{"workflow":{"id":14410,"name":"Automate cybersecurity threat analysis with GPT-4o, CVSS scoring and risk routing","views":114,"recentViews":6,"totalViews":114,"createdAt":"2026-03-28T08:31:20.781Z","description":"## How It Works\nThis workflow automates end-to-end cybersecurity threat analysis using a multi-agent AI architecture, targeting Security Operations Centre (SOC) analysts, security engineers, and IT risk teams responsible for continuous threat monitoring and incident response. The core problem it solves is the slow, fragmented process of manually correlating threat intelligence, scoring vulnerabilities, and producing actionable reports, tasks that demand both speed and consistency under pressure. A manual trigger initiates the Cybersecurity Orchestrator Agent, which coordinates two specialist sub-agents: a Threat Intelligence Agent (backed by security log fetching and risk scoring tools) and an Attack Surface Mapping Agent (leveraging STRIDE analysis and CVSS scoring tools). Each agent operates with its own chat model and memory. Outputs are parsed by a Structured Threat Report Parser, then routed by a Rules-based Risk Severity router into three report formats such as SOC Alert, Executive Report, or Standard Report, ensuring every threat is communicated at the right level of urgency to the right audience.\n \n## Setup Steps\n1. Connect your LLM API credentials to all Chat Model nodes (Orchestrator, Threat Intelligence, Attack Surface).\n2. Configure the Fetch Security Logs Tool with your SIEM or log source API credentials.\n3. Set risk threshold rules in the Risk Score Calculator node.\n4. Define STRIDE and CVSS parameters in their respective tool nodes.\n5. Set routing thresholds (e.g., CVSS ≥9 → SOC Alert, ≥6 → Executive, &lt;6 → Standard) in Route by Risk Severity.\n\n## Prerequisites\n- LLM API key (OpenAI or compatible)\n- SIEM or security log source with API access\n- CVSS and STRIDE configuration parameters\n- Report template definitions for each severity tier\n## Use Cases\n- Auto-triage incoming vulnerability disclosures into severity-ranked reports.\n## Customisation\n- Add more routing branches (e.g., Critical, Zero-Day).\n## Benefits\n- Accelerates threat triage from hours to minutes.\n","workflow":{"id":"tW5dPtBvejlxrOfr","meta":{"instanceId":"b91e510ebae4127f953fd2f5f8d40d58ca1e71c746d4500c12ae86aad04c1502"},"name":"AI agent for cybersecurity threat analysis with CVSS scoring and risk routing","tags":[],"nodes":[{"id":"e5bc67cd-e920-4a4f-81df-bd07918dc28c","name":"Start Threat Analysis","type":"n8n-nodes-base.manualTrigger","position":[240,608],"parameters":{},"typeVersion":1},{"id":"c89f0cf2-a3ed-431c-8f11-5a3810f4c6fe","name":"Cybersecurity Orchestrator Agent","type":"@n8n/n8n-nodes-langchain.agent","position":[960,560],"parameters":{"text":"={{ $json.analysis_request || 'Perform comprehensive threat modeling and attack surface analysis of our current security posture. Analyze internal security logs, authentication traces, and anomaly detection outputs to identify emerging threats. Construct network topology models and assess lateral movement risks using STRIDE methodology with CVSS-style scoring.' }}","options":{"systemMessage":"You are a Cybersecurity Threat Modeling Orchestrator. Your role is to coordinate threat intelligence analysis and attack surface mapping to produce comprehensive cybersecurity assessments. You have access to two specialized sub-agents: 1) Threat Intelligence Agent - analyzes security logs, authentication traces, and anomaly detection outputs to identify emerging attack vectors. 2) Attack Surface Mapping Agent - constructs network topology graphs, models lateral movement scenarios using STRIDE methodology, and quantifies risk using CVSS-style scoring. Your task is to: (1) Delegate security log analysis to the Threat Intelligence Agent, (2) Delegate attack surface mapping and STRIDE analysis to the Attack Surface Mapping Agent, (3) Synthesize their findings into a comprehensive threat assessment with both SOC-level operational guidance and executive-level cybersecurity posture reporting. Ensure all outputs are actionable and prioritized by risk severity."},"promptType":"define","hasOutputParser":true},"typeVersion":3.1},{"id":"164505ee-c5fc-4cf5-9f1c-26a2f4fd418b","name":"Orchestrator Chat Model","type":"@n8n/n8n-nodes-langchain.lmChatOpenAi","position":[480,720],"parameters":{"model":{"__rl":true,"mode":"id","value":"gpt-4o"},"options":{"temperature":0.3},"builtInTools":{}},"credentials":{"openAiApi":{"id":"mv2ECvRtbAK63G2g","name":"OpenAi account"}},"typeVersion":1.3},{"id":"bc7577ce-6b05-4f69-bf58-d3457c845d90","name":"Structured Threat Report Parser","type":"@n8n/n8n-nodes-langchain.outputParserStructured","position":[1280,720],"parameters":{"schemaType":"manual","inputSchema":"{\"type\": \"object\", \"properties\": {\"executive_summary\": {\"type\": \"string\", \"description\": \"High-level cybersecurity posture summary for executive