š SecOps & Security Automation
182 templates ā š Security operations, threat detection, vulnerability scanning, compliance monitoring, and incident response.
š Templates
| Template | Description | š Key Nodes | š Views |
|---|---|---|---|
| š Phishing analysis - URLScan.io and VirusTotal | This n8n workflow automates the analysis of email messages received in a Microsoft Outlook inbox to identify indicators of compromise (IOCs), specifically suspicious URLs. It can be triggered manuaā¦ | HTTP Request, Slack, Microsoft Outlook, urlscan.io, Filter | 67,029 |
| š„ WebSecScan: AI-powered website security auditor | This n8n workflow provides comprehensive website security analysis by leveraging OpenAIās models to detect vulnerabilities, configuration issues, and security misconfigurations. The workflow generaā¦ | HTTP Request, Gmail, AI Agent, OpenAI Chat Model, n8n Form Trigger | 31,104 |
| š„ Intelligent AI digest for security, privacy, and compliance feeds | How it works | RSS Read, Gmail, Schedule Trigger, Filter, AI Agent, Google Gemini Chat Model | 19,960 |
| š„ Analyze email headers for IP reputation and spoofing detection - Gmail | This workflow is ideal for IT professionals, security analysts, and organizations looking to enhance their email security practices. It is particularly useful for those who need to analyze Gmail emā¦ | HTTP Request, Webhook, Gmail Trigger | 18,735 |
| Ssl expiry alert with SSL-Checker.io | Managing SSL certificates manually can be time-consuming and error-prone, often leading to unexpected downtime or security risks due to expired certificates. | Google Sheets, HTTP Request, Gmail, Schedule Trigger | 16,782 |
| Weekly Shodan query - report accidents | This n8n workflow, which runs every Monday at 5:00 AM, initiates a comprehensive process to monitor and analyze network security by scrutinizing IP addresses and their associated ports. It begins bā¦ | HTTP Request, TheHive, Markdown, Schedule Trigger, Filter | 14,399 |
| Automate SIEM alert enrichment with MITRE ATT&CK, Qdrant & Zendesk in n8n | This workflow is ideal for: | Google Drive, Zendesk, AI Agent, Embeddings OpenAI, OpenAI Chat Model, Simple Memory | 14,300 |
| Website scam risk detector with GPT-4o and SerpAPI | This intelligent workflow simplifies the complex task of determining whether a website is legitimate or potentially a scam. By simply submitting a URL through a form, the system initiates a multi-aā¦ | AI Agent, OpenAI Chat Model, SerpApi (Google Search), n8n Form Trigger | 13,485 |
| Monitor data breaches in real-time with Have I Been Pwned | HTTP Request, Schedule Trigger, Read/Write Files from Disk, Convert to File, Extract from File | 11,829 | |
| URL and IP lookups through Greynoise and VirusTotal | This n8n workflow serves as a powerful cybersecurity and threat intelligence tool to look up URLs or IP addresses through industry standard threat intelligence vendors. It starts with either a formā¦ | HTTP Request, Slack, Webhook, Gmail, Filter, n8n Form Trigger | 9,811 |
| Analyze & sort suspicious email contents with ChatGPT | This workflow is tailored for IT security teams, managed service providers (MSPs), and organizations aiming to streamline the detection and reporting of phishing emails. Itās especially useful for ā¦ | HTTP Request, Jira Software, Gmail Trigger, Convert to File, Microsoft Outlook Trigger, OpenAI | 8,781 |
| Automated URL phishing & threat analysis with NixGuard AI | Stop manually checking suspicious links. This free n8n workflow provides the foundation for a powerful, automated URL analysis pipeline. Using the NixGuard AI engine, you can instantly analyze suspā¦ | Slack, Webhook, Execute Sub-workflow | 7,843 |
| Comprehensive SSL certificate monitoring with Discord alerts and Notion integration | !Screenshot 20250704 at 18.13.54.png | HTTP Request, Discord, Notion, SSH, Schedule Trigger | 7,587 |
| Analyze emails with S1EM | With workflow, you analyze Email with TheHive/Cortex | Email Trigger (IMAP), Start, Cortex, TheHive | 7,330 |
