-post-your-content-with-n8n/","icon":"✍️","label":"Learn how to automatically cross-post your content with n8n"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/what-are-apis-how-to-use-them-with-no-code/","icon":" 🪢","label":"What are APIs and how to use them with no code"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/world-poetry-day-workflow/","icon":"📜","label":"Celebrating World Poetry Day with a daily poem in Telegram"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/automate-designs-with-bannerbear-and-n8n/","icon":"🎨","label":"Automate Designs with Bannerbear and n8n"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/building-an-expense-tracking-app-in-10-minutes/","icon":"📱","label":"Building an expense tracking app in 10 minutes"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/how-to-use-the-http-request-node-the-swiss-army-knife-for-workflow-automation/","icon":"🧰","label":"How to use the HTTP Request Node - The Swiss Army Knife for Workflow Automation"},{"url":"https://n8n.io/blog/learn-how-to-use-webhooks-with-mattermost-slash-commands/","icon":"🦄","label":"Learn how to use webhooks with Mattermost slash commands"},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/a-low-code-bitcoin-ticker-built-with-questdb-and-n8n-io/","icon":"📈","label":"A low-code bitcoin ticker built with QuestDB and n8n.io"},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/automations-for-activists/","icon":"✨","label":"How Common Knowledge use workflow automation for activism"},{"url":"https://n8n.io/blog/creating-scheduled-text-affirmations-with-n8n/","icon":"🤟","label":"Creating scheduled text affirmations with n8n"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.httprequest/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"output\"]","defaults":{"name":"HTTP Request","color":"#0004F5"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHZpZXdCb3g9IjAgMCA0MCA0MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik00MCAyMEM0MCA4Ljk1MzE0IDMxLjA0NjkgMCAyMCAwQzguOTUzMTQgMCAwIDguOTUzMTQgMCAyMEMwIDMxLjA0NjkgOC45NTMxNCA0MCAyMCA0MEMzMS4wNDY5IDQwIDQwIDMxLjA0NjkgNDAgMjBaTTIwIDM2Ljk0NThDMTguODg1MiAzNi45NDU4IDE3LjEzNzggMzUuOTY3IDE1LjQ5OTggMzIuNjk4NUMxNC43OTY0IDMxLjI5MTggMTQuMTk2MSAyOS41NDMxIDEzLjc1MjYgMjcuNjg0N0gyNi4xODk4QzI1LjgwNDUgMjkuNTQwMyAyNS4yMDQ0IDMxLjI5MDEgMjQuNTAwMiAzMi42OTg1QzIyLjg2MjIgMzUuOTY3IDIxLjExNDggMzYuOTQ1OCAyMCAzNi45NDU4Wk0xMi45MDY0IDIwQzEyLjkwNjQgMjEuNjA5NyAxMy4wMDg3IDIzLjE2NCAxMy4yMDAzIDI0LjYzMDVIMjYuNzk5N0MyNi45OTEzIDIzLjE2NCAyNy4wOTM2IDIxLjYwOTcgMjcuMDkzNiAyMEMyNy4wOTM2IDE4LjM5MDMgMjYuOTkxMyAxNi44MzYgMjYuNzk5NyAxNS4zNjk1SDEzLjIwMDNDMTMuMDA4NyAxNi44MzYgMTIuOTA2NCAxOC4zOTAzIDEyLjkwNjQgMjBaTTIwIDMuMDU0MTlDMjEuMTE0OSAzLjA1NDE5IDIyLjg2MjIgNC4wMzA3OCAyNC41MDAxIDcuMzAwMzlDMjUuMjA2NiA4LjcxNDA4IDI1LjgwNzIgMTAuNDA2NyAyNi4xOTIgMTIuMzE1M0gxMy43NTAxQzE0LjE5MzMgMTAuNDA0NyAxNC43OTQyIDguNzEyNTQgMTUuNDk5OCA3LjMwMDY0QzE3LjEzNzcgNC4wMzA4MyAxOC44ODUxIDMuMDU0MTkgMjAgMy4wNTQxOVpNMzAuMTQ3OCAyMEMzMC4xNDc4IDE4LjQwOTkgMzAuMDU0MyAxNi44NjE3IDI5LjgyMjcgMTUuMzY5NUgzNi4zMDQyQzM2LjcyNTIgMTYuODQyIDM2Ljk0NTggMTguMzk2NCAzNi45NDU4IDIwQzM2Ljk0NTggMjEuNjAzNiAzNi43MjUyIDIzLjE1OCAzNi4zMDQyIDI0LjYzMDVIMjkuODIyN0MzMC4wNTQzIDIzLjEzODMgMzAuMTQ3OCAyMS41OTAxIDMwLjE0NzggMjBaTTI2LjI3NjcgNC4yNTUxMkMyNy42MzY1IDYuMzYwMTkgMjguNzExIDkuMTMyIDI5LjM3NzQgMTIuMzE1M0gzNS4xMDQ2QzMzLjI1MTEgOC42NjggMzAuMTA3IDUuNzgzNDYgMjYuMjc2NyA0LjI1NTEyWk0xMC42MjI2IDEyLjMxNTNINC44OTI5M0M2Ljc1MTQ3IDguNjY3ODQgOS44OTM1MSA1Ljc4MzQxIDEzLjcyMzIgNC4yNTUxM0MxMi4zNjM1IDYuMzYwMjEgMTEuMjg5IDkuMTMyMDEgMTAuNjIyNiAxMi4zMTUzWk0zLjA1NDE5IDIwQzMuMDU0MTkgMjEuNjAzIDMuMjc3NDMgMjMuMTU3NSAzLjY5NDg0IDI0LjYzMDVIMTAuMTIxN0M5Ljk0NjE5IDIzLjE0MiA5Ljg1MjIyIDIxLjU5NDMgOS44NTIyMiAyMEM5Ljg1MjIyIDE4LjQwNTcgOS45NDYxOSAxNi44NTggMTAuMTIxNyAxNS4zNjk1SDMuNjk0ODRDMy4yNzc0MyAxNi44NDI1IDMuMDU0MTkgMTguMzk3IDMuMDU0MTkgMjBaTTI2LjI3NjYgMzUuNzQyN0MyNy42MzY1IDMzLjYzOTMgMjguNzExIDMwLjg2OCAyOS4zNzc0IDI3LjY4NDdIMzUuMTA0NkMzMy4yNTEgMzEuMzMyMiAzMC4xMDY4IDM0LjIxNzkgMjYuMjc2NiAzNS43NDI3Wk0xMy43MjM0IDM1Ljc0MjdDOS44OTM2OSAzNC4yMTc5IDYuNzUxNTUgMzEuMzMyNCA0Ljg5MjkzIDI3LjY4NDdIMTAuNjIyNkMxMS4yODkgMzAuODY4IDEyLjM2MzUgMzMuNjM5MyAxMy43MjM0IDM1Ljc0MjdaIiBmaWxsPSIjM0E0MkU5Ii8+Cjwvc3ZnPgo="},"displayName":"HTTP Request","typeVersion":4,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":24,"icon":"file:merge.svg","name":"n8n-nodes-base.merge","codex":{"data":{"alias":["Join","Concatenate","Wait"],"resources":{"generic":[{"url":"https://n8n.io/blog/how-to-sync-data-between-two-systems/","icon":"🏬","label":"How to synchronize data between two systems (one-way vs. two-way sync"},{"url":"https://n8n.io/blog/supercharging-your-conference-registration-process-with-n8n/","icon":"🎫","label":"Supercharging your conference registration process with n8n"},{"url":"https://n8n.io/blog/migrating-community-metrics-to-orbit-using-n8n/","icon":"📈","label":"Migrating Community Metrics to Orbit using