leadership\"}, \"threat_intelligence\": {\"type\": \"object\", \"properties\": {\"emerging_attack_vectors\": {\"type\": \"array\", \"items\": {\"type\": \"object\", \"properties\": {\"vector_name\": {\"type\": \"string\"}, \"severity\": {\"type\": \"string\", \"enum\": [\"Critical\", \"High\", \"Medium\", \"Low\"]}, \"indicators\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"recommended_actions\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}}}}, \"authentication_anomalies\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"log_analysis_summary\": {\"type\": \"string\"}}}, \"attack_surface\": {\"type\": \"object\", \"properties\": {\"network_topology\": {\"type\": \"string\", \"description\": \"Description of simulated network topology graph\"}, \"stride_analysis\": {\"type\": \"object\", \"properties\": {\"spoofing_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"tampering_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"repudiation_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"information_disclosure_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"denial_of_service_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}, \"elevation_of_privilege_risks\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}}}, \"lateral_movement_scenarios\": {\"type\": \"array\", \"items\": {\"type\": \"object\", \"properties\": {\"scenario_name\": {\"type\": \"string\"}, \"attack_path\": {\"type\": \"string\"}, \"cvss_score\": {\"type\": \"number\"}, \"impact\": {\"type\": \"string\"}}}}, \"risk_quantification\": {\"type\": \"object\", \"properties\": {\"overall_cvss_score\": {\"type\": \"number\"}, \"critical_assets_at_risk\": {\"type\": \"array\", \"items\": {\"type\": \"string\"}}}}}}, \"soc_operational_guidance\": {\"type\": \"array\", \"items\": {\"type\": \"object\", \"properties\": {\"priority\": {\"type\": \"string\", \"enum\": [\"P0-Critical\", \"P1-High\", \"P2-Medium\", \"P3-Low\"]}, \"action\": {\"type\": \"string\"}, \"timeline\": {\"type\": \"string\"}, \"resources_required\": {\"type\": \"string\"}}}}, \"overall_risk_rating\": {\"type\": \"string\", \"enum\": [\"Critical\", \"High\", \"Medium\", \"Low\"]}}, \"required\": [\"executive_summary\", \"threat_intelligence\", \"attack_surface\", \"soc_operational_guidance\", \"overall_risk_rating\"]}"},"typeVersion":1.3},{"id":"2a46e3ea-acf0-45da-ad0f-70c134e12834","name":"Threat Intelligence Agent","type":"@n8n/n8n-nodes-langchain.agentTool","position":[608,720],"parameters":{"text":"={{ $fromAI('security_analysis_task', 'The specific security analysis task to perform, including which logs or traces to analyze and what threats to look for') }}","options":{"systemMessage":"You are a Threat Intelligence Analyst specializing in security log analysis and attack vector identification. Your expertise includes: (1) Analyzing security logs for suspicious patterns and anomalies, (2) Identifying authentication trace irregularities that may indicate credential compromise or unauthorized access attempts, (3) Interpreting anomaly detection outputs to distinguish true threats from false positives, (4) Classifying emerging attack vectors by severity (Critical, High, Medium, Low), (5) Providing actionable threat intelligence with specific indicators of compromise. When analyzing security data, focus on: unusual authentication patterns, privilege escalation attempts, lateral movement indicators, data exfiltration signatures, malware communication patterns, and zero-day exploit indicators. Always provide specific evidence from the logs to support your findings and recommend concrete mitigation actions."},"toolDescription":"Analyzes internal security logs, authentication traces, and anomaly detection outputs to identify emerging attack vectors, suspicious patterns, and potential security threats. Returns detailed threat intelligence findings with severity classifications and recommended actions."},"typeVersion":3},{"id":"a4b800c7-6855-4474-9b3b-0f11f732a59b","name":"Threat Intelligence Chat Model","type":"@n8n/n8n-nodes-langchain.lmChatOpenAi","position":[480,928],"parameters":{"model":{"__rl":true,"mode":"id","value":"gpt-4o"},"options":{"temperature":0.2},"builtInTools":{}},"credentials":{"openAiApi":{"id":"mv2ECvRtbAK63G2g","name":"OpenAi account"}},"typeVersion":1.3},{"id":"13d74fce-b83e-48f1-a26c-086d1001fbae","name":"Fetch Security Logs Tool","type":"n8n-nodes-base.httpRequestTool","position":[656,928],"parameters":{"url":"={{ $fromAI('log_endpoint', 'The internal API endpoint to fetch security logs from (e.g., /api/security/logs, /api/auth/traces, /api/anomalies)', 'string', '<__PLACEHOLDER_VALUE__internal_security_api_endpoint__>') }}","options":{},"toolDescription":"Fetches internal security logs, authentication traces, and anomaly detection outputs from internal security systems for threat analysis"},"typeVersion":4.4},{"id":"2da2ce78-fb29-4e75-a5ba-3de9bc595b79","name":"Risk Score Calculator","type":"@n8n/n8n-nodes-langchain.toolCalculator","position":[816,928],"parameters":{},"typeVersion":1},{"id":"e2cb5bb0-fc19-4038-a3ae-efb935921e8b","name":"Attack Surface Mapping Agent","type":"@n8n/n8n-nodes-langchain.agentTool","position":[992,720],"parameters":{"text":"={{ $fromAI('attack_surface_task', 'The specific attack surface mapping task to perform, including