{"workflow":{"id":14127,"name":"Score DNS threats with VirusTotal, Abuse.ch, HashiCorp Vault and Gemini","views":43,"recentViews":1,"totalViews":43,"createdAt":"2026-03-17T17:21:48.745Z","description":"Stop fighting alerts and start orchestrating intelligence.\n\nThis workflow is a complete ecosystem designed to combat network threats in real-time. It transforms raw DNS logs into structured knowledge, leveraging Artificial Intelligence to make decisions that previously required hours of manual work by a SOC analyst.\nReal-World Problems it Solves:\n\n    Manual Threat Analysis: Automates the process of verifying suspicious domains and IP addresses across multiple CTI sources simultaneously.\n\n    Security Credential Management: Eliminates the risk of API key leaks through native integration with HashiCorp Vault.\n\n    Alert Fatigue: Thanks to built-in filtering logic, the system only notifies you when the AI Threat Score exceeds 5 (Malicious/Critical).\n\n    Data Fragmentation: Consolidates data from multiple CTI providers into a single, cohesive technical report.\n\nCore System Components:\n\nThe workflow manages and communicates with the following elements of your infrastructure:\n\n    Traffic Capture: Monitors passive DNS traffic to identify new Indicators of Compromise (IoCs).\n\n    Secret Engine: HashiCorp Vault provides database credentials and API tokens dynamically during workflow execution.\n\n    Intelligence Layer: Features three independent scanning branches: VirusTotal, Abuse_URLhaus, and Abuse_ThreatFox.\n\n    AI Brain: Google Gemini AI acts as a \"Senior Security Analyst,\" correlating data and generating verdicts in both English and Polish.\n\n    Automated Response: An email notification system triggered exclusively for confirmed high-risk threats.\n\nRelease v1.0.0 Highlights\n\nThis release (available on https://github.com/lukaszFD/cyber-sentinel/releases) marks the first fully stable production-ready version of the system.\n\nKey features of this release:\n\n    Full Ansible Orchestration: The entire stack—including Nginx, Vault, databases, and n8n—is deployed automatically using Ansible playbooks.\n\n    Infrastructure as Code (IaC): Secure deployment based on Ansible Vault, requiring only the population of credentials and the presence of a .vault_pass file.\n\n    Production-Ready: The system has been rigorously tested for stability in both Debian (Proxmox) and Raspberry Pi 5 environments.\n\nDocumentation : https://lukaszfd.github.io/cyber-sentinel/","workflow":{"id":"v6SbteXL5dW8fGKQ","meta":{"instanceId":"71c7fe4d131e80cb72eec0e26188a51a745f9f857c32d9cdf4587b1cb3816cfe","templateCredsSetupCompleted":true},"name":"Automated Domain & IP Reputation Guard with HashiCorp Vault","tags":[{"id":"Sp23rEbQB2Jd4jXe","name":"ThreatFox","createdAt":"2026-03-13T13:39:00.381Z","updatedAt":"2026-03-13T13:39:00.381Z"},{"id":"TIbt5FCaXtha7wlD","name":"VirusTotal","createdAt":"2026-03-13T13:38:34.538Z","updatedAt":"2026-03-13T13:38:34.538Z"},{"id":"bCcoQW7lpKvNTcSS","name":"Abuse.ch","createdAt":"2026-03-13T13:38:42.812Z","updatedAt":"2026-03-13T13:38:42.812Z"},{"id":"myyAYIm8lG8YODFq","name":"HashiCorpVault","createdAt":"2026-03-13T13:38:26.975Z","updatedAt":"2026-03-13T13:38:26.975Z"}],"nodes":[{"id":"84dca179-a0f0-49fd-8e5b-5feb60b26e82","name":"Schedule Trigger","type":"n8n-nodes-base.scheduleTrigger","position":[-3104,-496],"parameters":{"rule":{"interval":[{"field":"minutes","minutesInterval":15}]}},"typeVersion":1.3},{"id":"8bf1829c-9df2-41b2-a86e-75cc263170bb","name":"Select rows from a table","type":"n8n-nodes-base.mySql","position":[-2592,-496],"parameters":{"limit":1,"table":{"__rl":true,"mode":"name","value":"cyber_intelligence.v_pending_analysis"},"options":{},"operation":"select"},"credentials":{"mySql":{"id":"credential-id","name":"MySQL account"}},"typeVersion":2.5},{"id":"ff297aa5-0e9f-4f5e-b2e1-7a7eeaf96bf8","name":"VirusTotal IP Scan","type":"n8n-nodes-base.httpRequest","position":[-2160,-176],"parameters":{"":"","url":"=https://www.virustotal.com/api/v3/ip_addresses/{{ $('Select rows from a table').item.json.observable_ip }}","method":"GET","options":{},"sendBody":false,"sendQuery":false,"curlImport":"","infoMessage":"","sendHeaders":false,"authentication":"predefinedCredentialType","httpVariantWarning":"","nodeCredentialType":"virusTotalApi","provideSslCertificates":false},"credentials":{"virusTotalApi":{"id":"credential-id","name":"VirusTotal account"}},"typeVersion":4.4,"extendsCredential":"virusTotalApi"},{"id":"301ce32c-69d1-4561-809b-792422ada724","name":"If 'malicious' or 'suspicious'","type":"n8n-nodes-base.if","position":[-1968,-176],"parameters":{"options":{},"conditions":{"options":{"version":3,"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"or","conditions":[{"id":"f1809d7a-923a-4ef7-b24f-fcbf6b5cb41d","operator":{"type":"number","operation":"gt"},"leftValue":"={{ $json.data.attributes.last_analysis_stats.malicious }}","rightValue":1},{"id":"ca056a70-f3eb-4aa5-bae9-05bd477cf4ce","operator":{"type":"number","operation":"gt"},"leftValue":"={{ $json.data.attributes.last_analysis_stats.suspicious }}","rightValue":1}]}},"typeVersion":2.3},{"id":"a56ac689-7f44-4614-bf7e-940d85ce6c40","name":"Virus total API TOKEN","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[-2352,-176],"parameters":{"secretPath":"cyber-sentinel/api-keys/virustotal","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"2d61d46a-cd6d-4b12-a052-6cca8f988d34","name":"Gemini AI Studio","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[-752,-608],"parameters":{"secretPath":"cyber-sentinel/api-keys/gemini/home-network-guardian","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"a532302f-b601-47da-9197-9910b6c7b6df","name":"AI Agent","type":"@n8n/n8n-nodes-langchain.agent","position":[-592,-608],"parameters":{"text":"=ROLE:\nYou are a Senior Cyber Threat Intelligence Analyst in the Cyber Sentinel system. Your task is to evaluate an artifact based on aggregated data from VirusTotal, ThreatFox, and Urlhaus, and return a structured analysis.\n\nCONTEXT & SCORING POLICY:\nAssign exactly one threat score from the following scale:\nSCORE | DESCRIPTION | IS_MALICIOUS | CRITERIA\n1 | Safe / Clean | FALSE | 0 detections; known trusted services (Google, MS, GitHub).\n2 | Low Risk | FALSE | 1 detection (minor engine); no other evidence.\n3 | Informational | FALSE | Cloud/CDN IPs without active malware.\n4 | Unverified | FALSE | New domain, no history, no detections.\n5 | Suspicious | FALSE | Heuristics, bad reputation hosting, low confidence.\n6 | Likely Malicious | TRUE | 3-5 detections or grey-list presence.\n7 | Malicious | TRUE | Confirmed by at least 1 reputable engine or CTI report.\n8 | High Risk | TRUE | Critical detections, confirmed malware family (e.g., RAT).\n9 | Confirmed Malware | TRUE | Active malware hosting confirmed by Urlhaus.\n10 | Critical Threat | TRUE | Active C2 server confirmed by ThreatFox/Triage.\n\nDATA SOURCE PRE-ANALYSIS:\nBefore finalizing the score, you must analyze every variable returned by the source nodes:\n\nIMPORTANT: You will receive multiple threat intelligence reports in a single data object. You must synthesize ALL provided reports into ONE single evaluation. Do not generate separate outputs for each source.\n\nData : {{ JSON.stringify($('Code for Merge').item.json) }} \n\n1. VirusTotal Section (\"virustotal\"):\n   - If \"no_data\" is true, skip this source.\n   - Use \"vt_report\" for the textual summary.\n   - Analyze \"vt_stats\" (malicious/suspicious/undetected counts) and \"vt_malicious_count\" for raw detection levels.\n   - Check \"vt_owner\" and \"vt_is_big_player\" to identify if the infrastructure belongs to a trusted provider like Google or Microsoft.\n   - Reference \"vt_scan_date\" to determine the freshness of the data.\n\n2. ThreatFox Section (\"threatfox\"):\n   - If \"no_data\" is true, skip this source.\n   - Use \"threatfox_report\" for identified malware families and threat types.\n   - \"threatfox_active\" (boolean): If true, this indicates an actively confirmed threat.\n   - \"threatfox_max_confidence\": Use this to gauge the reliability of the report.\n\n3. Urlhaus Section (\"urlhaus\"):\n   - If \"no_data\" is true, skip this source.\n   - Use \"urlhaus_report\" for details on active malware distribution.\n   - \"is_active_threat\" (boolean): If true, the payload URL is currently online and dangerous.