n8n"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.merge/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Merge"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTc3XzUxOCkiPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTAgNDhDMCAyMS40OTAzIDIxLjQ5MDMgMCA0OCAwSDExMkMxMzguNTEgMCAxNjAgMjEuNDkwMyAxNjAgNDhWNTZIMTk2LjI1MkMyNDAuNDM1IDU2IDI3Ni4yNTIgOTEuODE3MiAyNzYuMjUyIDEzNlYxOTJDMjc2LjI1MiAyMTQuMDkxIDI5NC4xNjEgMjMyIDMxNi4yNTIgMjMySDM1MlYyMjRDMzUyIDE5Ny40OSAzNzMuNDkgMTc2IDQwMCAxNzZINDY0QzQ5MC41MSAxNzYgNTEyIDE5Ny40OSA1MTIgMjI0VjI4OEM1MTIgMzE0LjUxIDQ5MC41MSAzMzYgNDY0IDMzNkg0MDBDMzczLjQ5IDMzNiAzNTIgMzE0LjUxIDM1MiAyODhWMjgwSDMxNi4yNTJDMjk0LjE2MSAyODAgMjc2LjI1MiAyOTcuOTA5IDI3Ni4yNTIgMzIwVjM3NkMyNzYuMjUyIDQyMC4xODMgMjQwLjQzNSA0NTYgMTk2LjI1MiA0NTZIMTYwVjQ2NEMxNjAgNDkwLjUxIDEzOC41MSA1MTIgMTEyIDUxMkg0OEMyMS40OTAzIDUxMiAwIDQ5MC41MSAwIDQ2NFY0MDBDMCAzNzMuNDkgMjEuNDkwMyAzNTIgNDggMzUySDExMkMxMzguNTEgMzUyIDE2MCAzNzMuNDkgMTYwIDQwMFY0MDhIMTk2LjI1MkMyMTMuOTI1IDQwOCAyMjguMjUyIDM5My42NzMgMjI4LjI1MiAzNzZWMzIwQzIyOC4yNTIgMjk0Ljc4NCAyMzguODU5IDI3Mi4wNDQgMjU1Ljg1MyAyNTZDMjM4Ljg1OSAyMzkuOTU2IDIyOC4yNTIgMjE3LjIxNiAyMjguMjUyIDE5MlYxMzZDMjI4LjI1MiAxMTguMzI3IDIxMy45MjUgMTA0IDE5Ni4yNTIgMTA0SDE2MFYxMTJDMTYwIDEzOC41MSAxMzguNTEgMTYwIDExMiAxNjBINDhDMjEuNDkwMyAxNjAgMCAxMzguNTEgMCAxMTJWNDhaTTEwNCA0OEMxMDguNDE4IDQ4IDExMiA1MS41ODE3IDExMiA1NlYxMDRDMTEyIDEwOC40MTggMTA4LjQxOCAxMTIgMTA0IDExMkg1NkM1MS41ODE3IDExMiA0OCAxMDguNDE4IDQ4IDEwNFY1NkM0OCA1MS41ODE3IDUxLjU4MTcgNDggNTYgNDhIMTA0Wk00NTYgMjI0QzQ2MC40MTggMjI0IDQ2NCAyMjcuNTgyIDQ2NCAyMzJWMjgwQzQ2NCAyODQuNDE4IDQ2MC40MTggMjg4IDQ1NiAyODhINDA4QzQwMy41ODIgMjg4IDQwMCAyODQuNDE4IDQwMCAyODBWMjMyQzQwMCAyMjcuNTgyIDQwMy41ODIgMjI0IDQwOCAyMjRINDU2Wk0xMTIgNDA4QzExMiA0MDMuNTgyIDEwOC40MTggNDAwIDEwNCA0MDBINTZDNTEuNTgxNyA0MDAgNDggNDAzLjU4MiA0OCA0MDhWNDU2QzQ4IDQ2MC40MTggNTEuNTgxNyA0NjQgNTYgNDY0SDEwNEMxMDguNDE4IDQ2NCAxMTIgNDYwLjQxOCAxMTIgNDU2VjQwOFoiIGZpbGw9IiM1NEI4QzkiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTc3XzUxOCI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Merge","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":47,"icon":"file:webhook.svg","name":"n8n-nodes-base.webhook","codex":{"data":{"alias":["HTTP","API","Build","WH"],"resources":{"generic":[{"url":"https://n8n.io/blog/learn-how-to-automatically-cross-post-your-content-with-n8n/","icon":"✍️","label":"Learn how to automatically cross-post your content with n8n"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/what-are-apis-how-to-use-them-with-no-code/","icon":" 🪢","label":"What are APIs and how to use them with no code"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/how-a-digital-strategist-uses-n8n-for-online-marketing/","icon":"💻","label":"How a digital strategist uses n8n for online marketing"},{"url":"https://n8n.io/blog/the-ultimate-guide-to-automate-your-video-collaboration-with-whereby-mattermost-and-n8n/","icon":"📹","label":"The ultimate guide to automate your video collaboration