network topology to analyze and STRIDE categories to focus on') }}","options":{"systemMessage":"You are an Attack Surface Mapping and STRIDE Threat Modeling Expert. Your expertise includes: (1) Constructing network topology graphs that represent system architecture, trust boundaries, and data flows, (2) Applying STRIDE methodology to identify threats across six categories: Spoofing (identity), Tampering (data), Repudiation (actions), Information Disclosure (confidentiality), Denial of Service (availability), and Elevation of Privilege (authorization), (3) Modeling lateral movement scenarios showing how attackers could pivot through the network after initial compromise, (4) Quantifying risk using CVSS-style scoring (0-10 scale) based on exploitability, impact, and scope, (5) Identifying critical assets at risk and attack paths with highest impact. When performing attack surface analysis: map all network nodes and connections, identify trust boundaries, enumerate attack vectors for each STRIDE category, simulate realistic lateral movement paths, calculate CVSS scores for each scenario, and prioritize findings by risk severity. Use the STRIDE and CVSS tools available to you for systematic analysis."},"toolDescription":"Constructs simulated network topology graphs, models lateral movement scenarios under STRIDE methodology (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), and quantifies risk using CVSS-style scoring. Returns comprehensive attack surface analysis with risk quantification."},"typeVersion":3},{"id":"4c1bb276-d6a0-4674-a61e-d2892b5efb3c","name":"Attack Surface Chat Model","type":"@n8n/n8n-nodes-langchain.lmChatOpenAi","position":[992,928],"parameters":{"model":{"__rl":true,"mode":"id","value":"gpt-4o"},"options":{"temperature":0.2},"builtInTools":{}},"credentials":{"openAiApi":{"id":"mv2ECvRtbAK63G2g","name":"OpenAi account"}},"typeVersion":1.3},{"id":"8b8e835e-9046-4b4a-9fde-771057e16863","name":"STRIDE Analysis Tool","type":"@n8n/n8n-nodes-langchain.toolCode","position":[1152,928],"parameters":{"jsCode":"const threat = $input.first().json.threat_description || \"\";\nconst strideCategories = {\n  spoofing: [],\n  tampering: [],\n  repudiation: [],\n  information_disclosure: [],\n  denial_of_service: [],\n  elevation_of_privilege: []\n};\n\nconst lowerThreat = threat.toLowerCase();\n\nif (lowerThreat.includes(\"identity\") || lowerThreat.includes(\"authentication\") || lowerThreat.includes(\"impersonat\") || lowerThreat.includes(\"credential\")) {\n  strideCategories.spoofing.push(threat);\n}\n\nif (lowerThreat.includes(\"tamper\") || lowerThreat.includes(\"modify\") || lowerThreat.includes(\"alter\") || lowerThreat.includes(\"integrity\")) {\n  strideCategories.tampering.push(threat);\n}\n\nif (lowerThreat.includes(\"log\") || lowerThreat.includes(\"audit\") || lowerThreat.includes(\"deny\") || lowerThreat.includes(\"repudiat\")) {\n  strideCategories.repudiation.push(threat);\n}\n\nif (lowerThreat.includes(\"disclosure\") || lowerThreat.includes(\"leak\") || lowerThreat.includes(\"exposure\") || lowerThreat.includes(\"confidential\") || lowerThreat.includes(\"exfiltrat\")) {\n  strideCategories.information_disclosure.push(threat);\n}\n\nif (lowerThreat.includes(\"dos\") || lowerThreat.includes(\"denial\") || lowerThreat.includes(\"availability\") || lowerThreat.includes(\"flood\") || lowerThreat.includes(\"exhaust\")) {\n  strideCategories.denial_of_service.push(threat);\n}\n\nif (lowerThreat.includes(\"privilege\") || lowerThreat.includes(\"escalat\") || lowerThreat.includes(\"authorization\") || lowerThreat.includes(\"admin\") || lowerThreat.includes(\"root\")) {\n  strideCategories.elevation_of_privilege.push(threat);\n}\n\nreturn [{ json: { threat_description: threat, stride_categories: strideCategories, analysis_timestamp: new Date().toISOString() } }];","description":"Categorizes security threats using STRIDE methodology: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. Input should be a threat description or attack scenario."},"typeVersion":1.3},{"id":"936ac68c-98fc-4e3d-a405-b33c7e3fdb34","name":"CVSS Scoring Tool","type":"@n8n/n8n-nodes-langchain.toolCode","position":[1312,928],"parameters":{"jsCode":"const input = $input.first().json;\n\nconst attackVector = input.attack_vector || \"network\";\nconst attackComplexity = input.attack_complexity || \"low\";\nconst privilegesRequired = input.privileges_required || \"none\";\nconst userInteraction = input.user_interaction || \"none\";\nconst scope = input.scope || \"unchanged\";\nconst confidentialityImpact = input.confidentiality_impact || \"high\";\nconst integrityImpact = input.integrity_impact || \"high\";\nconst availabilityImpact = input.availability_impact || \"high\";\n\nconst avScore = attackVector === \"network\" ? 0.85 : attackVector === \"adjacent\" ? 0.62 : attackVector === \"local\" ? 0.55 : 0.2;\nconst acScore = attackComplexity === \"low\" ? 0.77 : 0.44;\nconst prScore = privilegesRequired === \"none\" ? 0.85 : privilegesRequired === \"low\" ? 0.62 : 0.27;\nconst uiScore = userInteraction === \"none\" ? 0.85 : 0.62;\nconst scopeMultiplier = scope === \"changed\" ? 