\n   - \"urlhaus_reference\": Use this for providing direct evidence links.\n\nDATA AVAILABILITY RULES:\n1. Each source (virustotal, threatfox, urlhaus) contains a \"no_data\" flag.\n2. If \"no_data\" is true, it means the artifact is not present in that database. Treat this as a clean result for that specific source.\n3. If all sources report \"no_data\": true, set threat_score to 1 (if it's a known big player) or 4 (if entirely unknown).\n\nANALYSIS RULES:\n1. Cross-Check: If ThreatFox or Urlhaus confirm active threats (threatfox_active: true or is_active_threat: true), the threat_score MUST be >= 8, regardless of low VirusTotal detections.\n2. Big Player Exception: If vt_is_big_player is true, exercise caution with low detection counts (<3) to avoid False Positives.\n3. Flagging: is_malicious MUST be true only if threat_score >= 6.\n4. Attribution: Identify the infrastructure owner using vt_owner and specify malware families (e.g., ValleyRAT) if present in threatfox or urlhaus reports.\n\nSTRICT JSON FORMATTING RULE:\n1. All string values (verdict_en, analysis_pl) MUST be single-line strings. NEVER use physical line breaks (\\n) inside string values.\n2. SQL ESCAPING: To prevent SQL syntax errors, you MUST replace every single quote (') found within the text with two single quotes (''). For example: 'malware' becomes ''malware''.\n3. Avoid using any special characters like backslashes (\\) or backticks (`) that could break JSON or SQL parsing.\n\nREQUIRED OUTPUT (STRICT JSON ONLY):\n{\n  \"threat_score\": [number 1-10],\n  \"is_malicious\": [boolean],\n  \"threat_label\": \"[Phishing / Botnet / C2 / Clean / Suspicious / Malware]\",\n  \"verdict_en\": \"[Technical summary for threat_indicators table - max 200 chars]\",\n  \"analysis_pl\": \"[Komentarz w jezyku Polskim dla Łukasza: 1. Właściciel IP/Hostingu. 2. Typ zagrożenia i wykryte rodziny malware. 3. Rekomendacja (Blokować/Monitorować/Zignorować)]\",\n  \"active_providers\": [\"virustotal\", \"threatfox\", \"urlhaus\"]\n}","options":{},"promptType":"define","hasOutputParser":true},"executeOnce":true,"typeVersion":3.1},{"id":"db7320d8-0d9f-4035-83ac-60eae5e0659a","name":"MySQL Pass","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[-2944,-496],"parameters":{"secretPath":"=cyber-sentinel/credentials/mysql/app_manager","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"fcc4211c-8807-4aa5-adc5-3abf05716f1d","name":"Google Gemini Chat Model","type":"@n8n/n8n-nodes-langchain.lmChatGoogleGemini","position":[-656,-384],"parameters":{"options":{}},"credentials":{"googlePalmApi":{"id":"credential-id","name":"Google Gemini(PaLM) Api account"}},"typeVersion":1},{"id":"583369e8-7519-42a2-9174-0b1b6a811372","name":"Parse AI Agent output","type":"n8n-nodes-base.code","position":[-224,-720],"parameters":{"jsCode":"let rawText = $json.output;\nlet cleanJson = rawText.replace(/```json\\n|```/g, \"\").trim();\ncleanJson = cleanJson.replace(/[\\r\\n]+/g, \" \");\n\ntry {\n  const data = JSON.parse(cleanJson);\n  const providerDetails = [];\n\n  // ULEPSZONA Funkcja pomocnicza\n  const getMongoId = (nodeName, providerKey) => {\n    try {\n      // Pobieramy wszystkie dane z danego węzła, nie tylko ostatni element\n      const nodeData = $(nodeName).all(); \n      \n      for (const entry of nodeData) {\n        if (entry.json && entry.json[providerKey] && entry.json[providerKey].mongo_id) {\n          return entry.json[providerKey].mongo_id;\n        }\n      }\n    } catch (e) {\n      return null;\n    }\n    return null;\n  };\n\n  // Logika sprawdzania dostawców pozostaje bez zmian, ale funkcja powyżej jest skuteczniejsza\n  if (data.active_providers.includes(\"virustotal\")) {\n    const vt_id = getMongoId('Data reduction and aggregation - VirusTotal', 'virustotal');\n    if (vt_id) providerDetails.push({ name: \"VirusTotal\", mongo_id: vt_id });\n  }\n\n  if (data.active_providers.includes(\"threatfox\")) {\n    const tf_id = getMongoId('Data reduction and aggregation - ThreatFox', 'threatfox');\n    if (tf_id) providerDetails.push({ name: \"Abuse_ThreatFox\", mongo_id: tf_id });\n  }\n\n  if (data.active_providers.includes(\"urlhaus\")) {\n    const uh_id = getMongoId('Data reduction and aggregation - Urlhaus', 'urlhaus');\n    if (uh_id) providerDetails.push({ name: \"Abuse_URLhaus\", mongo_id: uh_id });\n  }\n\n  return {\n    score: data.threat_score,\n    verdict_en: data.verdict_en,\n    analysis_pl: data.analysis_pl,\n    provider_details: providerDetails\n  };\n\n} catch (error) {\n  return { error: \"Parsing failed\", details: error.message, raw_received: rawText };\n}"},"typeVersion":2},{"id":"ce9c8563-971f-4531-a990-ecf3cd0024ab","name":"Insert AI verdict","type":"n8n-nodes-base.mySql","position":[0,-720],"parameters":{"query":"-- KROK 1: Wstawienie unikalnego werdyktu do nowej tabeli słownikowej\nINSERT INTO cyber_intelligence.ai_analysis_results (\n    threat_score, \n    verdict_summary_en, \n    analysis_pl\n) VALUES (\n    {{ $json.score }},\n    '{{ $json.verdict_en }}',\n    '{{ $json.analysis_pl }}'\n);\n\n-- Zapamiętujemy ID werdyktu\nSET @last_result_id = LAST_INSERT_ID();\n\n-- KROK 2: Wstawienie rekordu zdarzenia do threat_indicators\nINSERT INTO cyber_intelligence.threat_indicators (\n    dns_query_id,\n    type_id,\n    analysis_result_id,\n    last_scan\n) VALUES (\n    {{ $('Select rows from a table').item.json.dns_query_id }}, \n    (SELECT id FROM cyber_intelligence.dic_indicator_types WHERE name = 'IP'),\n    @last_result_id,\n    NOW()\n);\n\n-- Zapamiętujemy ID zdarzenia (do powiązania ze skanerami)\nSET @last_event_id = LAST_INSERT_ID();\n\n-- KROK 3: Dynamiczne wstawienie szczegółów skanerów (VirusTotal, ThreatFox itp.)\n{{ $json.provider_details.map(p => `\nINSERT INTO cyber_intelligence.threat_indicator_details (indicator_id, source_id, mongo_ref_id)\nSELECT @last_event_id, id, '${p.mongo_id}' \nFROM cyber_intelligence.dic_source_providers WHERE name = '${p.name}';\n`).join('\\n') }}\n\n-- Zwracamy ID zdarzenia dla kolejnych kroków (np. do maila)\nSELECT @last_event_id AS indicator_id;","options":{},"operation":"executeQuery"},"credentials":{"mySql":{"id":"credential-id","name":"MySQL account"}},"typeVersion":2.5,"alwaysOutputData":true},{"id":"adabcf0d-8191-4bf2-ba73-07e78d78006f","name":"Send an Email","type":"n8n-nodes-base.emailSend","position":[224,-448],"webhookId":"9541ce19-f72d-4402-a34e-3ccb6a42b261","parameters":{"html":"=<!DOCTYPE html>\n<html>\n<head>\n    <style>\n        body { font-family: 'Segoe UI', Tahoma, sans-serif; background-color: #121212; color: #e0e0e0; margin: 0; padding: 20px; }\n        .card { max-width: 600px; margin: auto; background: #1e1e1e; border: 1px solid #333; border-radius: 8px; overflow: hidden; border-top: 4px solid #f44336; }\n        .header { background: #263238; padding: 15px; text-align: center; }\n        .content { padding: 25px; }\n        .score-box { background: #2d2d2d; border-radius: 5px; padding: 10px; text-align: center; margin-bottom: 20px; border: 1px solid #444; }\n        .ip-addr { font-family: 'Courier New', monospace; color: #64ffda; font-size: 18px; font-weight: bold; }\n        .analysis { background: #252525; padding: 15px; border-radius: 4px; border-left: 4px solid #90caf9; font-size: 14px; line-height: 1.6; margin-top: 15px; }\n        .provider-tag { display: inline-block; background: #37474f; color: #cfd8dc; padding: 2px 8px; border-radius: 3px; font-size: 11px; margin-right: 5px; border: 1px solid #546e7a; }\n        .btn { display: inline-block; padding: 10px 20px; background-color: #f44336; color: white; text-decoration: none; border-radius: 4px; font-weight: bold; margin-top: 20px; font-size: 14px; }\n        .footer { text-align: center; font-size: 11px; color: #777; padding: 15px; }\n    </style>\n</head>\n<body>\n    <div class=\"card\">\n        <div class=\"header\">\n            <h2 style=\"margin:0; color: #ff5252;\">🚨 ALARM: Cyber Sentinel</h2>\n        </div>\n        <div class=\"content\">\n            <div class=\"score-box\">\n                <div style=\"font-size: 12px; text-transform: uppercase; color: #888; letter-spacing: 1px;\">Threat Severity Score</div>\n                <div style=\"font-size: 36px; font-weight: bold; color: #ff5252;\">{{ $node[\"Parse AI Agent output\"].json.score }}/10</div>\n            </div>\n\n            <p><strong>Obiekt (IP):</strong> <span class=\"ip-addr\">{{ $('Select rows from a table').item.json.observable_ip }}</span></p>\n            <p><strong>Powiązana domena:</strong> <span style=\"color: #90caf9;\">{{ $('Select rows from a table').item.json.fqdn }}</span></p>\n            \n            <div style=\"margin-top: 10px;\">\n                <strong style=\"font-size: 13px; color: #888;\">Aktywne źródła danych:</strong><br>\n                {{ $node[\"Parse AI Agent output\"].json.provider_details.map(p => `<span class=\"provider-tag\">${p.name}</span>`).join('') }}\n            </div>\n\n            <div class=\"analysis\">\n                <strong style=\"color: #90caf9;\">Analiza (PL):</strong><br>\n                <div style=\"margin-top: 5px;\">\n                    {{ $node[\"Parse AI Agent output\"].json.analysis_pl }}\n                </div>\n            </div>\n\n            <p style=\"color: #bbb; font-style: italic; font-size: 12px; margin-top: 15px; border-top: 1px solid #333; padding-top: 10px;\">\n                <strong>Technical Verdict:</strong> {{ $node[\"Parse AI Agent output\"].json.verdict_en }}\n            </p>\n\n            <div style=\"text-align: center;\">\n                <a href=\"https://rdap.arin.net/registry/ip/{{ $('Select rows from a table').item.json.observable_ip }}\" class=\"btn\">Sprawdź detale IP (RDAP)</a>\n            </div>\n        </div>\n        <div class=\"footer\">\n            System: <strong>Cyber Sentinel v1.0</strong><br>\n            Data: {{ new Date().toLocaleString('pl-PL') }}\n        </div>\n    </div>\n</body>\n</html>","options":{},"subject":"=Raport wygenerowany przez system Cyber Sentinel | Data: {{ new Date().toLocaleString('pl-PL') }}","toEmail":"user@example.com","fromEmail":"user@example.com"},"credentials":{"smtp":{"id":"credential-id","name":"SMTP account"}},"typeVersion":2.1},{"id":"643dbbfa-6be9-475d-862a-8ba4f895d136","name":"Abuse.CH_ThreatFox request","type":"n8n-nodes-base.httpRequest","position":[-2160,-528],"parameters":{"url":"https://threatfox-api.abuse.ch/api/v1/","method":"POST","options":{},"sendBody":true,"authentication":"genericCredentialType","bodyParameters":{"parameters":[{"name":"query","value":"search_ioc"},{"name":"search_term","value":"={{ $('Select rows from a table').item.json.fqdn }}"},{"name":"exact_match","value":"true"}]},"genericAuthType":"httpHeaderAuth"},"credentials":{"httpHeaderAuth":{"id":"credential-id","name":"Header Auth account"}},"typeVersion":4.4},{"id":"990717f4-746b-423a-a67c-1876f3cb4222","name":"Abuse API TOKEN","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[-2352,-720],"parameters":{"secretPath":"cyber-sentinel/api-keys/abuse/api-key","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"3ca870ed-b0c3-407c-8cf3-66d54593ae62","name":"Get Email Pass","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[0,-448],"parameters":{"secretPath":"cyber-sentinel/credentials/gmail/l94524506","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"0a02d8d8-5055-44a4-b165-848eb61e07e7","name":"Abuse.CH_URLHaus","type":"n8n-nodes-base.httpRequest","position":[-2144,-912],"parameters":{"url":"https://urlhaus-api.abuse.ch/v1/host/","method":"POST","options":{},"sendBody":true,"contentType":"form-urlencoded","authentication":"genericCredentialType","bodyParameters":{"parameters":[{"name":"host","value":"={{ $('Select rows from a table').item.json.fqdn }}"}]},"genericAuthType":"httpHeaderAuth"},"credentials":{"httpHeaderAuth":{"id":"credential-id","name":"Header Auth account"}},"typeVersion":4.4},{"id":"392f063c-7556-40d7-91cc-045f62268f1f","name":"Insert doc URLHaus","type":"n8n-nodes-base.mongoDb","position":[-1568,-1008],"parameters":{"fields":"=resource,type,source_provider,scan_date,raw_data","options":{"dateFields":"","useDotNotation":false},"operation":"insert","collection":"threat_data_raw"},"credentials":{"mongoDb":{"id":"credential-id","name":"MongoDB account"}},"typeVersion":1.2,"alwaysOutputData":false},{"id":"f941de13-8d24-4fd8-91cd-62921d64f886","name":"Edit Json for Mongo - URLHaus","type":"n8n-nodes-base.code","position":[-1744,-1008],"parameters":{"jsCode":"return {\n  resource: $('Select rows from a table').first().json.observable_ip,\n  type: 'FQDN',\n  source_provider: 'Abuse_URLhaus', \n  scan_date: new Date().toISOString(),\n  raw_data: $('Abuse.CH_URLHaus').item.json\n};"},"typeVersion":2},{"id":"61246457-db7e-4a4a-9252-c1490d95efc5","name":"Insert a clear scan - URLHaus","type":"n8n-nodes-base.mySql","position":[-1744,-800],"parameters":{"query":"-- 1. Wstawiamy bazowy wynik \"Clean\" do nowej tabeli wyników\nINSERT INTO cyber_intelligence.ai_analysis_results (\n    threat_score, \n    verdict_summary_en, \n    analysis_pl\n) VALUES (\n    1,\n    null,\n    null\n);\n\n-- 2. Pobieramy ID tego wyniku\nSET @last_clean_result_id = LAST_INSERT_ID();\n\n-- 3. Wstawiamy rekord do głównej tabeli zdarzeń (już bez source_id!)\nINSERT INTO cyber_intelligence.threat_indicators (\n    dns_query_id,\n    type_id,\n    analysis_result_id,\n    last_scan\n) VALUES (\n    {{ $('Select rows from a table').item.json.dns_query_id }}, \n    (SELECT id FROM cyber_intelligence.dic_indicator_types WHERE name = 'FQDN'),\n    @last_clean_result_id,\n    NOW()\n);\n\n-- 4. Rejestrujemy, który skaner to zaraportował w tabeli szczegółów\nINSERT INTO cyber_intelligence.threat_indicator_details (\n    indicator_id, \n    source_id, \n    mongo_ref_id\n) VALUES (\n    LAST_INSERT_ID(),\n    (SELECT id FROM cyber_intelligence.dic_source_providers WHERE name = 'Abuse_URLhaus'),\n    'NO_DATA'\n);","options":{},"operation":"executeQuery"},"credentials":{"mySql":{"id":"credential-id","name":"MySQL account"}},"typeVersion":2.5},{"id":"3052da02-3e4f-4296-acdb-5046b1c096a0","name":"Edit Json for Mongo - ThreatFox","type":"n8n-nodes-base.code","position":[-1744,-608],"parameters":{"jsCode":"return {\n  resource: $('Select rows from a table').first().json.observable_ip,\n  type: 'FQDN',\n  source_provider: 'Abuse_ThreatFox', \n  scan_date: new Date().toISOString(),\n  raw_data: $('Abuse.CH_ThreatFox request').item.json\n};"},"typeVersion":2},{"id":"6d692e11-3337-4359-b4c2-c8240c435155","name":"Insert a clear scan - ThreatFox","type":"n8n-nodes-base.mySql","position":[-1744,-432],"parameters":{"query":"-- 1. Wstawienie bazowego werdyktu \"Safe\" do nowej tabeli wyników\n-- Robimy to, aby zachować spójność relacji (analysis_result_id)\nINSERT INTO cyber_intelligence.ai_analysis_results (\n    threat_score, \n    verdict_summary_en, \n    analysis_pl\n) VALUES (\n    1,\n    null,\n    null\n);\n\n-- Zapamiętujemy ID tego wyniku\nSET @last_clean_res_id = LAST_INSERT_ID();\n\n-- 2. Wstawienie rekordu zdarzenia do threat_indicators\nINSERT INTO cyber_intelligence.threat_indicators (\n    dns_query_id,\n    type_id,\n    analysis_result_id,\n    last_scan\n) VALUES (\n    {{ $('Select rows from a table').item.json.dns_query_id }}, \n    (SELECT id FROM cyber_intelligence.dic_indicator_types WHERE name = 'IP'),\n    @last_clean_res_id,\n    NOW()\n);\n\n-- Zapamiętujemy ID zdarzenia (indicator_id)\nSET @last_event_id = LAST_INSERT_ID();\n\n-- 3. Rejestracja konkretnego skanera w tabeli szczegółów\nINSERT INTO cyber_intelligence.threat_indicator_details (\n    indicator_id, \n    source_id, \n    mongo_ref_id\n) VALUES (\n    @last_event_id,\n    (SELECT id FROM cyber_intelligence.dic_source_providers WHERE name = 'Abuse_ThreatFox'),\n    '{{ $json.mongo_id || \"NO_DATA\" }}' -- Używa mongo_id jeśli istnieje, inaczej \"NO_DATA\"\n);","options":{},"operation":"executeQuery"},"credentials":{"mySql":{"id":"credential-id","name":"MySQL account"}},"typeVersion":2.5},{"id":"fc72827d-518f-4148-827b-738fbe1149a7","name":"Insert doc ThreatFox","type":"n8n-nodes-base.mongoDb","position":[-1568,-608],"parameters":{"fields":"=resource,type,source_provider,scan_date,raw_data","options":{"dateFields":"","useDotNotation":false},"operation":"insert","collection":"threat_data_raw"},"credentials":{"mongoDb":{"id":"credential-id","name":"MongoDB account"}},"typeVersion":1.2,"alwaysOutputData":false},{"id":"450424c2-bdcd-45a5-b36c-be2a9d646ee4","name":"Insert a clear scan - VirusTotal","type":"n8n-nodes-base.mySql","position":[-1744,-48],"parameters":{"query":"-- 1. Wstawienie neutralnego werdyktu do nowej tabeli wyników\nINSERT INTO cyber_intelligence.ai_analysis_results (\n    threat_score, \n    verdict_summary_en, \n    analysis_pl\n) VALUES (\n    1,\n    null,\n    null\n);\n\n-- Zapamiętujemy ID werdyktu\nSET @last_vt_clean_res_id = LAST_INSERT_ID();\n\n-- 2. Wstawienie