| Suspicious login detection | This n8n workflow is designed for security monitoring and incident response when suspicious login events are detected. It can be initiated either manually from within the n8n UI for testing or autoā¦ | HTTP Request, Postgres, Slack, Webhook, Gmail | 7,242 |
| OTX & OpenAI web security check | Input: A user provides a website URL via a simple web form. | HTTP Request, Gmail, AI Agent, OpenAI Chat Model, n8n Form Trigger | 6,997 |
| Monitor security advisories | This n8n workflow automates the monitoring and notification of Palo Alto Networks security advisories. It is triggered manually from within the n8n UI or scheduled to run daily at midnight using thā¦ | RSS Read, Jira Software, Gmail, Customer Datastore (n8n training), Schedule Trigger, Filter | 6,726 |
| Analyze CrowdStrike detections - Search for IOCs in VirusTotal - Create a ticket in Jira, and post a message in Slack | This n8n workflow automates the handling of security detections from CrowdStrike, streamlining incident response and notification processes. The workflow is triggered daily at midnight by the Schedā¦ | HTTP Request, Slack, Jira Software | 5,804 |
| š² Creating a Secure Webhook - MUST HAVE | This workflow demonstrates a fundamental pattern for securing a webhook by requiring an API key. It acts as a gatekeeper, checking for a valid key in the request header before allowing the request ā¦ | HTTP Request, Webhook, Filter | 5,599 |
| Analyze email headers for IP reputation and spoofing detection - Outlook | This workflow is ideal for security teams, IT Ops professionals, and managed service providers (MSPs) responsible for monitoring and validating email traffic. Itās especially useful for organizatioā¦ | HTTP Request, Webhook, Microsoft Outlook Trigger | 5,361 |
| Analyze email headers for IPs and spoofing | This n8n workflow is designed to analyze email headers received via a webhook. The workflow splits into two main paths based on the presence of the received and authentication results headers. | HTTP Request, Webhook | 5,071 |
| Analyze suspicious email contents with ChatGPT Vision | This workflow is designed for IT teams, security professionals, and managed service providers (MSPs) looking to automate the process of detecting, analyzing, and reporting phishing emails. | HTTP Request, Jira Software, Gmail Trigger, Microsoft Outlook Trigger, OpenAI | 4,718 |
| Ssl certificate expiry notifier (no paid APIs) | Great ā hereās a complete Workflow Description for your n8n Creator submission based on the JSON you shared: | Send Email, Google Sheets, HTTP Request, Schedule Trigger | 4,383 |
| Track CVE vulnerability details & history with NVD API and Google Sheets | NVD (National Vulnerability Database) data is essential for security analysts, vulnerability managers, and DevSecOps professionals who need to perform both CVE lookups and monitor historical changeā¦ | Google Sheets, HTTP Request, Webhook | 3,785 |
| Parse DMARC reports, save them in database and notify on DKIM or SPF error | If you are a postmaster or you manage email server, you can set up DKIM and SPF records to ensure that spoofing your email address is hard. On your domain you can also set up DMARC record to receivā¦ | Email Trigger (IMAP), Send Email, Rename Keys, Slack, MySQL, Extract from File | 3,493 |
| Create executive security briefings with NixGuard AI & Wazuh alerts | Drowning in security alerts? Spending hours translating technical logs from Wazuh, your SIEM, or other tools into business-friendly reports for leadership? This n8n workflow is your automated Securā¦ | Send Email, Execute Sub-workflow, Schedule Trigger | 3,483 |
| Get real-time security insights with NixGuard RAG and Wazuh integration | Effortlessly integrate NixGuard API into your n8n workflows for real-time security insights using your API key. This connector enables seamless interaction with Nix, providing rapid Retrieval-Augmeā¦ | HTTP Request, Execute Workflow Trigger, Chat Trigger | 3,340 |