1.08 : 1.0;\n\nconst cScore = confidentialityImpact === \"high\" ? 0.56 : confidentialityImpact === \"low\" ? 0.22 : 0;\nconst iScore = integrityImpact === \"high\" ? 0.56 : integrityImpact === \"low\" ? 0.22 : 0;\nconst aScore = availabilityImpact === \"high\" ? 0.56 : availabilityImpact === \"low\" ? 0.22 : 0;\n\nconst exploitability = 8.22 * avScore * acScore * prScore * uiScore;\nconst impact = 1 - ((1 - cScore) * (1 - iScore) * (1 - aScore));\nconst impactSubScore = 6.42 * impact;\n\nlet baseScore;\nif (impact <= 0) {\n  baseScore = 0;\n} else {\n  if (scope === \"unchanged\") {\n    baseScore = Math.min(exploitability + impactSubScore, 10);\n  } else {\n    baseScore = Math.min(1.08 * (exploitability + impactSubScore), 10);\n  }\n}\n\nbaseScore = Math.round(baseScore * 10) / 10;\n\nlet severity;\nif (baseScore === 0) severity = \"None\";\nelse if (baseScore < 4.0) severity = \"Low\";\nelse if (baseScore < 7.0) severity = \"Medium\";\nelse if (baseScore < 9.0) severity = \"High\";\nelse severity = \"Critical\";\n\nreturn [{ json: { cvss_score: baseScore, severity: severity, exploitability_score: Math.round(exploitability * 10) / 10, impact_score: Math.round(impactSubScore * 10) / 10, parameters: input } }];","description":"Calculates CVSS-style risk scores (0-10 scale) based on attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact. Input should include these parameters as a JSON object."},"typeVersion":1.3},{"id":"48a13efb-69b2-41f2-b65d-f4cc265cfec4","name":"Route by Risk Severity","type":"n8n-nodes-base.switch","position":[1536,720],"parameters":{"rules":{"values":[{"conditions":{"options":{"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"operator":{"type":"string","operation":"equals"},"leftValue":"={{ $json.overall_risk_rating }}","rightValue":"Critical"}]}},{"conditions":{"options":{"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"operator":{"type":"string","operation":"equals"},"leftValue":"={{ $json.overall_risk_rating }}","rightValue":"High"}]}},{"conditions":{"options":{"leftValue":"","caseSensitive":true,"typeValidation":"strict"},"combinator":"and","conditions":[{"operator":{"type":"string","operation":"equals"},"leftValue":"={{ $json.overall_risk_rating }}","rightValue":"Medium"}]}}]},"options":{}},"typeVersion":3.4},{"id":"b23b2fff-6d0e-4508-b0a0-0c7a48ba41c6","name":"Format SOC Alert","type":"n8n-nodes-base.set","position":[1824,624],"parameters":{"options":{},"assignments":{"assignments":[{"id":"id-1","name":"alert_type","type":"string","value":"CRITICAL_SECURITY_THREAT"},{"id":"id-2","name":"timestamp","type":"string","value":"={{ $now.toISO() }}"},{"id":"id-3","name":"risk_rating","type":"string","value":"={{ $json.output.overall_risk_rating }}"},{"id":"id-4","name":"executive_summary","type":"string","value":"={{ $json.output.executive_summary }}"},{"id":"id-5","name":"soc_actions","type":"array","value":"={{ JSON.stringify($json.output.soc_operational_guidance) }}"},{"id":"id-6","name":"threat_vectors","type":"array","value":"={{ JSON.stringify($json.output.threat_intelligence.emerging_attack_vectors) }}"},{"id":"id-7","name":"attack_surface","type":"object","value":"={{ JSON.stringify($json.output.attack_surface) }}"},{"id":"id-8","name":"immediate_actions_required","type":"array","value":"={{ JSON.stringify($json.output.soc_operational_guidance.filter(action => action.priority === 'P0-Critical' || action.priority === 'P1-High')) }}"}]}},"typeVersion":3.4},{"id":"9ce79d98-46cf-4e79-b76a-a0bf2b3d82e3","name":"Format Executive Report","type":"n8n-nodes-base.set","position":[1824,816],"parameters":{"options":{},"assignments":{"assignments":[{"id":"id-1","name":"report_type","type":"string","value":"EXECUTIVE_CYBERSECURITY_POSTURE"},{"id":"id-2","name":"timestamp","type":"string","value":"={{ $now.toISO() }}"},{"id":"id-3","name":"risk_rating","type":"string","value":"={{ $json.output.overall_risk_rating }}"},{"id":"id-4","name":"executive_summary","type":"string","value":"={{ $json.output.executive_summary }}"},{"id":"id-5","name":"overall_cvss_score","type":"number","value":"={{ $json.output.attack_surface.risk_quantification.overall_cvss_score }}"},{"id":"id-6","name":"critical_assets_at_risk","type":"array","value":"={{ JSON.stringify($json.output.attack_surface.risk_quantification.critical_assets_at_risk) }}"},{"id":"id-7","name":"high_priority_actions","type":"array","value":"={{ JSON.stringify($json.output.soc_operational_guidance.filter(action => action.priority === 'P0-Critical' || action.priority === 'P1-High').map(action => action.action)) }}"},{"id":"id-8","name":"threat_count","type":"number","value":"={{ $json.output.threat_intelligence.emerging_attack_vectors.length }}"}]}},"typeVersion":3.4},{"id":"b8e74e2d-ef16-485b-b133-0ffa7330d5e5","name":"Format Standard Report","type":"n8n-nodes-base.set","position":[1824,1008],"parameters":{"options":{},"assignments":{"assignments":[{"id":"id-1","name":"report_type","type":"string","value":"STANDARD_THREAT_ASSESSMENT"},{"id":"id-2","name":"timestamp","type":"string","value":"={{ $now.toISO() }}"},{"id":"id-3","name":"risk_rating","type":"string","value":"={{ $json.overall_risk_rating }}"},{"id":"id-4","name":"executive_summary","type":"string","value":"={{ $json.executive_summary }}"},{"id":"id-5","name":"threat_intelligence","type":"object","value":"={{ JSON.stringify($json.threat_intelligence) }}"},{"id":"id-6","name":"attack_surface","type":"object","value":"={{ JSON.stringify($json.attack_surface) }}"},{"id":"id-7","name":"soc_operational_guidance","type":"array","value":"={{ JSON.stringify($json.soc_operational_guidance) }}"}]}},"typeVersion":3.4},{"id":"20c8f84c-b9f0-49f6-b912-25fa97be7328","name":"Sticky Note","type":"n8n-nodes-base.stickyNote","position":[192,80],"parameters":{"width":560,"height":336,"content":"## How It Works\nThis workflow automates end-to-end cybersecurity threat analysis using a multi-agent AI architecture, targeting Security Operations Centre (SOC) analysts, security engineers, and IT risk teams responsible for continuous threat monitoring and incident response. The core problem it solves is the slow, fragmented process of manually correlating threat intelligence, scoring vulnerabilities, and producing actionable reports, tasks that demand both speed and consistency under pressure. A manual trigger initiates the Cybersecurity Orchestrator Agent, which coordinates two specialist sub-agents: a Threat Intelligence Agent (backed by security log fetching and risk scoring tools) and an Attack Surface Mapping Agent (leveraging STRIDE analysis and CVSS scoring tools). Each agent operates with its own chat model and memory. Outputs are parsed by a Structured Threat Report Parser, then routed by a Rules-based Risk Severity router into three report formats such as SOC Alert, Executive Report, or Standard Report, ensuring every threat is communicated at the right level of urgency to the right audience."},"typeVersion":1},{"id":"dadce1b5-66ee-43da-b839-52163089203a","name":"Sticky Note1","type":"n8n-nodes-base.stickyNote","position":[768,112],"parameters":{"width":432,"height":256,"content":"## Setup Steps\n1. Connect your LLM API credentials to all Chat Model nodes (Orchestrator, Threat Intelligence, Attack Surface).\n2. Configure the Fetch Security Logs Tool with your SIEM or log source API credentials.\n3. Set risk threshold rules in the Risk Score Calculator node.\n4. Define STRIDE and CVSS parameters in their respective tool nodes.\n5. Set routing thresholds (e.g., CVSS ≥9 → SOC Alert, ≥6 → Executive, <6 → Standard) in Route by Risk Severity."},"typeVersion":1},{"id":"386ae1fc-2b9a-435b-a9ce-79984af9c5bd","name":"Sticky Note2","type":"n8n-nodes-base.stickyNote","position":[1216,-16],"parameters":{"color":4,"width":368,"height":384,"content":"## Prerequisites\n- LLM API key (OpenAI or compatible)\n- SIEM or security log source with API access\n- CVSS and STRIDE configuration parameters\n- Report template definitions for each severity tier\n## Use Cases\n- Auto-triage incoming vulnerability disclosures into severity-ranked reports.\n## Customisation\n- Add more routing branches (e.g., Critical, Zero-Day).\n## Benefits\n- Accelerates threat triage from hours to minutes."},"typeVersion":1},{"id":"05636dee-34e9-4394-9076-908864fdce76","name":"Sticky Note3","type":"n8n-nodes-base.stickyNote","position":[192,432],"parameters":{"color":7,"width":704,"height":640,"content":"##  Trigger, Threat Intelligence & Risk Scoring\n**What:** Threat Intelligence Agent fetches security logs and calculates risk scores.\n**Why:** Grounds AI analysis in real telemetry data, enabling evidence-based risk prioritisation.\n"},"typeVersion":1},{"id":"5930bde6-cd15-4b86-af01-a7c274ed5dfe","name":"Sticky Note4","type":"n8n-nodes-base.stickyNote","position":[912,416],"parameters":{"color":7,"width":560,"height":720,"content":"## Attack Surface Mapping\n**What:** Attack Surface Mapping Agent applies STRIDE methodology and CVSS scoring.\n**Why:** Systematically identifies exploitable vectors and assigns industry-standard severity ratings."},"typeVersion":1},{"id":"3ba42550-082b-4172-9deb-351bb841c290","name":"Sticky Note5","type":"n8n-nodes-base.stickyNote","position":[1488,416],"parameters":{"color":7,"height":720,"content":"## Parse & Route by Severity\n**What:** Structured Threat Report Parser extracts findings; Rules router directs output by risk level.\n**Why:** Ensures outputs are structured and stakeholder-appropriate without manual triage."},"typeVersion":1},{"id":"356d390f-90de-4ac2-9a02-61af59e864c2","name":"Sticky Note6","type":"n8n-nodes-base.stickyNote","position":[1744,416],"parameters":{"color":7,"width":448,"height":736,"content":"## Format & Deliver Report\n**What:** Generates SOC Alert, Executive Report, or Standard Report based on severity routing.\n**Why:** Delivers the right level of detail to the right audience — operational, strategic, or routine."