with Whereby, Mattermost, and n8n"},{"url":"https://n8n.io/blog/how-to-automatically-give-kudos-to-contributors-with-github-slack-and-n8n/","icon":"👏","label":"How to automatically give kudos to contributors with GitHub, Slack, and n8n"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/creating-custom-incident-response-workflows-with-n8n/","label":"How to automate every step of an incident response workflow"},{"url":"https://n8n.io/blog/learn-to-build-powerful-api-endpoints-using-webhooks/","icon":"🧰","label":"Learn to Build Powerful API Endpoints Using Webhooks"},{"url":"https://n8n.io/blog/learn-how-to-use-webhooks-with-mattermost-slash-commands/","icon":"🦄","label":"Learn how to use webhooks with Mattermost slash commands"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.webhook/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"trigger\"]","defaults":{"name":"Webhook"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0OCIgaGVpZ2h0PSI0OCI+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTM1IDM3Yy0yLjIgMC00LTEuOC00LTRzMS44LTQgNC00IDQgMS44IDQgNC0xLjggNC00IDQiLz48cGF0aCBmaWxsPSIjMzc0NzRmIiBkPSJNMzUgNDNjLTMgMC01LjktMS40LTcuOC0zLjdsMy4xLTIuNWMxLjEgMS40IDIuOSAyLjMgNC43IDIuMyAzLjMgMCA2LTIuNyA2LTZzLTIuNy02LTYtNmMtMSAwLTIgLjMtMi45LjdsLTEuNyAxTDIzLjMgMTZsMy41LTEuOSA1LjMgOS40YzEtLjMgMi0uNSAzLS41IDUuNSAwIDEwIDQuNSAxMCAxMFM0MC41IDQzIDM1IDQzIi8+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTE0IDQzQzguNSA0MyA0IDM4LjUgNCAzM2MwLTQuNiAzLjEtOC41IDcuNS05LjdsMSAzLjlDOS45IDI3LjkgOCAzMC4zIDggMzNjMCAzLjMgMi43IDYgNiA2czYtMi43IDYtNnYtMmgxNXY0SDIzLjhjLS45IDQuNi01IDgtOS44IDgiLz48cGF0aCBmaWxsPSIjZTkxZTYzIiBkPSJNMTQgMzdjLTIuMiAwLTQtMS44LTQtNHMxLjgtNCA0LTQgNCAxLjggNCA0LTEuOCA0LTQgNCIvPjxwYXRoIGZpbGw9IiMzNzQ3NGYiIGQ9Ik0yNSAxOWMtMi4yIDAtNC0xLjgtNC00czEuOC00IDQtNCA0IDEuOCA0IDQtMS44IDQtNCA0Ii8+PHBhdGggZmlsbD0iI2U5MWU2MyIgZD0ibTE1LjcgMzQtMy40LTIgNS45LTkuN2MtMi0xLjktMy4yLTQuNS0zLjItNy4zIDAtNS41IDQuNS0xMCAxMC0xMHMxMCA0LjUgMTAgMTBjMCAuOS0uMSAxLjctLjMgMi41bC0zLjktMWMuMS0uNS4yLTEgLjItMS41IDAtMy4zLTIuNy02LTYtNnMtNiAyLjctNiA2YzAgMi4xIDEuMSA0IDIuOSA1LjFsMS43IDF6Ii8+PC9zdmc+"},"displayName":"Webhook","typeVersion":2,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":112,"icon":"fa:map-signs","name":"n8n-nodes-base.switch","codex":{"data":{"alias":["Router","If","Path","Filter","Condition","Logic","Branch","Case"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"},{"url":"https://n8n.io/blog/automation-for-maintainers-of-open-source-projects/","icon":"🏷️","label":"How to automatically manage contributions to open-source