rekordu do głównej tabeli zdarzeń (rejestr skanowania)\nINSERT INTO cyber_intelligence.threat_indicators (\n    dns_query_id,\n    type_id,\n    analysis_result_id,\n    last_scan\n) VALUES (\n    {{ $('Select rows from a table').item.json.dns_query_id }}, \n    (SELECT id FROM cyber_intelligence.dic_indicator_types WHERE name = 'IP'),\n    @last_vt_clean_res_id,\n    NOW()\n);\n\n-- Zapamiętujemy ID zdarzenia (indicator_id)\nSET @last_vt_event_id = LAST_INSERT_ID();\n\n-- 3. Powiązanie skanera VirusTotal w tabeli szczegółów\nINSERT INTO cyber_intelligence.threat_indicator_details (\n    indicator_id, \n    source_id, \n    mongo_ref_id\n) VALUES (\n    @last_vt_event_id,\n    (SELECT id FROM cyber_intelligence.dic_source_providers WHERE name = 'VirusTotal'),\n    '{{ $json.mongo_id || \"NO_DATA\" }}'\n);","options":{},"operation":"executeQuery"},"credentials":{"mySql":{"id":"credential-id","name":"MySQL account"}},"typeVersion":2.5},{"id":"d37f9a57-2001-4922-b76b-2ac3f08b851a","name":"Edit Json for Mongo - VirusTotal","type":"n8n-nodes-base.code","position":[-1744,-240],"parameters":{"jsCode":"return {\n  resource: $('If \\'malicious\\' or \\'suspicious\\'').item.json.data.id, \n  type: \"IP\",\n  source_provider: \"VirusTotal\", \n  scan_date: new Date().toISOString(),\n  raw_data: $('VirusTotal IP Scan').item.json.data \n};"},"typeVersion":2},{"id":"906ced4e-8588-4a7e-8367-d7e4a3735e87","name":"Mongo DB Pass","type":"n8n-nodes-hashi-vault.hashiCorpVault","position":[-2768,-496],"parameters":{"secretPath":"cyber-sentinel/credentials/mongodb/admin","additionalFields":{}},"credentials":{"hashiCorpVaultApi":{"id":"credential-id","name":"HashiCorp Vault account"}},"typeVersion":1},{"id":"dba05af7-2214-46f8-a689-9f3535e89995","name":"Insert doc VirusTotal","type":"n8n-nodes-base.mongoDb","position":[-1568,-240],"parameters":{"fields":"=resource,type,source_provider,scan_date,raw_data","options":{"dateFields":"","useDotNotation":false},"operation":"insert","collection":"threat_data_raw"},"credentials":{"mongoDb":{"id":"credential-id","name":"MongoDB account"}},"typeVersion":1.2,"alwaysOutputData":false},{"id":"f5f11f7c-b94b-4b92-a8d9-8a49fdd3c756","name":"Data reduction and aggregation - Urlhaus","type":"n8n-nodes-base.code","position":[-1376,-848],"parameters":{"jsCode":"const item = $input.item.json;\nconst raw = item.raw_data || {};\nconst urls = raw.urls || [];\nconst mongoId = item.id || null;\n\nconst onlineCount = urls.filter(u => u.url_status === 'online').length;\n\nconst tagMap = {};\nurls.flatMap(u => u.tags || []).forEach(tag => {\n    const cleanTag = tag.trim().toLowerCase();\n    tagMap[cleanTag] = (tagMap[cleanTag] || 0) + 1;\n});\n\nconst topTags = Object.entries(tagMap)\n    .sort((a, b) => b[1] - a[1])\n    .slice(0, 5)\n    .map(entry => `${entry[0]} (${entry[1]}x)`)\n    .join(', ');\n\nconst criticalKeywords = ['c2', 'cobaltstrike', 'rat', 'ransomware', 'brute', 'infostealer', 'stealer', 'brat'];\nconst foundCritical = Object.keys(tagMap).filter(tag => criticalKeywords.includes(tag));\n\nconst urlhausRef = raw.urlhaus_reference || \"No reference link available\";\n\nlet report = `SOURCE: Abuse_URLhaus\\n`;\nif (urls.length === 0 && !raw.urlhaus_reference) {\n    report += \"STATUS: No data available from this source.\";\n} else {\n    report += `- Total URLs in DB: ${raw.url_count || 0}\\n`;\n    report += `- Active (Online) URLs: ${onlineCount} / ${urls.length} (analyzed sample)\\n`;\n    report += `- Top Tags: ${topTags || 'None'}\\n`;\n    report += `- Reference: ${urlhausRef}\\n`; // Dodany atrybut do tekstu\n    \n    if (foundCritical.length > 0) {\n        report += `- CRITICAL FLAGS DETECTED: ${foundCritical.join(', ').toUpperCase()}\\n`;\n    }\n}\n\nif (urls.length === 0 && !raw.urlhaus_reference) {\n    return {\n        \"urlhaus\": {\n            \"no_data\": true,\n            \"urlhaus_report\": \"SOURCE: Abuse_URLhaus\\nSTATUS: No data available.\"\n        }\n    };\n}\n\nreturn {\n    \"urlhaus\": {\n        \"no_data\": false,\n        \"urlhaus_report\": report,\n        \"is_active_threat\": onlineCount > 0,\n        \"urlhaus_reference\": urlhausRef,\n        \"mongo_id\": mongoId\n    }\n};"},"typeVersion":2},{"id":"e08faa3a-62a3-4237-8656-a0f54c7889d3","name":"Data reduction and aggregation - ThreatFox","type":"n8n-nodes-base.code","position":[-1376,-608],"parameters":{"jsCode":"const item = $input.item.json;\nconst raw = item.raw_data || {};\nconst dataList = raw.data || [];\nconst mongoId = item.id || null;\n\nconst malwareFamilies = [...new Set(dataList.map(d => d.malware_printable).filter(m => m))];\nconst threatTypes = [...new Set(dataList.map(d => d.threat_type).filter(t => t))];\n\nconst confidenceScores = dataList.map(d => d.confidence_level).filter(c => c !== undefined);\nconst avgConfidence = confidenceScores.length > 0 \n    ? (confidenceScores.reduce((a, b) => a + b, 0) / confidenceScores.length).toFixed(0) \n    : 0;\n\nconst tagMap = {};\ndataList.flatMap(d => d.tags || []).forEach(tag => {\n    const cleanTag = tag.trim();\n    tagMap[cleanTag] = (tagMap[cleanTag] || 0) + 1;\n});\nconst topTags = Object.entries(tagMap)\n    .sort((a, b) => b[1] - a[1])\n    .slice(0, 5)\n    .map(e => e[0])\n    .join(', ');\n\nconst externalRef = dataList.length > 0 ? dataList[0].reference : \"No reference available\";\n\nlet report = `SOURCE: Abuse_ThreatFox\\n`;\nif (dataList.length === 0 || raw.query_status !== \"ok\") {\n    report += \"STATUS: No indicators found for this resource.\";\n} else {\n    report += `- Detections Found: ${dataList.length}\\n`;\n    report += `- Malware Families: ${malwareFamilies.join(', ') || 'Unknown'}\\n`;\n    report += `- Threat Types: ${threatTypes.join(', ') || 'Unknown'}\\n`;\n    report += `- Average Confidence: ${avgConfidence}%\\n`;\n    report += `- Top Tags: ${topTags || 'None'}\\n`;\n    report += `- Reference: ${externalRef}\\n`;\n}\n\nif (dataList.length === 0 || raw.query_status !== \"ok\") {\n    return {\n        \"threatfox\": {\n            \"no_data\": true,\n            \"threatfox_report\": \"SOURCE: Abuse_ThreatFox\\nSTATUS: No indicators found.\",\n            \"mongo_id\": mongoId\n        }\n    };\n}\n\nreturn {\n    \"threatfox\": {\n        \"no_data\": false,\n        \"threatfox_report\": report,\n        \"threatfox_active\": dataList.length > 0,\n        \"threatfox_max_confidence\": Math.max(...confidenceScores, 0),\n        \"mongo_id\": mongoId\n    }\n};"},"typeVersion":2},{"id":"22f949e1-9fc7-41b6-bcec-3582c355a217","name":"Data reduction and aggregation - VirusTotal","type":"n8n-nodes-base.code","position":[-1376,-352],"parameters":{"jsCode":"// Get item from n8n input\nconst item = $input.item.json;\n\nconst mongoId = item.id || null;\n\n// Target the correct path in your specific JSON\nconst attr = item.raw_data && item.raw_data.attributes ? item.raw_data.attributes : {};\n\n// 1. Get Analysis Stats\nconst stats = attr.last_analysis_stats || {};\nconst malCount = stats.malicious || 0;\nconst susCount = stats.suspicious || 0;\nconst undCount = stats.undetected || 0;\n\n// 2. Get Engines that flagged it (Malicious/Suspicious)\nconst results = attr.last_analysis_results || {};\nconst flaggedBy = [];\n\nObject.keys(results).forEach(engine => {\n    if (results[engine].category === 'malicious' || results[engine].category === 'suspicious') {\n        flaggedBy.push(`${engine} (${results[engine].result})`);\n    }\n});\n\n// 3. Network & Ownership\nconst asOwner = attr.as_owner || \"Unknown Owner\";\nconst network = attr.network || \"Unknown Network\";\nconst rdap = attr.rdap || {};\nconst ipRange = (rdap.start_address && rdap.end_address) \n    ? `${rdap.start_address} - ${rdap.end_address}` \n    : \"Range not specified\";\n\n// 4. Build the report string\nlet report = `SOURCE: VirusTotal\\n`;\nreport += `- Owner: ${asOwner}\\n`;\nreport += `- Network: ${network}\\n`;\nreport += `- IP Range: ${ipRange}\\n`;\nreport += `- Stats: Malicious: ${malCount}, Suspicious: ${susCount}, Undetected: ${undCount}\\n`;\n\nif (flaggedBy.length > 0) {\n    report += `- Flagged by: ${flaggedBy.join(', ')}\\n`;\n}\n\n// 5. Check if it's a Big Player\nconst bigPlayers = [\"github\", \"google\", \"microsoft\", \"amazon\", \"cloudflare\"];\nconst isBigPlayer = bigPlayers.some(p => asOwner.toLowerCase().includes(p));\n\nif (!item.raw_data || !item.raw_data.attributes) {\n    return {\n        \"virustotal\": {\n            \"no_data\": true,\n            \"vt_report\": \"SOURCE: VirusTotal\\nSTATUS: No data found for this resource.