},"typeVersion":1}],"active":false,"pinData":{},"settings":{"binaryMode":"separate","executionOrder":"v1"},"versionId":"c7c263a2-ff2f-4cda-9c3d-529c908cb116","connections":{"CVSS Scoring Tool":{"ai_tool":[[{"node":"Attack Surface Mapping Agent","type":"ai_tool","index":0}]]},"STRIDE Analysis Tool":{"ai_tool":[[{"node":"Attack Surface Mapping Agent","type":"ai_tool","index":0}]]},"Risk Score Calculator":{"ai_tool":[[{"node":"Threat Intelligence Agent","type":"ai_tool","index":0}]]},"Start Threat Analysis":{"main":[[{"node":"Cybersecurity Orchestrator Agent","type":"main","index":0}]]},"Route by Risk Severity":{"main":[[{"node":"Format SOC Alert","type":"main","index":0}],[{"node":"Format Executive Report","type":"main","index":0}],[{"node":"Format Standard Report","type":"main","index":0}]]},"Orchestrator Chat Model":{"ai_languageModel":[[{"node":"Cybersecurity Orchestrator Agent","type":"ai_languageModel","index":0}]]},"Fetch Security Logs Tool":{"ai_tool":[[{"node":"Threat Intelligence Agent","type":"ai_tool","index":0}]]},"Attack Surface Chat Model":{"ai_languageModel":[[{"node":"Attack Surface Mapping Agent","type":"ai_languageModel","index":0}]]},"Threat Intelligence Agent":{"ai_tool":[[{"node":"Cybersecurity Orchestrator Agent","type":"ai_tool","index":0}]]},"Attack Surface Mapping Agent":{"ai_tool":[[{"node":"Cybersecurity Orchestrator Agent","type":"ai_tool","index":0}]]},"Threat Intelligence Chat Model":{"ai_languageModel":[[{"node":"Threat Intelligence Agent","type":"ai_languageModel","index":0}]]},"Structured Threat Report Parser":{"ai_outputParser":[[{"node":"Cybersecurity Orchestrator Agent","type":"ai_outputParser","index":0}]]},"Cybersecurity Orchestrator Agent":{"main":[[{"node":"Route by Risk Severity","type":"main","index":0}]]}}},"lastUpdatedBy":1,"workflowInfo":{"nodeCount":23,"nodeTypes":{"n8n-nodes-base.set":{"count":3},"n8n-nodes-base.switch":{"count":1},"n8n-nodes-base.stickyNote":{"count":7},"n8n-nodes-base.manualTrigger":{"count":1},"@n8n/n8n-nodes-langchain.agent":{"count":1},"n8n-nodes-base.httpRequestTool":{"count":1},"@n8n/n8n-nodes-langchain.toolCode":{"count":2},"@n8n/n8n-nodes-langchain.agentTool":{"count":2},"@n8n/n8n-nodes-langchain.lmChatOpenAi":{"count":3},"@n8n/n8n-nodes-langchain.toolCalculator":{"count":1},"@n8n/n8n-nodes-langchain.outputParserStructured":{"count":1}}},"status":"published","readyToDemo":null,"user":{"name":"Cheng Siong Chin","username":"cschin","bio":"Dr. Cheng Siong CHIN is an n8n workflow creator specializing in AI-powered automation, agent orchestration, and intelligent system integrations. He designs and builds end-to-end workflows that combine LLMs, APIs, and data pipelines to streamline complex processes and deliver production-ready automation solutions. Contact me to discuss custom AI workflows and agent architectures.\n","verified":true,"links":["https://gravatar.com/mysticluminary9fa255f7f5"],"avatar":"https://gravatar.com/avatar/54544f98e839bb9dd9a764ad1e6823eeddb6db5138d201e42f291a7b0a73303f?r=pg&d=retro&size=200"},"nodes":[{"id":38,"icon":"fa:pen","name":"n8n-nodes-base.set","codex":{"data":{"alias":["Set","JS","JSON","Filter","Transform","Map"],"resources":{"generic":[{"url":"https://n8n.io/blog/learn-to-automate-your-factorys-incident-reporting-a-step-by-step-guide/","icon":"🏭","label":"Learn to Automate Your Factory's Incident Reporting: A Step by Step Guide"},{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/automatically-pulling-and-visualizing-data-with-n8n/","icon":"📈","label":"Automatically pulling and visualizing data with n8n"},{"url":"https://n8n.io/blog/database-monitoring-and-alerting-with-n8n/","icon":"📡","label":"Database Monitoring and Alerting with n8n"},{"url":"https://n8n.io/blog/automatically-adding-expense-receipts-to-google-sheets-with-telegram-mindee-twilio-and-n8n/","icon":"🧾","label":"Automatically Adding Expense Receipts to Google Sheets with Telegram, Mindee, Twilio, and n8n"},{"url":"https://n8n.io/blog/no-code-ecommerce-workflow-automations/","icon":"store","label":"6 e-commerce workflows to power up your Shopify s"},{"url":"https://n8n.io/blog/how-to-build-a-low-code-self-hosted-url-shortener/","icon":"🔗","label":"How to build a low-code, self-hosted URL shortener in 3 steps"},{"url":"https://n8n.io/blog/automate-your-data-processing-pipeline-in-9-steps-with-n8n/","icon":"⚙️","label":"Automate your data processing pipeline in 9 steps"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/5-tasks-you-can-automate-with-notion-api/","icon":"⚡️","label":"5 tasks you can automate with the new Notion API "},{"url":"https://n8n.io/blog/automate-google-apps-for-productivity/","icon":"💡","label":"15 Google apps you can combine and automate to increase productivity"},{"url":"https://n8n.io/blog/how-uproc-scraped-a-multi-page-website-with-a-low-code-workflow/","icon":" 🕸️","label":"How uProc scraped a multi-page website with a low-code workflow"},{"url":"https://n8n.io/blog/building-an-expense-tracking-app-in-10-minutes/","icon":"📱","label":"Building an expense tracking app in 10 minutes"},{"url":"https://n8n.io/blog/the-ultimate-guide-to-automate-your-video-collaboration-with-whereby-mattermost-and-n8n/","icon":"📹","label":"The ultimate guide to automate your video collaboration with Whereby, Mattermost, and n8n"},{"url":"https://n8n.io/blog/5-workflow-automations-for-mattermost-that-we-love-at-n8n/","icon":"🤖","label":"5 workflow automations for Mattermost that we love at