projects"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.switch/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow"]}}},"group":"[\"transform\"]","defaults":{"name":"Switch","color":"#506000"},"iconData":{"icon":"map-signs","type":"icon"},"displayName":"Switch","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":514,"icon":"fa:pause-circle","name":"n8n-nodes-base.wait","codex":{"data":{"alias":["pause","sleep","delay","timeout"],"resources":{"generic":[{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.wait/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers","Flow"]}}},"group":"[\"organization\"]","defaults":{"name":"Wait","color":"#804050"},"iconData":{"icon":"pause-circle","type":"icon"},"displayName":"Wait","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":535,"icon":"file:webhook.svg","name":"n8n-nodes-base.respondToWebhook","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.respondtowebhook/"}]},"categories":["Core Nodes","Utility"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"transform\"]","defaults":{"name":"Respond to Webhook"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0OCIgaGVpZ2h0PSI0OCI+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTM1IDM3Yy0yLjIgMC00LTEuOC00LTRzMS44LTQgNC00IDQgMS44IDQgNC0xLjggNC00IDQiLz48cGF0aCBmaWxsPSIjMzc0NzRmIiBkPSJNMzUgNDNjLTMgMC01LjktMS40LTcuOC0zLjdsMy4xLTIuNWMxLjEgMS40IDIuOSAyLjMgNC43IDIuMyAzLjMgMCA2LTIuNyA2LTZzLTIuNy02LTYtNmMtMSAwLTIgLjMtMi45LjdsLTEuNyAxTDIzLjMgMTZsMy41LTEuOSA1LjMgOS40YzEtLjMgMi0uNSAzLS41IDUuNSAwIDEwIDQuNSAxMCAxMFM0MC41IDQzIDM1IDQzIi8+PHBhdGggZmlsbD0iIzM3NDc0ZiIgZD0iTTE0IDQzQzguNSA0MyA0IDM4LjUgNCAzM2MwLTQuNiAzLjEtOC41IDcuNS05LjdsMSAzLjlDOS45IDI3LjkgOCAzMC4zIDggMzNjMCAzLjMgMi43IDYgNiA2czYtMi43IDYtNnYtMmgxNXY0SDIzLjhjLS45IDQuNi01IDgtOS44IDgiLz48cGF0aCBmaWxsPSIjZTkxZTYzIiBkPSJNMTQgMzdjLTIuMiAwLTQtMS44LTQtNHMxLjgtNCA0LTQgNCAxLjggNCA0LTEuOCA0LTQgNCIvPjxwYXRoIGZpbGw9IiMzNzQ3NGYiIGQ9Ik0yNSAxOWMtMi4yIDAtNC0xLjgtNC00czEuOC00IDQtNCA0IDEuOCA0IDQtMS44IDQtNCA0Ii8+PHBhdGggZmlsbD0iI2U5MWU2MyIgZD0ibTE1LjcgMzQtMy40LTIgNS45LTkuN2MtMi0xLjktMy4yLTQuNS0zLjItNy4zIDAtNS41IDQuNS0xMCAxMC0xMHMxMCA0LjUgMTAgMTBjMCAuOS0uMSAxLjctLjMgMi41bC0zLjktMWMuMS0uNS4yLTEgLjItMS41IDAtMy4zLTIuNy02LTYtNnMtNiAyLjctNiA2YzAgMi4xIDEuMSA0IDIuOSA1LjFsMS43IDF6Ii8+PC9zdmc+"},"displayName":"Respond to Webhook","typeVersion":2,"nodeCategories":[{"id":7,"name":"Utility"},{"id":9,"name":"Core Nodes"}]},{"id":565,"icon":"fa:sticky-note","name":"n8n-nodes-base.stickyNote","codex":{"data":{"alias":["Comments","Notes","Sticky"],"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"input\"]","defaults":{"name":"Sticky