\",\n            \"mongo_id\": mongoId\n        }\n    };\n}\n\nreturn {\n    \"virustotal\": {\n        \"no_data\": false,\n        \"vt_report\": report,\n        \"vt_stats\": stats,\n        \"vt_owner\": asOwner,\n        \"vt_is_big_player\": isBigPlayer,\n        \"vt_malicious_count\": malCount,\n        \"vt_scan_date\": item.scan_date,\n        \"mongo_id\": mongoId\n    }\n};"},"typeVersion":2},{"id":"5116e479-f768-40d5-bda2-5a11ed457aff","name":"Merge","type":"n8n-nodes-base.merge","position":[-1104,-624],"parameters":{"numberInputs":3},"typeVersion":3.2},{"id":"b14246cd-3917-44a5-9ebc-27e90118387c","name":"Code for Merge","type":"n8n-nodes-base.code","position":[-928,-608],"parameters":{"jsCode":"// Łączymy wszystkie elementy z wejścia w jeden obiekt\nlet combinedData = {};\n\nfor (const item of $input.all()) {\n  // Scalamy właściwości (np. virustotal, threatfox, urlhaus) w jeden obiekt\n  Object.assign(combinedData, item.json);\n}\n\nreturn combinedData;"},"typeVersion":2},{"id":"34ac24c9-e2bf-4f03-ad2a-8c8c57218632","name":"Sticky Note","type":"n8n-nodes-base.stickyNote","position":[-3136,-592],"parameters":{"color":7,"width":672,"height":288,"content":"## Orchestration & Data Ingestion\n\n"},"typeVersion":1},{"id":"c79b8cfa-45c8-4173-a58d-62a6adc8679d","name":"Sticky Note1","type":"n8n-nodes-base.stickyNote","position":[-2400,-992],"parameters":{"color":7,"width":576,"height":992,"content":"## Multi-Source Threat Intelligence Enrichment\n\n"},"typeVersion":1},{"id":"4a9b306d-a43b-49b3-8c60-1f29ccb12798","name":"Sticky Note2","type":"n8n-nodes-base.stickyNote","position":[-1808,-1088],"parameters":{"color":7,"width":624,"height":1232,"content":"## Dual-Layer Persistence Strategy\n"},"typeVersion":1},{"id":"733bed6a-a760-4f3e-9cfa-507a133d3e6e","name":"Sticky Note3","type":"n8n-nodes-base.stickyNote","position":[-1152,-752],"parameters":{"color":7,"width":800,"height":512,"content":"## AI Synthesis & Cognitive Analysis\n\n"},"typeVersion":1},{"id":"9397274e-2b43-4311-bb10-71917f04eaa2","name":"Sticky Note4","type":"n8n-nodes-base.stickyNote","position":[-320,-800],"parameters":{"color":7,"width":688,"height":528,"content":"## Incident Reporting & Remediation\n\n"},"typeVersion":1},{"id":"283c9478-9c26-457b-8523-e2fe91da72cc","name":"If query_status = ok - UrlHause","type":"n8n-nodes-base.if","position":[-1968,-912],"parameters":{"options":{},"conditions":{"options":{"version":3,"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"id":"f2e261a0-b1c9-4db5-8d57-112a5d5e20f7","operator":{"type":"string","operation":"equals"},"leftValue":"={{ $json.query_status }}","rightValue":"ok"}]}},"typeVersion":2.3},{"id":"12f99d4d-1cee-47ab-bef6-3770dd24fea0","name":"If query_status = ok - ThretFox","type":"n8n-nodes-base.if","position":[-1968,-528],"parameters":{"options":{},"conditions":{"options":{"version":3,"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"id":"024c712f-29c5-49ed-8152-ac5fafac7816","operator":{"type":"string","operation":"equals"},"leftValue":"={{ $json.query_status }}","rightValue":"ok"}]}},"typeVersion":2.3},{"id":"b4748bfd-2c53-4ae2-8df1-1dcba238a284","name":"Filter","type":"n8n-nodes-base.filter","position":[-224,-448],"parameters":{"options":{},"conditions":{"options":{"version":3,"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"id":"ddba4411-bc87-4bff-b539-a37973baa1da","operator":{"type":"number","operation":"gt"},"leftValue":"={{ $('Parse AI Agent output').item.json.score }}","rightValue":5}]}},"typeVersion":2.3},{"id":"3ada188a-28ca-46c6-8387-a07bf03fdd63","name":"Sticky Note5","type":"n8n-nodes-base.stickyNote","position":[-3840,-784],"parameters":{"width":688,"height":608,"content":"# 🛡️ Project: Cyber Sentinel\n\n### **Purpose**\nAutonomous **Cyber Threat Intelligence (CTI)** & **Passive DNS Monitoring**. This workflow orchestrates the analysis of DNS telemetry using AI to detect malicious patterns and trigger autonomous response playbooks.\n\n---\n\n### **🚀 Setup Instructions**\n1.  **Secret Management:** Ensure **HashiCorp Vault** is connected to handle API keys and credentials securely.\n2.  **AI Engine:** Configure the **Ollama/Gemini** node to enable bilingual threat assessment (**EN/PL**).\n3.  **Data Layer:** Verify the connection to the **PostgreSQL** database (Neural Lake) for indicator enrichment.\n\n---\n\n### **🔗 Resources**\n* **Documentation:** [https://lukaszfd.github.io/cyber-sentinel/](https://lukaszfd.github.io/cyber-sentinel/)\n* **Author:** Łukasz Dejko"},"typeVersion":1}],"active":true,"pinData":{},"settings":{"binaryMode":"separate","callerPolicy":"workflowsFromSameOwner","timeSavedMode":"fixed","availableInMCP":false,"executionOrder":"v1"},"versionId":"28f07f6a-acfa-4b5a-8d9a-00f7960775fd","connections":{"Merge":{"main":[[{"node":"Code for Merge","type":"main","index":0}]]},"Filter":{"main":[[{"node":"Get Email Pass","type":"main","index":0}]]},"AI Agent":{"main":[[{"node":"Parse AI Agent output","type":"main","index":0}]]},"MySQL Pass":{"main":[[{"node":"Mongo DB Pass","type":"main","index":0}]]},"Mongo DB Pass":{"main":[[{"node":"Select rows from a table","type":"main","index":0}]]},"Send an Email":{"main":[[]]},"Code for Merge":{"main":[[{"node":"Gemini AI Studio","type":"main","index":0}]]},"Get Email Pass":{"main":[[{"node":"Send an Email","type":"main","index":0}]]},"Abuse API TOKEN":{"main":[[{"node":"Abuse.CH_ThreatFox request","type":"main","index":0},{"node":"Abuse.CH_URLHaus","type":"main","index":0}]]},"Abuse.CH_URLHaus":{"main":[[{"node":"If query_status = ok - UrlHause","type":"main","index":0}]]},"Gemini AI Studio":{"main":[[{"node":"AI Agent","type":"main","index":0}]]},"Schedule Trigger":{"main":[[{"node":"MySQL Pass","type":"main","index":0}]]},"Insert AI verdict":{"main":[[{"node":"Filter","type":"main","index":0}]]},"Insert doc URLHaus":{"main":[[{"node":"Data reduction and aggregation - Urlhaus","type":"main","index":0}]]},"VirusTotal IP Scan":{"main":[[{"node":"If 'malicious' or 'suspicious'","type":"main","index":0}]]},"Insert doc ThreatFox":{"main":[[{"node":"Data reduction and aggregation - ThreatFox","type":"main","index":0}]]},"Insert doc VirusTotal":{"main":[[{"node":"Data reduction and aggregation - VirusTotal","type":"main","index":0}]]},"Parse AI Agent output":{"main":[[{"node":"Insert AI verdict","type":"main","index":0}]]},"Virus total API TOKEN":{"main":[[{"node":"VirusTotal IP Scan","type":"main","index":0}]]},"Google Gemini Chat Model":{"ai_languageModel":[[{"node":"AI Agent","type":"ai_languageModel","index":0}]]},"Select rows from a table":{"main":[[{"node":"Virus total API TOKEN","type":"main","index":0},{"node":"Abuse API TOKEN","type":"main","index":0}]]},"Abuse.CH_ThreatFox request":{"main":[[{"node":"If query_status = ok - ThretFox","type":"main","index":0}]]},"Edit Json for Mongo - URLHaus":{"main":[[{"node":"Insert doc URLHaus","type":"main","index":0}]]},"If 'malicious' or 'suspicious'":{"main":[[{"node":"Edit Json for Mongo - VirusTotal","type":"main","index":0}],[{"node":"Insert a clear scan - VirusTotal","type":"main","index":0}]]},"Edit Json for Mongo - ThreatFox":{"main":[[{"node":"Insert doc ThreatFox","type":"main","index":0}]]},"If query_status = ok - ThretFox":{"main":[[{"node":"Edit Json for Mongo - ThreatFox","type":"main","index":0}],[{"node":"Insert a clear scan - ThreatFox","type":"main","index":0}]]},"If query_status = ok - UrlHause":{"main":[[{"node":"Edit Json for Mongo - URLHaus","type":"main","index":0}],[{"node":"Insert a clear scan - URLHaus","type":"main","index":0}]]},"Edit Json for Mongo - VirusTotal":{"main":[[{"node":"Insert doc VirusTotal","type":"main","index":0}]]},"Data reduction and aggregation - Urlhaus":{"main":[[{"node":"Merge","type":"main","index":0}]]},"Data reduction and aggregation - ThreatFox":{"main":[[{"node":"Merge","type":"main","index":1}]]},"Data reduction and aggregation - VirusTotal":{"main":[[{"node":"Merge","type":"main","index":2}]]}}},"lastUpdatedBy":1,"workflowInfo":{"nodeCount":40,"nodeTypes":{"n8n-nodes-base.if":{"count":3},"n8n-nodes-base.code":{"count":8},"n8n-nodes-base.merge":{"count":1},"n8n-nodes-base.mySql":{"count":5},"n8n-nodes-base.filter":{"count":1},"n8n-nodes-base.mongoDb":{"count":3},"n8n-nodes-base.emailSend":{"count":1},"n8n-nodes-base.stickyNote":{"count":6},"n8n-nodes-base.httpRequest":{"count":3},"@n8n/n8n-nodes-langchain.agent":{"count":1},"n8n-nodes-base.scheduleTrigger":{"count":1},"n8n-nodes-hashi-vault.hashiCorpVault":{"count":6},"@n8n/n8n-nodes-langchain.lmChatGoogleGemini":{"count":1}}},"status":"published","readyToDemo":null,"user":{"name":"Lukasz