n8n"},{"url":"https://n8n.io/blog/learn-to-build-powerful-api-endpoints-using-webhooks/","icon":"🧰","label":"Learn to Build Powerful API Endpoints Using Webhooks"},{"url":"https://n8n.io/blog/how-a-membership-development-manager-automates-his-work-and-investments/","icon":"📈","label":"How a Membership Development Manager automates his work and investments"},{"url":"https://n8n.io/blog/a-low-code-bitcoin-ticker-built-with-questdb-and-n8n-io/","icon":"📈","label":"A low-code bitcoin ticker built with QuestDB and n8n.io"},{"url":"https://n8n.io/blog/how-to-set-up-a-ci-cd-pipeline-with-no-code/","icon":"🎡","label":"How to set up a no-code CI/CD pipeline with GitHub and TravisCI"},{"url":"https://n8n.io/blog/benefits-of-automation-and-n8n-an-interview-with-hubspots-hugh-durkin/","icon":"🎖","label":"Benefits of automation and n8n: An interview with HubSpot's Hugh Durkin"},{"url":"https://n8n.io/blog/how-goomer-automated-their-operations-with-over-200-n8n-workflows/","icon":"🛵","label":"How Goomer automated their operations with over 200 n8n workflows"},{"url":"https://n8n.io/blog/aws-workflow-automation/","label":"7 no-code workflow automations for Amazon Web Services"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.set/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Data Transformation"]}}},"group":"[\"input\"]","defaults":{"name":"Edit Fields"},"iconData":{"icon":"pen","type":"icon"},"displayName":"Edit Fields (Set)","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":112,"icon":"fa:map-signs","name":"n8n-nodes-base.switch","codex":{"data":{"alias":["Router","If","Path","Filter","Condition","Logic","Branch","Case"],"resources":{"generic":[{"url":"https://n8n.io/blog/2021-the-year-to-automate-the-new-you-with-n8n/","icon":"☀️","label":"2021: The Year to Automate the New You with n8n"},{"url":"https://n8n.io/blog/how-to-get-started-with-crm-automation-and-no-code-workflow-ideas/","icon":"👥","label":"How to get started with CRM automation (with 3 no-code workflow ideas"},{"url":"https://n8n.io/blog/build-your-own-virtual-assistant-with-n8n-a-step-by-step-guide/","icon":"👦","label":"Build your own virtual assistant with n8n: A step by step guide"},{"url":"https://n8n.io/blog/automation-for-maintainers-of-open-source-projects/","icon":"🏷️","label":"How to automatically manage contributions to open-source projects"}],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.switch/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Flow"]}}},"group":"[\"transform\"]","defaults":{"name":"Switch","color":"#506000"},"iconData":{"icon":"map-signs","type":"icon"},"displayName":"Switch","typeVersion":3,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":565,"icon":"fa:sticky-note","name":"n8n-nodes-base.stickyNote","codex":{"data":{"alias":["Comments","Notes","Sticky"],"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0","subcategories":{"Core Nodes":["Helpers"]}}},"group":"[\"input\"]","defaults":{"name":"Sticky Note","color":"#FFD233"},"iconData":{"icon":"sticky-note","type":"icon"},"displayName":"Sticky Note","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":838,"icon":"fa:mouse-pointer","name":"n8n-nodes-base.manualTrigger","codex":{"data":{"resources":{"generic":[],"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/core-nodes/n8n-nodes-base.manualworkflowtrigger/"}]},"categories":["Core Nodes"],"nodeVersion":"1.0","codexVersion":"1.0"}},"group":"[\"trigger\"]","defaults":{"name":"When clicking ‘Execute workflow’","color":"#909298"},"iconData":{"icon":"mouse-pointer","type":"icon"},"displayName":"Manual Trigger","typeVersion":1,"nodeCategories":[{"id":9,"name":"Core Nodes"}]},{"id":1119,"icon":"fa:robot","name":"@n8n/n8n-nodes-langchain.agent","codex":{"data":{"alias":["LangChain","Chat","Conversational","Plan and Execute","ReAct","Tools"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/root-nodes/n8n-nodes-langchain.agent/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Agents","Root Nodes"]}}},"group":"[\"transform\"]","defaults":{"name":"AI Agent","color":"#404040"},"iconData":{"icon":"robot","type":"icon"},"displayName":"AI Agent","typeVersion":3,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1153,"icon":"file:openAiLight.svg","name":"@n8n/n8n-nodes-langchain.lmChatOpenAi","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.lmchatopenai/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Language Models","Root Nodes"],"Language Models":["Chat Models (Recommended)"]}}},"group":"[\"transform\"]","defaults":{"name":"OpenAI Chat