Note","color":"#FFD233"},"iconData":{"icon":"sticky-note","type":"icon"},"displayName":"Sticky Note","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":834,"icon":"file:code.svg","name":"n8n-nodes-base.code","codex":{"data":{"alias":["cpde","Javascript","JS","Python","Script","Custom Code","Function"],"details":"The Code node allows you to execute JavaScript in your workflow.","resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.code/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Code"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTcxXzQ0MSkiPgo8cGF0aCBkPSJNMTcwLjI4MyA0OEgxOTYuNUMyMDMuMTI3IDQ4IDIwOC41IDQyLjYyNzQgMjA4LjUgMzZWMTJDMjA4LjUgNS4zNzI1OCAyMDMuMTI3IDAgMTk2LjUgMEgxNzAuMjgzQzEyNi4xIDAgOTAuMjgzIDM1LjgxNzIgOTAuMjgzIDgwVjE3NkM5MC4yODMgMjA2LjkyOCA2NS4yMTA5IDIzMiAzNC4yODMgMjMySDIzQzE2LjM3MjYgMjMyIDExIDIzNy4zNzIgMTEgMjQ0VjI2OEMxMSAyNzQuNjI3IDE2LjM3MjQgMjgwIDIyLjk5OTYgMjgwTDM0LjI4MyAyODBDNjUuMjEwOSAyODAgOTAuMjgzIDMwNS4wNzIgOTAuMjgzIDMzNlY0NDBDOTAuMjgzIDQ3OS43NjQgMTIyLjUxOCA1MTIgMTYyLjI4MyA1MTJIMTk2LjVDMjAzLjEyNyA1MTIgMjA4LjUgNTA2LjYyNyAyMDguNSA1MDBWNDc2QzIwOC41IDQ2OS4zNzMgMjAzLjEyNyA0NjQgMTk2LjUgNDY0SDE2Mi4yODNDMTQ5LjAyOCA0NjQgMTM4LjI4MyA0NTMuMjU1IDEzOC4yODMgNDQwVjMzNkMxMzguMjgzIDMwOS4wMjIgMTI4LjAxMSAyODQuNDQzIDExMS4xNjQgMjY1Ljk2MUMxMDYuMTA5IDI2MC40MTYgMTA2LjEwOSAyNTEuNTg0IDExMS4xNjQgMjQ2LjAzOUMxMjguMDExIDIyNy41NTcgMTM4LjI4MyAyMDIuOTc4IDEzOC4yODMgMTc2VjgwQzEzOC4yODMgNjIuMzI2OSAxNTIuNjEgNDggMTcwLjI4MyA0OFoiIGZpbGw9IiNGRjk5MjIiLz4KPHBhdGggZD0iTTMwNSAzNkMzMDUgNDIuNjI3NCAzMTAuMzczIDQ4IDMxNyA0OEgzNDIuOTc5QzM2MC42NTIgNDggMzc0Ljk3OCA2Mi4zMjY5IDM3NC45NzggODBWMTc2QzM3NC45NzggMjAyLjk3OCAzODUuMjUxIDIyNy41NTcgNDAyLjA5OCAyNDYuMDM5QzQwNy4xNTMgMjUxLjU4NCA0MDcuMTUzIDI2MC40MTYgNDAyLjA5OCAyNjUuOTYxQzM4NS4yNTEgMjg0LjQ0MyAzNzQuOTc4IDMwOS4wMjIgMzc0Ljk3OCAzMzZWNDMyQzM3NC45NzggNDQ5LjY3MyAzNjAuNjUyIDQ2NCAzNDIuOTc5IDQ2NEgzMTdDMzEwLjM3MyA0NjQgMzA1IDQ2OS4zNzMgMzA1IDQ3NlY1MDBDMzA1IDUwNi42MjcgMzEwLjM3MyA1MTIgMzE3IDUxMkgzNDIuOTc5QzM4Ny4xNjEgNTEyIDQyMi45NzggNDc2LjE4MyA0MjIuOTc4IDQzMlYzMzZDNDIyLjk3OCAzMDUuMDcyIDQ0OC4wNTEgMjgwIDQ3OC45NzkgMjgwSDQ5MEM0OTYuNjI3IDI4MCA1MDIgMjc0LjYyOCA1MDIgMjY4VjI0NEM1MDIgMjM3LjM3MyA0OTYuNjI4IDIzMiA0OTAgMjMyTDQ3OC45NzkgMjMyQzQ0OC4wNTEgMjMyIDQyMi45NzggMjA2LjkyOCA0MjIuOTc4IDE3NlY4MEM0MjIuOTc4IDM1LjgxNzIgMzg3LjE2MSAwIDM0Mi45NzkgMEgzMTdDMzEwLjM3MyAwIDMwNSA1LjM3MjU4IDMwNSAxMlYzNloiIGZpbGw9IiNGRjk5MjIiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTcxXzQ0MSI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Code","typeVersion":2,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":839,"icon":"fa:clock","name":"n8n-nodes-base.scheduleTrigger","codex":{"data":{"alias":["Time","Scheduler","Polling","Cron","Interval"],"resources":{"generic":[],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.scheduletrigger/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"trigger\",\"schedule\"]","defaults":{"name":"Schedule