FD","username":"lukaszfd","bio":"","verified":false,"links":["https://www.linkedin.com/in/lukaszfd84/"],"avatar":"https://gravatar.com/avatar/899e3f874a1a7769cd71e95dd589dc400344ebd1fcdf7c6347cef7e8551ff466?r=pg&d=retro&size=200"},"nodes":[{"id":11,"icon":"fa:envelope","name":"n8n-nodes-base.emailSend","codex":{"data":{"alias":["SMTP","email","human","form","wait","hitl","approval"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.sendemail/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/sendemail/"}]},"categories":["Communication","HITL","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"HITL":["Human in the Loop"]}}},"group":"[\"output\"]","defaults":{"name":"Send Email","color":"#00bb88"},"iconData":{"icon":"envelope","type":"icon"},"displayName":"Send Email","typeVersion":2,"nodeCategories":[{"id":6,"name":"Communication"},{"id":9,"name":"Core Nodes"},{"id":28,"name":"HITL"}]},{"id":19,"icon":"file:httprequest.svg","name":"n8n-nodes-base.httpRequest","codex":{"data":{"alias":["API","Request","URL","Build","cURL"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/automatically-pulling-and-visualizing-data-with-n8n/","icon":"📈","label":"Automatically pulling and visualizing data with n8n"},{"url":"https://n8n.io/blog/learn-how-to-automatically-cross-post-your-content-with-n8n/","icon":"✍️","label":"Learn how to automatically cross-post your content with n8n"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/what-are-apis-how-to-use-them-with-no-code/","icon":" 🪢","label":"What are APIs and how to use them with no code"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/world-poetry-day-workflow/","icon":"📜","label":"Celebrating World Poetry Day with a daily poem in Telegram"},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/automate-designs-with-bannerbear-and-n8n/","icon":"🎨","label":"Automate Designs with Bannerbear and n8n"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/building-an-expense-tracking-app-in-10-minutes/","icon":"📱","label":"Building an expense tracking app in 10 minutes"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/how-to-use-the-http-request-node-the-swiss-army-knife-for-workflow-automation/","icon":"🧰","label":"How to use the HTTP Request Node - The Swiss Army Knife for Workflow Automation"},{"url":"https://n8n.io/blog/learn-how-to-use-webhooks-with-mattermost-slash-commands/","icon":"🦄","label":"Learn how to use webhooks with Mattermost slash commands"},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/a-low-code-bitcoin-ticker-built-with-questdb-and-n8n-io/","icon":"📈","label":"A low-code bitcoin ticker built with QuestDB and n8n.io"},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/automations-for-activists/","icon":"✨","label":"How Common Knowledge use workflow automation for activism"},{"url":"https://n8n.io/blog/creating-scheduled-text-affirmations-with-n8n/","icon":"🤟","label":"Creating scheduled text affirmations with n8n"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.httprequest/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"output\"]","defaults":{"name":"HTTP Request","color":"#0004F5"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHZpZXdCb3g9IjAgMCA0MCA0MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZmlsbC1ydWxlPSJldmVub2RkIiBjbGlwLXJ1bGU9ImV2ZW5vZGQiIGQ9Ik00MCAyMEM0MCA4Ljk1MzE0IDMxLjA0NjkgMCAyMCAwQzguOTUzMTQgMCAwIDguOTUzMTQgMCAyMEMwIDMxLjA0NjkgOC45NTMxNCA0MCAyMCA0MEMzMS4wNDY5IDQwIDQwIDMxLjA0NjkgNDAgMjBaTTIwIDM2Ljk0NThDMTguODg1MiAzNi45NDU4IDE3LjEzNzggMzUuOTY3IDE1LjQ5OTggMzIuNjk4NUMxNC43OTY0IDMxLjI5MTggMTQuMTk2MSAyOS41NDMxIDEzLjc1MjYgMjcuNjg0N0gyNi4xODk4QzI1LjgwNDUgMjkuNTQwMyAyNS4yMDQ0IDMxLjI5MDEgMjQuNTAwMiAzMi42OTg1QzIyLjg2MjIgMzUuOTY3IDIxLjExNDggMzYuOTQ1OCAyMCAzNi45NDU4Wk0xMi45MDY0IDIwQzEyLjkwNjQgMjEuNjA5NyAxMy4wMDg3IDIzLjE2NCAxMy4yMDAzIDI0LjYzMDVIMjYuNzk5N0MyNi45OTEzIDIzLjE2NCAyNy4wOTM2IDIxLjYwOTcgMjcuMDkzNiAyMEMyNy4wOTM2IDE4LjM5MDMgMjYuOTkxMyAxNi44MzYgMjYuNzk5NyAxNS4zNjk1SDEzLjIwMDNDMTMuMDA4NyAxNi44MzYgMTIuOTA2NCAxOC4zOTAzIDEyLjkwNjQgMjBaTTIwIDMuMDU0MTlDMjEuMTE0OSAzLjA1NDE5IDIyLjg2MjIgNC4wMzA3OCAyNC41MDAxIDcuMzAwMzlDMjUuMjA2NiA4LjcxNDA4IDI1LjgwNzIgMTAuNDA2NyAyNi4xOTIgMTIuMzE1M0gxMy43NTAxQzE0LjE5MzMgMTAuNDA0NyAxNC43OTQyIDguNzEyNTQgMTUuNDk5OCA3LjMwMDY0QzE3LjEzNzcgNC4wMzA4MyAxOC44ODUxIDMuMDU0MTkgMjAgMy4wNTQxOVpNMzAuMTQ3OCAyMEMzMC4xNDc4IDE4LjQwOTkgMzAuMDU0MyAxNi44NjE3IDI5LjgyMjcgMTUuMzY5NUgzNi4zMDQyQzM2LjcyNTIgMTYuODQyIDM2Ljk0NTggMTguMzk2NCAzNi45NDU4IDIwQzM2Ljk0NTggMjEuNjAzNiAzNi43MjUyIDIzLjE1OCAzNi4zMDQyIDI0LjYzMDVIMjkuODIyN0MzMC4wNTQzIDIzLjEzODMgMzAuMTQ3OCAyMS41OTAxIDMwLjE0NzggMjBaTTI2LjI3NjcgNC4yNTUxMkMyNy42MzY1IDYuMzYwMTkgMjguNzExIDkuMTMyIDI5LjM3NzQgMTIuMzE1M0gzNS4xMDQ2QzMzLjI1MTEgOC42NjggMzAuMTA3IDUuNzgzNDYgMjYuMjc2NyA0LjI1NTEyWk0xMC42MjI2IDEyLjMxNTNINC44OTI5M0M2Ljc1MTQ3IDguNjY3ODQgOS44OTM1MSA1Ljc4MzQxIDEzLjcyMzIgNC4yNTUxM0MxMi4zNjM1IDYuMzYwMjEgMTEuMjg5IDkuMTMyMDEgMTAuNjIyNiAxMi4zMTUzWk0zLjA1NDE5IDIwQzMuMDU0MTkgMjEuNjAzIDMuMjc3NDMgMjMuMTU3NSAzLjY5NDg0IDI0LjYzMDVIMTAuMTIxN0M5Ljk0NjE5IDIzLjE0MiA5Ljg1MjIyIDIxLjU5NDMgOS44NTIyMiAyMEM5Ljg1MjIyIDE4LjQwNTcgOS45NDYxOSAxNi44NTggMTAuMTIxNyAxNS4zNjk1SDMuNjk0ODRDMy4yNzc0MyAxNi44NDI1IDMuMDU0MTkgMTguMzk3IDMuMDU0MTkgMjBaTTI2LjI3NjYgMzUuNzQyN0MyNy42MzY1IDMzLjYzOTMgMjguNzExIDMwLjg2OCAyOS4zNzc0IDI3LjY4NDdIMzUuMTA0NkMzMy4yNTEgMzEuMzMyMiAzMC4xMDY4IDM0LjIxNzkgMjYuMjc2NiAzNS43NDI3Wk0xMy43MjM0IDM1Ljc0MjdDOS44OTM2OSAzNC4yMTc5IDYuNzUxNTUgMzEuMzMyNCA0Ljg5MjkzIDI3LjY4NDdIMTAuNjIyNkMxMS4yODkgMzAuODY4IDEyLjM2MzUgMzMuNjM5MyAxMy43MjM0IDM1Ljc0MjdaIiBmaWxsPSIjM0E0MkU5Ii8+Cjwvc3ZnPgo="},"displayName":"HTTP Request","typeVersion":4,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":20,"icon":"fa:map-signs","name":"n8n-nodes-base.if","codex":{"data":{"alias":["Router","Filter","Condition","Logic","Boolean","Branch"],"details":"The IF node can be used to implement binary conditional logic in your workflow. You can set up one-to-many conditions to evaluate each item of data being inputted into the node. That data will either evaluate to TRUE or FALSE and route out of the node accordingly.\n\nThis node has multiple types of conditions: Bool, String, Number, and Date & Time.","resources":{"generic":[{"url":"https://n8n.io/blog/learn-to-automate-your-factorys-incident-reporting-a-step-by-step-guide/","icon":"🏭","label":"Learn to Automate Your Factory's Incident Reporting: A Step by Step Guide"},{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/create-a-toxic-language-detector-for-telegram/","icon":"🤬","label":"Create a toxic language detector for Telegram in 4 step"},{"url":"https://n8n.io/blog/no-code-ecommerce-workflow-automations/","icon":"store","label":"6 e-commerce workflows to power up your Shopify s"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/automate-your-data-processing-pipeline-in-9-steps-with-n8n/","icon":"⚙️","label":"Automate your data processing pipeline in 9 steps"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/automation-for-maintainers-of-open-source-projects/","icon":"🏷️","label":"How to automatically manage contributions to open-source projects"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/why-this-product-manager-loves-workflow-automation-with-n8n/","icon":"🧠","label":"Why this Product Manager loves workflow automation with n8n"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/benefits-of-automation-and-n8n-an-interview-with-hubspots-hugh-durkin/","icon":"🎖","label":"Benefits of automation and n8n: An interview with HubSpot's Hugh Durkin"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.if/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow"]}}},"group":"[\"transform\"]","defaults":{"name":"If","color":"#408000"},"iconData":{"icon":"map-signs","type":"icon"},"displayName":"If","typeVersion":2,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":24,"icon":"file:merge.svg","name":"n8n-nodes-base.merge","codex":{"data":{"alias":["Join","Concatenate","Wait"],"resources":{"generic":[{"url":"https://n8n.io/blog/how-to-sync-data-between-two-systems/","icon":"🏬","label":"How to synchronize data between two systems (one-way vs. two-way sync"},{"url":"https://n8n.io/blog/supercharging-your-conference-registration-process-with-n8n/","icon":"🎫","label":"Supercharging your conference registration