Model"},"iconData":{"type":"file","fileBuffer":"data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNDAiIGhlaWdodD0iNDAiIHZpZXdCb3g9IjAgMCA0MCA0MCIgZmlsbD0ibm9uZSIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj4KPHBhdGggZD0iTTM2Ljg2NzEgMTYuMzcxOEMzNy43NzQ2IDEzLjY0OCAzNy40NjIxIDEwLjY2NDIgMzYuMDEwOCA4LjE4NjYxQzMzLjgyODIgNC4zODY1MyAyOS40NDA3IDIuNDMxNDkgMjUuMTU1NiAzLjM1MTUxQzIzLjI0OTMgMS4yMDM5NiAyMC41MTA1IC0wLjAxNzMxNDggMTcuNjM5MiAwLjAwMDE4NTUzM0MxMy4yNTkxIC0wLjAwOTgxNDY4IDkuMzcyNzMgMi44MTAyNSA4LjAyNTIgNi45Nzc4M0M1LjIxMTM5IDcuNTU0MSAyLjc4MjU4IDkuMzE1MzggMS4zNjEzIDExLjgxMTdDLTAuODM3NDkzIDE1LjYwMTggLTAuMzM2MjMyIDIwLjM3OTQgMi42MDEzMyAyMy42Mjk0QzEuNjkzODEgMjYuMzUzMiAyLjAwNjMyIDI5LjMzNzEgMy40NTc2IDMxLjgxNDZDNS42NDAxNSAzNS42MTQ3IDEwLjAyNzcgMzcuNTY5NyAxNC4zMTI4IDM2LjY0OTdDMTYuMjE3OSAzOC43OTczIDE4Ljk1NzkgNDAuMDE4NSAyMS44MjkyIDM5Ljk5OThDMjYuMjExOCA0MC4wMTEgMzAuMDk5NCAzNy4xODg1IDMxLjQ0NjkgMzMuMDE3MUMzNC4yNjA4IDMyLjQ0MDkgMzYuNjg5NiAzMC42Nzk2IDM4LjExMDggMjguMTgzM0M0MC4zMDcxIDI0LjM5MzIgMzkuODA0NiAxOS42MTk0IDM2Ljg2ODMgMTYuMzY5M0wzNi44NjcxIDE2LjM3MThaTTIxLjgzMTcgMzcuMzg2QzIwLjA3OCAzNy4zODg1IDE4LjM3OTIgMzYuNzc0NyAxNy4wMzI5IDM1LjY1MDlDMTcuMDk0MSAzNS42MTg0IDE3LjIwMDQgMzUuNTU5NyAxNy4yNjkxIDM1LjUxNzJMMjUuMjM0MyAzMC45MTcxQzI1LjY0MTggMzAuNjg1OCAyNS44OTE4IDMwLjI1MjEgMjUuODg5MyAyOS43ODMzVjE4LjU1NDNMMjkuMjU1NyAyMC40OTgxQzI5LjI5MTkgMjAuNTE1NiAyOS4zMTU3IDIwLjU1MDYgMjkuMzIwNyAyMC41OTA2VjI5Ljg4OTZDMjkuMzE1NyAzNC4wMjQ3IDI1Ljk2NjggMzcuMzc3MiAyMS44MzE3IDM3LjM4NlpNNS43MjY0IDMwLjUwNzFDNC44NDc2MyAyOC45ODk2IDQuNTMxMzcgMjcuMjEwOCA0LjgzMjYzIDI1LjQ4NDVDNC44OTEzOCAyNS41MTk1IDQuOTk1MTMgMjUuNTgzMiA1LjA2ODg4IDI1LjYyNTdMMTMuMDM0MSAzMC4yMjU4QzEzLjQzNzggMzAuNDYyMSAxMy45Mzc4IDMwLjQ2MjEgMTQuMzQyOCAzMC4yMjU4TDI0LjA2NjggMjQuNjEwN1YyOC40OTgzQzI0LjA2OTMgMjguNTM4MyAyNC4wNTA1IDI4LjU3NyAyNC4wMTkzIDI4LjYwMkwxNS45Njc5IDMzLjI1MDlDMTIuMzgxNSAzNS4zMTU5IDcuODAxNDQgMzQuMDg4NCA1LjcyNzY1IDMwLjUwNzFINS43MjY0Wk0zLjYzMDEgMTMuMTIwNUM0LjUwNTEyIDExLjYwMDQgNS44ODY0IDEwLjQzNzkgNy41MzE0NCA5LjgzNDE1QzcuNTMxNDQgOS45MDI5IDcuNTI3NjkgMTAuMDI0MiA3LjUyNzY5IDEwLjEwOTJWMTkuMzEwNkM3LjUyNTE5IDE5Ljc3ODEgNy43NzUxOSAyMC4yMTE5IDguMTgxNDUgMjAuNDQzMUwxNy45MDU0IDI2LjA1N0wxNC41MzkxIDI4LjAwMDhDMTQuNTA1MyAyOC4wMjMzIDE0LjQ2MjggMjguMDI3IDE0LjQyNTMgMjguMDEwOEw2LjM3MjY2IDIzLjM1ODJDMi43OTM4MyAyMS4yODU2IDEuNTY2MzEgMTYuNzA2OCAzLjYyODg1IDEzLjEyMTdMMy42MzAxIDEzLjEyMDVaTTMxLjI4ODIgMTkuNTU2OUwyMS41NjQyIDEzLjk0MTdMMjQuOTMwNiAxMS45OTkyQzI0Ljk2NDMgMTEuOTc2NyAyNS4wMDY4IDExLjk3MjkgMjUuMDQ0MyAxMS45ODkyTDMzLjA5NyAxNi42MzhDMzYuNjgyMSAxOC43MDkzIDM3LjkxMDggMjMuMjk1NyAzNS44Mzk1IDI2Ljg4MDhDMzQuOTYzMyAyOC4zOTgzIDMzLjU4MzIgMjkuNTYwOCAzMS45Mzk1IDMwLjE2NThWMjAuNjg5NEMzMS45NDMyIDIwLjIyMTkgMzEuNjk0NSAxOS43ODk0IDMxLjI4OTQgMTkuNTU2OUgzMS4yODgyWk0zNC42MzgzIDE0LjUxNDJDMzQuNTc5NSAxNC40NzggMzQuNDc1OCAxNC40MTU1IDM0LjQwMiAxNC4zNzNMMjYuNDM2OCA5Ljc3Mjg5QzI2LjAzMzEgOS41MzY2NCAyNS41MzMxIDkuNTM2NjQgMjUuMTI4MSA5Ljc3Mjg5TDE1LjQwNDEgMTUuMzg4VjExLjUwMDRDMTUuNDAxNiAxMS40NjA0IDE1LjQyMDQgMTEuNDIxNyAxNS40NTE2IDExLjM5NjdMMjMuNTAzIDYuNzUxNThDMjcuMDg5NCA0LjY4Mjc5IDMxLjY3NDUgNS45MTQwNiAzMy43NDIgOS41MDE2NEMzNC42MTU4IDExLjAxNjcgMzQuOTMyIDEyLjc5MDUgMzQuNjM1OCAxNC41MTQySDM0LjYzODNaTTEzLjU3NDEgMjEuNDQzMUwxMC4yMDY1IDE5LjQ5OTRDMTAuMTcwMiAxOS40ODE5IDEwLjE0NjUgMTkuNDQ2OCAxMC4xNDE1IDE5LjQwNjhWMTAuMTA3OUMxMC4xNDQgNS45Njc4MSAxMy41MDI4IDIuNjEyNzQgMTcuNjQyOSAyLjYxNTI0QzE5LjM5NDIgMi42MTUyNCAyMS4wODkyIDMuMjMwMjUgMjIuNDM1NSA0LjM1MDI4QzIyLjM3NDMgNC4zODI3OCAyMi4yNjkzIDQuNDQxNTMgMjIuMTk5MiA0LjQ4NDAzTDE0LjIzNDEgOS4wODQxM0MxMy44MjY2IDkuMzE1MzggMTMuNTc2NiA5Ljc0Nzg5IDEzLjU3OTEgMTAuMjE2N0wxMy41NzQxIDIxLjQ0MDZWMjEuNDQzMVpNMTUuNDAyOSAxNy41MDA2TDE5LjczNDIgMTQuOTk5M0wyNC4wNjU1IDE3LjQ5OTNWMjIuNTAwN0wxOS43MzQyIDI1LjAwMDdMMTUuNDAyOSAyMi41MDA3VjE3LjUwMDZaIiBmaWxsPSIjN0Q3RDg3Ii8+Cjwvc3ZnPgo="},"displayName":"OpenAI Chat Model","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1179,"icon":"fa:code","name":"@n8n/n8n-nodes-langchain.outputParserStructured","codex":{"data":{"alias":["json","zod"],"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.outputparserstructured/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Output Parsers"]}}},"group":"[\"transform\"]","defaults":{"name":"Structured Output Parser"},"iconData":{"icon":"code","type":"icon"},"displayName":"Structured Output Parser","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1195,"icon":"fa:calculator","name":"@n8n/n8n-nodes-langchain.toolCalculator","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.toolcalculator/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Tools"],"Tools":["Other Tools"]}}},"group":"[\"transform\"]","defaults":{"name":"Calculator"},"iconData":{"icon":"calculator","type":"icon"},"displayName":"Calculator","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1197,"icon":"fa:code","name":"@n8n/n8n-nodes-langchain.toolCode","codex":{"data":{"resources":{"primaryDocumentation":[{"url":"https://docs.n8n.io/integrations/builtin/cluster-nodes/sub-nodes/n8n-nodes-langchain.toolcode/"}]},"categories":["AI","Langchain"],"subcategories":{"AI":["Tools"],"Tools":["Recommended Tools"]}}},"group":"[\"transform\"]","defaults":{"name":"Code Tool"},"iconData":{"icon":"code","type":"icon"},"displayName":"Code Tool","typeVersion":1,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]},{"id":1310,"icon":"fa:robot","name":"@n8n/n8n-nodes-langchain.agentTool","codex":{"data":{"alias":["LangChain","Chat","Conversational","Plan and Execute","ReAct","Tools"],"categories":["AI","Langchain"],"subcategories":{"AI":["Tools"],"Tools":["Recommended Tools"]}}},"group":"[\"transform\"]","defaults":{"name":"AI Agent Tool","color":"#404040"},"iconData":{"icon":"robot","type":"icon"},"displayName":"AI Agent Tool","typeVersion":3,"nodeCategories":[{"id":25,"name":"AI"},{"id":26,"name":"Langchain"}]}],"categories":[{"id":29,"name":"SecOps"},{"id":47,"name":"AI Chatbot"}],"image":[]}}