Trigger","color":"#31C49F"},"iconData":{"icon":"clock","type":"icon"},"displayName":"Schedule Trigger","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":844,"icon":"fa:filter","name":"n8n-nodes-base.filter","codex":{"data":{"alias":["Router","Filter","Condition","Logic","Boolean","Branch"],"details":"The Filter node can be used to filter items based on a condition. If the condition is met, the item will be passed on to the next node. If the condition is not met, the item will be omitted. Conditions can be combined together by AND(meet all conditions), or OR(meet at least one condition).","resources":{"generic":[],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.filter/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Filter","color":"#229eff"},"iconData":{"icon":"filter","type":"icon"},"displayName":"Filter","typeVersion":2,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":1119,"icon":"fa:robot","name":"@n8n/n8n-nodes-langchain.agent","codex":{"data":{"alias":["LangChain","Chat","Conversational","Plan and Execute","ReAct","Tools"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/root-nodes/n8n-nodes-langchain.agent/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Agents","Root Nodes"]}}},"group":"[\"transform\"]","defaults":{"name":"AI Agent","color":"#404040"},"iconData":{"icon":"robot","type":"icon"},"displayName":"AI Agent","typeVersion":3,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1145,"icon":"file:anthropic.svg","name":"@n8n/n8n-nodes-langchain.lmChatAnthropic","codex":{"data":{"alias":["claude","sonnet","opus"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.lmchatanthropic/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Language Models","Root Nodes"],"Language Models":["Chat Models (Recommended)"]}}},"group":"[\"transform\"]","defaults":{"name":"Anthropic Chat Model"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI0NiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iIzdEN0Q4NyIgZD0iTTMyLjczIDBoLTYuOTQ1TDM4LjQ1IDMyaDYuOTQ1ek0xMi42NjUgMCAwIDMyaDcuMDgybDIuNTktNi43MmgxMy4yNWwyLjU5IDYuNzJoNy4wODJMMTkuOTI5IDB6bS0uNzAyIDE5LjMzNyA0LjMzNC0xMS4yNDYgNC4zMzQgMTEuMjQ2eiIvPjwvc3ZnPg=="},"displayName":"Anthropic Chat Model","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]}],"categories":[{"id":29,"name":"SecOps"},{"id":49,"name":"AI Summarization"}],"image":[]}}