process with n8n"},{"url":"https://n8n.io/blog/migrating-community-metrics-to-orbit-using-n8n/","icon":"📈","label":"Migrating Community Metrics to Orbit using n8n"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"},{"url":"https://n8n.io/blog/sending-automated-congratulations-with-google-sheets-twilio-and-n8n/","icon":"🙌","label":"Sending Automated Congratulations with Google Sheets, Twilio, and n8n "},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.merge/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Merge"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTc3XzUxOCkiPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTAgNDhDMCAyMS40OTAzIDIxLjQ5MDMgMCA0OCAwSDExMkMxMzguNTEgMCAxNjAgMjEuNDkwMyAxNjAgNDhWNTZIMTk2LjI1MkMyNDAuNDM1IDU2IDI3Ni4yNTIgOTEuODE3MiAyNzYuMjUyIDEzNlYxOTJDMjc2LjI1MiAyMTQuMDkxIDI5NC4xNjEgMjMyIDMxNi4yNTIgMjMySDM1MlYyMjRDMzUyIDE5Ny40OSAzNzMuNDkgMTc2IDQwMCAxNzZINDY0QzQ5MC41MSAxNzYgNTEyIDE5Ny40OSA1MTIgMjI0VjI4OEM1MTIgMzE0LjUxIDQ5MC41MSAzMzYgNDY0IDMzNkg0MDBDMzczLjQ5IDMzNiAzNTIgMzE0LjUxIDM1MiAyODhWMjgwSDMxNi4yNTJDMjk0LjE2MSAyODAgMjc2LjI1MiAyOTcuOTA5IDI3Ni4yNTIgMzIwVjM3NkMyNzYuMjUyIDQyMC4xODMgMjQwLjQzNSA0NTYgMTk2LjI1MiA0NTZIMTYwVjQ2NEMxNjAgNDkwLjUxIDEzOC41MSA1MTIgMTEyIDUxMkg0OEMyMS40OTAzIDUxMiAwIDQ5MC41MSAwIDQ2NFY0MDBDMCAzNzMuNDkgMjEuNDkwMyAzNTIgNDggMzUySDExMkMxMzguNTEgMzUyIDE2MCAzNzMuNDkgMTYwIDQwMFY0MDhIMTk2LjI1MkMyMTMuOTI1IDQwOCAyMjguMjUyIDM5My42NzMgMjI4LjI1MiAzNzZWMzIwQzIyOC4yNTIgMjk0Ljc4NCAyMzguODU5IDI3Mi4wNDQgMjU1Ljg1MyAyNTZDMjM4Ljg1OSAyMzkuOTU2IDIyOC4yNTIgMjE3LjIxNiAyMjguMjUyIDE5MlYxMzZDMjI4LjI1MiAxMTguMzI3IDIxMy45MjUgMTA0IDE5Ni4yNTIgMTA0SDE2MFYxMTJDMTYwIDEzOC41MSAxMzguNTEgMTYwIDExMiAxNjBINDhDMjEuNDkwMyAxNjAgMCAxMzguNTEgMCAxMTJWNDhaTTEwNCA0OEMxMDguNDE4IDQ4IDExMiA1MS41ODE3IDExMiA1NlYxMDRDMTEyIDEwOC40MTggMTA4LjQxOCAxMTIgMTA0IDExMkg1NkM1MS41ODE3IDExMiA0OCAxMDguNDE4IDQ4IDEwNFY1NkM0OCA1MS41ODE3IDUxLjU4MTcgNDggNTYgNDhIMTA0Wk00NTYgMjI0QzQ2MC40MTggMjI0IDQ2NCAyMjcuNTgyIDQ2NCAyMzJWMjgwQzQ2NCAyODQuNDE4IDQ2MC40MTggMjg4IDQ1NiAyODhINDA4QzQwMy41ODIgMjg4IDQwMCAyODQuNDE4IDQwMCAyODBWMjMyQzQwMCAyMjcuNTgyIDQwMy41ODIgMjI0IDQwOCAyMjRINDU2Wk0xMTIgNDA4QzExMiA0MDMuNTgyIDEwOC40MTggNDAwIDEwNCA0MDBINTZDNTEuNTgxNyA0MDAgNDggNDAzLjU4MiA0OCA0MDhWNDU2QzQ4IDQ2MC40MTggNTEuNTgxNyA0NjQgNTYgNDY0SDEwNEMxMDguNDE4IDQ2NCAxMTIgNDYwLjQxOCAxMTIgNDU2VjQwOFoiIGZpbGw9IiM1NEI4QzkiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTc3XzUxOCI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Merge","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":59,"icon":"file:mongodb.svg","name":"n8n-nodes-base.mongoDb","codex":{"data":{"resources":{"generic":[{"url":"https://n8n.io/blog/why-business-process-automation-with-n8n-can-change-your-daily-life/","icon":"🧬","label":"Why business process automation with n8n can change your daily life"},{"url":"https://n8n.io/blog/running-n8n-on-ships-an-interview-with-maranics/","icon":"🛳","label":"Running n8n on ships: An interview with Maranics"},{"url":"https://n8n.io/blog/automate-your-data-processing-pipeline-in-9-steps-with-n8n/","icon":"⚙️","label":"Automate your data processing pipeline in 9 steps"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.mongodb/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/mongodb/"}]},"categories":["Development","Data & Storage"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"input\"]","defaults":{"name":"MongoDB"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSI2NCIgaGVpZ2h0PSI2NCIgdmlld0JveD0iMCAwIDMyIDMyIj48cGF0aCBmaWxsPSIjNTk5NjM2IiBkPSJtMTUuOS4wODcuODU0IDEuNjA0Yy4xOTIuMjk2LjQuNTU4LjY0NS44MDJhMjIgMjIgMCAwIDEgMi4wMDQgMi4yNjZjMS40NDcgMS45IDIuNDIzIDQuMDEgMy4xMiA2LjI5Mi40MTggMS4zOTQuNjQ1IDIuODI0LjY2MiA0LjI3LjA3IDQuMzIzLTEuNDEyIDguMDM1LTQuNCAxMS4xMmExMyAxMyAwIDAgMS0xLjU3IDEuMzQyYy0uMjk2IDAtLjQzNi0uMjI3LS41NTgtLjQzNmEzLjYgMy42IDAgMCAxLS40MzYtMS4yNTVjLS4xMDUtLjUyMy0uMTc0LTEuMDQ2LS4xNC0xLjU4NnYtLjI0NEMxNi4wNTcgMjQuMjEgMTUuNzk2LjIxIDE1LjkuMDg3Ii8+PHBhdGggZmlsbD0iIzZjYWM0OCIgZD0iTTE1LjkuMDM0Yy0uMDM1LS4wNy0uMDctLjAxNy0uMTA1LjAxNy4wMTcuMzUtLjEwNS42NjItLjI5Ni45Ni0uMjEuMjk2LS40ODguNTIzLS43NjcuNzY3LTEuNTUgMS4zNDItMi43NyAyLjk2My0zLjc0NyA0Ljc3Ni0xLjMgMi40NC0xLjk3IDUuMDU1LTIuMTYgNy44MDgtLjA4Ny45OTMuMzE0IDQuNDk3LjYyNyA1LjUwOC44NTQgMi42ODQgMi4zODggNC45MzMgNC4zNzUgNi44ODUuNDg4LjQ3IDEuMDEuOTA2IDEuNTUgMS4zMjUuMTU3IDAgLjE3NC0uMTQuMjEtLjI0NGE1IDUgMCAwIDAgLjE1Ny0uNjhsLjM1LTIuNjE0eiIvPjxwYXRoIGZpbGw9IiNjMmJmYmYiIGQ9Ik0xNi43NTQgMjguODQ1Yy4wMzUtLjQuMjI3LS43MzIuNDM2LTEuMDYzLS4yMS0uMDg3LS4zNjYtLjI2LS40ODgtLjQ1M2EzLjIgMy4yIDAgMCAxLS4yNi0uNTc1Yy0uMjQ0LS43MzItLjI5Ni0xLjUtLjM2Ni0yLjI0OHYtLjQ1M2MtLjA4Ny4wNy0uMTA1LjY2Mi0uMTA1Ljc1YTE3IDE3IDAgMCAxLS4zMTQgMi4zNTNjLS4wNTIuMzE0LS4wODcuNjI3LS4yOC45MDYgMCAuMDM1IDAgLjA3LjAxNy4xMjIuMzE0LjkyNC40IDEuODY1LjQ1MyAyLjgyNHYuMzVjMCAuNDE4LS4wMTcuMzMuMzMuNDcuMTQuMDUyLjI5Ni4wNy40MzYuMTc0LjEwNSAwIC4xMjItLjA4Ny4xMjItLjE1N2wtLjA1Mi0uNTc1di0xLjYwNGMtLjAxNy0uMjguMDM1LS41NTguMDctLjgyeiIvPjwvc3ZnPg=="},"displayName":"MongoDB","typeVersion":1,"nodeCategories":[{"id":3,"name":"Data & Storage"},{"id":5,"name":"Development"}]},{"id":109,"icon":"file:mysql.svg","name":"n8n-nodes-base.mySql","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/app-nodes/n8n-nodes-base.mysql/"}],"credentialDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/credentials/mysql/"}]},"categories":["Development","Data & Storage"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"input\"]","defaults":{"name":"MySQL"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHZpZXdCb3g9IjAgMCA0MCA0MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTM2Ljg0NDUgMzAuMzY4NEMzNC42NjggMzAuMzEzOSAzMi45ODE1IDMwLjUzMTkgMzEuNTY2NSAzMS4xMzA0QzMxLjE1ODUgMzEuMjkzNCAzMC41MDU1IDMxLjI5MzkgMzAuNDUxIDMxLjgxMDRDMzAuNjY5IDMyLjAyODQgMzAuNjk2IDMyLjM4MTkgMzAuODg2NSAzMi42ODA5QzMxLjIxMyAzMy4yMjQ5IDMxLjc4NCAzMy45NTk0IDMyLjMwMSAzNC4zNDA0QzMyLjg3MiAzNC43NzU0IDMzLjQ0MzUgMzUuMjEwOSAzNC4wNDIgMzUuNTkxOUMzNS4xMDMgMzYuMjQ0OSAzNi4zIDM2LjYyNTkgMzcuMzM0IDM3LjI3ODRDMzcuOTMyNSAzNy42NTg5IDM4LjUzMSAzOC4xNDg5IDM5LjEyOTUgMzguNTU2OUMzOS40MjkgMzguNzc0NCAzOS42MTkgMzkuMTI3OSA0MCAzOS4yNjQ0VjM5LjE4MjlDMzkuODA5NSAzOC45Mzc5IDM5Ljc1NSAzOC41ODQ0IDM5LjU2NSAzOC4zMTI0QzM5LjI5MyAzOC4wNDA0IDM5LjAyMSAzNy43OTU0IDM4Ljc0OSAzNy41MjM0QzM3Ljk2IDM2LjQ2MjQgMzYuOTgwNSAzNS41Mzc0IDM1LjkxOTUgMzQuNzc1OUMzNS4wNDkgMzQuMTc3NCAzMy4xNDQ1IDMzLjM2MTQgMzIuNzkxIDMyLjM1NDRMMzIuNzM2NSAzMi4yOTk5QzMzLjMzNSAzMi4yNDU0IDM0LjA0MjUgMzIuMDI3OSAzNC42MTM1IDMxLjg2NDRDMzUuNTM4NSAzMS42MTk0IDM2LjM4MiAzMS42NzM5IDM3LjMzNCAzMS40Mjk0QzM3Ljc3MjggMzEuMzE0NyAzOC4yMDg0IDMxLjE4NzcgMzguNjQgMzEuMDQ4NFYzMC44MDM5QzM4LjE1MDUgMzAuMzEzOSAzNy43OTY1IDI5LjY2MTQgMzcuMjggMjkuMTk4OUMzNS44OTI1IDI4LjAwMTQgMzQuMzY5IDI2LjgzMTkgMzIuNzkxIDI1Ljg1MjlDMzEuOTQ3NSAyNS4zMDg5IDMwLjg1OTUgMjQuOTU0OSAyOS45NjE1IDI0LjQ5MjRDMjkuNjM1IDI0LjMyODkgMjkuMDkxIDI0LjI0NzQgMjguOTAwNSAyMy45NzU0QzI4LjQxMDUgMjMuMzc2OSAyOC4xMzg1IDIyLjU4NzkgMjcuNzg1IDIxLjg4MDRDMjYuOTk2NSAyMC4zODM5IDI2LjIzNDUgMTguNzI0OSAyNS41NTQgMTcuMTQ2OUMyNS4wNjQ1IDE2LjA4NTkgMjQuNzY1IDE1LjAyNDkgMjQuMTY2NSAxNC4wNDU0QzIxLjM2NDUgOS40MjA0MSAxOC4zMTc1IDYuNjE4NDIgMTMuNjM4MSAzLjg3MDQzQzEyLjYzMTYgMy4yOTk0MyAxMS40MzQ2IDMuMDU0NDMgMTAuMTU2MSAyLjc1NDkzTDguMTE1NTcgMi42NDU5M0M3LjY4MDU3IDIuNDU1NDMgNy4yNDUwNyAxLjkzODQzIDYuODY0MDcgMS42OTM5M0M1LjMxMzU3IDAuNzE0OTMyIDEuMzE0NTggLTEuNDA2NTYgMC4xNzE1ODIgMS4zOTU0M0MtMC41NjI5MTcgMy4xNjM0MyAxLjI2MDA4IDQuOTA0NDIgMS44ODU1OCA1LjgwMjQyQzIuMzQ4MDggNi40Mjc5MiAyLjk0NjU4IDcuMTM1NDIgMy4yNzMwOCA3Ljg0MjkyQzMuNDYzNTggOC4zMDQ5MiAzLjUxNzU3IDguNzk0OTIgMy43MDgwNyA5LjI4NDkxQzQuMTQzNTcgMTAuNDgxOSA0LjU1MTU3IDExLjgxNDkgNS4xMjI1NyAxMi45MzA0QzUuNDIyMDcgMTMuNTAxNCA1Ljc0ODA3IDE0LjEwMDQgNi4xMjkwNyAxNC42MTY5QzYuMzQ2NTcgMTQuOTE1OSA2LjcyNzU3IDE1LjA1MjQgNi44MDkwNyAxNS41NDE5QzYuNDI4MDcgMTYuMDg1OSA2LjQwMTA3IDE2LjkwMjQgNi4xODMwNyAxNy41ODI0QzUuMjAzNTcgMjAuNjU2NCA1LjU4NDU3IDI0LjQ2NTQgNi45NzIwNyAyNi43MjM0QzcuNDA3MDcgMjcuNDAzNCA4LjQ0MTA2IDI4Ljg5OTkgOS44Mjg1NiAyOC4zMjg0QzExLjA1MjYgMjcuODM4OSAxMC43ODA2IDI2LjI4NzkgMTEuMTM0NiAyNC45Mjc5QzExLjIxNjYgMjQuNjAxNCAxMS4xNjIxIDI0LjM4MzkgMTEuMzI1MSAyNC4xNjY0VjI0LjIyMDlMMTIuNDQwNiAyNi40Nzg5QzEzLjI4NDEgMjcuODExOSAxNC43NTMxIDI5LjE5OTQgMTUuOTc3IDMwLjEyNDRDMTYuNjMgMzAuNjEzOSAxNy4xNDcgMzEuNDU3NCAxNy45NjMgMzEuNzU2OVYzMS42NzQ5SDE3LjkwODVDMTcuNzQ1IDMxLjQyOTkgMTcuNTAwNSAzMS4zMjE0IDE3LjI4MyAzMS4xMzA5QzE2Ljc5MzUgMzAuNjQxNCAxNi4yNDkgMzAuMDQyOSAxNS44Njg1IDI5LjQ5ODRDMTQuNzI2MSAyNy45NzQ5IDEzLjcxOTEgMjYuMjg4NCAxMi44MjE2IDI0LjU0NjlDMTIuMzg2NiAyMy43MDM0IDEyLjAwNTYgMjIuNzc4NCAxMS42NTE2IDIxLjkzNTRDMTEuNDg4MSAyMS42MDg5IDExLjQ4ODEgMjEuMTE5NCAxMS4yMTYxIDIwLjk1NTlDMTAuODA4MSAyMS41NTQ0IDEwLjIwOTYgMjIuMDcxNCA5LjkxMDA2IDIyLjgwNTlDOS4zOTM1NiAyMy45NzU5IDkuMzM5MDYgMjUuNDE3NCA5LjE0ODU2IDI2LjkxMzlDOS4wNDAwNiAyNi45NDE0IDkuMDk0MDYgMjYuOTEzOSA5LjAzOTU2IDI2Ljk2ODRDOC4xNjkwNyAyNi43NTA0IDcuODY5NTcgMjUuODUyOSA3LjU0MzA3IDI1LjA5MTRDNi43MjcwNyAyMy4xNTk5IDYuNTkxMDcgMjAuMDU4NCA3LjI5ODU3IDE3LjgyNzlDNy40ODkwNyAxNy4yNTY0IDguMzA1MDcgMTUuNDYwOSA3Ljk3ODU3IDE0LjkxNjlDNy44MTU1NyAxNC4zOTk5IDcuMjcxMDcgMTQuMTAwOSA2Ljk3MjA3IDEzLjY5MjlDNi42MTg1NyAxMy4xNzU5IDYuMjM3NTcgMTIuNTIyOSA1Ljk5MjU3IDExLjk1MTlDNS4zMzk1NyAxMC40Mjg0IDUuMDEzMDcgOC43NDE5MiA0LjMwNjA3IDcuMjE3OTJDMy45Nzk1NyA2LjUxMDQyIDMuNDA4NTggNS43NzU5MiAyLjk0NTU4IDUuMTIzNDJDMi40MzAwOCA0LjM4NzkyIDEuODU4NTggMy44NzA5MyAxLjQ1MDU4IDMuMDAwNDNDMS4zMTQ1OCAyLjcwMTQzIDEuMTI0MDggMi4yMTE0MyAxLjM0MTU4IDEuODg0OTNDMS4zOTYwOCAxLjY2NzQzIDEuNTA0NTggMS41ODU5MyAxLjcyMjU4IDEuNTMxNDNDMi4wNzYwOCAxLjIzMTkzIDMuMDgzMDggMS42MTI5MyAzLjQzNjU4IDEuNzc1OTNDNC40NDMwNyAyLjE4MzkzIDUuMjg2NTcgMi41NjQ5MyA2LjEzMDA3IDMuMTM2NDNDNi41MTEwNyAzLjQwODQzIDYuOTE5MDcgMy45MjU0MyA3LjQwODU3IDQuMDYxNDNINy45ODAwN0M4Ljg1MDU2IDQuMjUxOTIgOS44MzAwNiA0LjExNTkyIDEwLjY0NjEgNC4zNjA0MkMxMi4wODgxIDQuODIyOTIgMTMuMzkzNiA1LjUwMjkyIDE0LjU2MzYgNi4yMzc0MkMxOC4xMjc1IDguNDk1NDIgMjEuMDY1NSAxMS43MDU5IDIzLjA1MTUgMTUuNTQxNEMyMy4zNzggMTYuMTY2OSAyMy41MTQgMTYuNzM4NCAyMy44MTMgMTcuMzkxNEMyNC4zODQ1IDE4LjcyNDQgMjUuMDkxNSAyMC4wODQ5IDI1LjY2MyAyMS4zOTA0QzI2LjIzNCAyMi42Njg5IDI2Ljc3ODUgMjMuOTc0OSAyNy41OTQ1IDI1LjAzNTlDMjguMDAyNSAyNS42MDY5IDI5LjYzNSAyNS45MDY0IDMwLjM2OTUgMjYuMjA1OUMzMC45MTM1IDI2LjQ1MDQgMzEuNzU3IDI2LjY2ODQgMzIuMjQ2NSAyNi45Njc0QzMzLjE3MTUgMjcuNTM4NCAzNC4wOTY1IDI4LjE5MTQgMzQuOTY3IDI4LjgxNzRDMzUuNDAyNSAyOS4xNDM5IDM2Ljc2MjUgMjkuODIzOSAzNi44NDQgMzAuMzY3OUwzNi44NDQ1IDMwLjM2ODRaTTkuMDk1MDYgNi43Mjc0MkM4LjcxODg4IDYuNzIzNzYgOC4zNDM4NSA2Ljc2OTQ4IDcuOTc5NTcgNi44NjM0MlY2LjkxNzkySDguMDM0MDdDOC4yNTIwNyA3LjM1MjkyIDguNjMyNTYgNy42NTI0MiA4LjkwNDU2IDguMDMzNDJMOS41MzA1NiA5LjMzOTQxTDkuNTg1MDYgOS4yODQ5MUM5Ljk2NjA2IDkuMDEyOTEgMTAuMTU2NiA4LjU3NzQyIDEwLjE1NjYgNy45MjQ0MkM5Ljk5MzA2IDcuNzMzOTIgOS45NjYwNiA3LjU0MzQyIDkuODMwMDYgNy4zNTI5MkM5LjY2NzA2IDcuMDgwOTIgOS4zMTMwNiA2Ljk0NDkyIDkuMDk1NTYgNi43MjY5Mkw5LjA5NTA2IDYuNzI3NDJaIiBmaWxsPSIjMDA1NDZCIi8+Cjwvc3ZnPgo="},"displayName":"MySQL","typeVersion":3,"nodeCategories":[{"id":3,"name":"Data & Storage"},{"id":5,"name":"Development"}]},{"id":565,"icon":"fa:sticky-note","name":"n8n-nodes-base.stickyNote","codex":{"data":{"alias":["Comments","Notes","Sticky"],"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"input\"]","defaults":{"name":"Sticky Note","color":"#FFD233"},"iconData":{"icon":"sticky-note","type":"icon"},"displayName":"Sticky Note","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":834,"icon":"file:code.svg","name":"n8n-nodes-base.code","codex":{"data":{"alias":["cpde","Javascript","JS","Python","Script","Custom Code","Function"],"details":"The Code node allows you to execute JavaScript in your workflow.","resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.code/"}]},"categories":["Development","Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Code"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDUxMiA1MTIiIGZpbGw9Im5vbmUiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwL3N2ZyI+CjxnIGNsaXAtcGF0aD0idXJsKCNjbGlwMF8xMTcxXzQ0MSkiPgo8cGF0aCBkPSJNMTcwLjI4MyA0OEgxOTYuNUMyMDMuMTI3IDQ4IDIwOC41IDQyLjYyNzQgMjA4LjUgMzZWMTJDMjA4LjUgNS4zNzI1OCAyMDMuMTI3IDAgMTk2LjUgMEgxNzAuMjgzQzEyNi4xIDAgOTAuMjgzIDM1LjgxNzIgOTAuMjgzIDgwVjE3NkM5MC4yODMgMjA2LjkyOCA2NS4yMTA5IDIzMiAzNC4yODMgMjMySDIzQzE2LjM3MjYgMjMyIDExIDIzNy4zNzIgMTEgMjQ0VjI2OEMxMSAyNzQuNjI3IDE2LjM3MjQgMjgwIDIyLjk5OTYgMjgwTDM0LjI4MyAyODBDNjUuMjEwOSAyODAgOTAuMjgzIDMwNS4wNzIgOTAuMjgzIDMzNlY0NDBDOTAuMjgzIDQ3OS43NjQgMTIyLjUxOCA1MTIgMTYyLjI4MyA1MTJIMTk2LjVDMjAzLjEyNyA1MTIgMjA4LjUgNTA2LjYyNyAyMDguNSA1MDBWNDc2QzIwOC41IDQ2OS4zNzMgMjAzLjEyNyA0NjQgMTk2LjUgNDY0SDE2Mi4yODNDMTQ5LjAyOCA0NjQgMTM4LjI4MyA0NTMuMjU1IDEzOC4yODMgNDQwVjMzNkMxMzguMjgzIDMwOS4wMjIgMTI4LjAxMSAyODQuNDQzIDExMS4xNjQgMjY1Ljk2MUMxMDYuMTA5IDI2MC40MTYgMTA2LjEwOSAyNTEuNTg0IDExMS4xNjQgMjQ2LjAzOUMxMjguMDExIDIyNy41NTcgMTM4LjI4MyAyMDIuOTc4IDEzOC4yODMgMTc2VjgwQzEzOC4yODMgNjIuMzI2OSAxNTIuNjEgNDggMTcwLjI4MyA0OFoiIGZpbGw9IiNGRjk5MjIiLz4KPHBhdGggZD0iTTMwNSAzNkMzMDUgNDIuNjI3NCAzMTAuMzczIDQ4IDMxNyA0OEgzNDIuOTc5QzM2MC42NTIgNDggMzc0Ljk3OCA2Mi4zMjY5IDM3NC45NzggODBWMTc2QzM3NC45NzggMjAyLjk3OCAzODUuMjUxIDIyNy41NTcgNDAyLjA5OCAyNDYuMDM5QzQwNy4xNTMgMjUxLjU4NCA0MDcuMTUzIDI2MC40MTYgNDAyLjA5OCAyNjUuOTYxQzM4NS4yNTEgMjg0LjQ0MyAzNzQuOTc4IDMwOS4wMjIgMzc0Ljk3OCAzMzZWNDMyQzM3NC45NzggNDQ5LjY3MyAzNjAuNjUyIDQ2NCAzNDIuOTc5IDQ2NEgzMTdDMzEwLjM3MyA0NjQgMzA1IDQ2OS4zNzMgMzA1IDQ3NlY1MDBDMzA1IDUwNi42MjcgMzEwLjM3MyA1MTIgMzE3IDUxMkgzNDIuOTc5QzM4Ny4xNjEgNTEyIDQyMi45NzggNDc2LjE4MyA0MjIuOTc4IDQzMlYzMzZDNDIyLjk3OCAzMDUuMDcyIDQ0OC4wNTEgMjgwIDQ3OC45NzkgMjgwSDQ5MEM0OTYuNjI3IDI4MCA1MDIgMjc0LjYyOCA1MDIgMjY4VjI0NEM1MDIgMjM3LjM3MyA0OTYuNjI4IDIzMiA0OTAgMjMyTDQ3OC45NzkgMjMyQzQ0OC4wNTEgMjMyIDQyMi45NzggMjA2LjkyOCA0MjIuOTc4IDE3NlY4MEM0MjIuOTc4IDM1LjgxNzIgMzg3LjE2MSAwIDM0Mi45NzkgMEgzMTdDMzEwLjM3MyAwIDMwNSA1LjM3MjU4IDMwNSAxMlYzNloiIGZpbGw9IiNGRjk5MjIiLz4KPC9nPgo8ZGVmcz4KPGNsaXBQYXRoIGlkPSJjbGlwMF8xMTcxXzQ0MSI+CjxyZWN0IHdpZHRoPSI1MTIiIGhlaWdodD0iNTEyIiBmaWxsPSJ3aGl0ZSIvPgo8L2NsaXBQYXRoPgo8L2RlZnM+Cjwvc3ZnPgo="},"displayName":"Code","typeVersion":2,"nodeCategories":[{"id":5,"name":"Development"},{"id":9,"name":"Core Nodes"}]},{"id":839,"icon":"fa:clock","name":"n8n-nodes-base.scheduleTrigger","codex":{"data":{"alias":["Time","Scheduler","Polling","Cron","Interval"],"resources":{"generic":[],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.scheduletrigger/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"trigger\",\"schedule\"]","defaults":{"name":"Schedule Trigger","color":"#31C49F"},"iconData":{"icon":"clock","type":"icon"},"displayName":"Schedule Trigger","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":844,"icon":"fa:filter","name":"n8n-nodes-base.filter","codex":{"data":{"alias":["Router","Filter","Condition","Logic","Boolean","Branch"],"details":"The Filter node can be used to filter items based on a condition. If the condition is met, the item will be passed on to the next node. If the condition is not met, the item will be omitted. Conditions can be combined together by AND(meet all conditions), or OR(meet at least one condition).","resources":{"generic":[],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.filter/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow","Data Transformation"]}}},"group":"[\"transform\"]","defaults":{"name":"Filter","color":"#229eff"},"iconData":{"icon":"filter","type":"icon"},"displayName":"Filter","typeVersion":2,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":1119,"icon":"fa:robot","name":"@n8n/n8n-nodes-langchain.agent","codex":{"data":{"alias":["LangChain","Chat","Conversational","Plan and Execute","ReAct","Tools"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/root-nodes/n8n-nodes-langchain.agent/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Agents","Root Nodes"]}}},"group":"[\"transform\"]","defaults":{"name":"AI Agent","color":"#404040"},"iconData":{"icon":"robot","type":"icon"},"displayName":"AI Agent","typeVersion":3,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1262,"icon":"file:google.svg","name":"@n8n/n8n-nodes-langchain.lmChatGoogleGemini","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.lmchatgooglegemini/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Language Models","Root Nodes"],"Language Models":["Chat Models (Recommended)"]}}},"group":"[\"transform\"]","defaults":{"name":"Google Gemini Chat Model"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2aWV3Qm94PSIwIDAgNDggNDgiPjxkZWZzPjxwYXRoIGlkPSJhIiBkPSJNNDQuNSAyMEgyNHY4LjVoMTEuOEMzNC43IDMzLjkgMzAuMSAzNyAyNCAzN2MtNy4yIDAtMTMtNS44LTEzLTEzczUuOC0xMyAxMy0xM2MzLjEgMCA1LjkgMS4xIDguMSAyLjlsNi40LTYuNEMzNC42IDQuMSAyOS42IDIgMjQgMiAxMS44IDIgMiAxMS44IDIgMjRzOS44IDIyIDIyIDIyYzExIDAgMjEtOCAyMS0yMiAwLTEuMy0uMi0yLjctLjUtNCIvPjwvZGVmcz48Y2xpcFBhdGggaWQ9ImIiPjx1c2UgeGxpbms6aHJlZj0iI2EiIG92ZXJmbG93PSJ2aXNpYmxlIi8+PC9jbGlwUGF0aD48cGF0aCBmaWxsPSIjRkJCQzA1IiBkPSJNMCAzN1YxMWwxNyAxM3oiIGNsaXAtcGF0aD0idXJsKCNiKSIvPjxwYXRoIGZpbGw9IiNFQTQzMzUiIGQ9Im0wIDExIDE3IDEzIDctNi4xTDQ4IDE0VjBIMHoiIGNsaXAtcGF0aD0idXJsKCNiKSIvPjxwYXRoIGZpbGw9IiMzNEE4NTMiIGQ9Im0wIDM3IDMwLTIzIDcuOSAxTDQ4IDB2NDhIMHoiIGNsaXAtcGF0aD0idXJsKCNiKSIvPjxwYXRoIGZpbGw9IiM0Mjg1RjQiIGQ9Ik00OCA0OCAxNyAyNGwtNC0zIDM1LTEweiIgY2xpcC1wYXRoPSJ1cmwoI2IpIi8+PC9zdmc+"},"displayName":"Google Gemini Chat Model","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]}],"categories":[{"id":29,"name":"SecOps"},{"id":49,"name":"AI Summarization"}],"image":[]}}