| Monitor SSL certificate of any domain with uProc | Do you want to check the SSL certificate expiration dates of your customers or servers? | Function Item, Start, Telegram, uProc | 2,991 |
| Qualys vulnerability trigger scan subWorkflow | - Trigger: Launched by a parent workflow through a Slack shortcut with modal input. | HTTP Request, Slack, Execute Workflow Trigger | 2,941 |
| MFA multi-factor authentication (Voice call and Email) with ClickSend and SMTP | This workflow automates the process of sending voice calls for verification purposes and combines it with email verification. It uses the ClickSend API for voice calls and integrates with SMTP for ā¦ | Send Email, HTTP Request, n8n Form Trigger, n8n Form | 2,810 |
| Network vulnerability scanner with NMAP and automated CVE reporting | This n8n workflow provides comprehensive network vulnerability scanning with automated CVE enrichment and professional report generation. It performs Nmap scans, queries the National Vulnerability ā¦ | Send Email, Webhook, Telegram, Schedule Trigger, n8n Form Trigger, Read/Write Files from Disk | 2,707 |
| Malicious file detection & response: Wazuh to VirusTotal with Slack alerts | This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash validation, and integrated summary/report generation. Itās ideaā¦ | HTTP Request, Slack, Webhook, Gmail, ServiceNow | 2,643 |
| Audit Google Drive file permissions for access control management | File Sharing Permissions are routinely abused when access needs and scopes expand to many colleagues, clients and users. Often, granting excessively open permissions means you can get back to work ā¦ | Google Sheets, Google Drive, Gmail, Schedule Trigger, Filter | 2,516 |
| Filter cybersecurity news for your tech stack (OpenAI + Pinecone RAG) | Collects cybersecurity news from trusted RSS feeds and uses OpenAIās Retrieval-Augmented Generation (RAG) capabilities with Pinecone to filter for content that is directly relevant to your organizaā¦ | RSS Read, Gmail, Schedule Trigger, AI Agent, Embeddings OpenAI, OpenAI Chat Model | 2,275 |
| Receive and analyze emails with rules in Sublime Security | This n8n workflow provides a comprehensive automation solution for processing email attachments, specifically targeting enhanced security protocols for organizations that use platforms like Outlookā¦ | Email Trigger (IMAP), HTTP Request, Slack, Convert to/from binary data | 2,271 |
| Monitor SSL certificate expiry with Google Sheets and multi-channel alert | This workflow is ideal for administrators or IT professionals responsible for monitoring SSL certificates of multiple websites to ensure they do not expire unexpectedly. | Google Sheets, HTTP Request, Telegram, Gmail, Schedule Trigger | 2,116 |
| AI-powered vulnerability scanner with Nessus, risk triage & Google Sheets reporting | Security teams, DevOps engineers, vulnerability analysts, and automation builders who want to eliminate repetitive Nessus scan parsing, AI-based risk triage, and manual reporting. Designed for orgsā¦ | Send Email, Function, Google Sheets, HTTP Request, Schedule Trigger | 2,098 |
| Create, update and get a case in TheHive | !workflow-screenshot | Start, TheHive | 2,051 |
| AI privacy-minded router: PII detection for privacy, security, & compliance | Organizations need AI capabilities while ensuring: | AI Agent, Ollama Chat Model, Simple Memory, Chat Trigger, OpenRouter Chat Model | 2,042 |
| Slack webhook - verify signature | This template will help you verify that incoming calls from a Slack webhook actually come from Slack and not some unknown third-party services. | Stop and Error, Execute Workflow Trigger | 2,035 |
| Encrypt some data using the crypto node | Companion workflow for Crypto node docs | Start | 2,025 |
| Notify user in Slack of quarantined email and create Jira ticket if opened | This n8n workflow serves as an incident response and notification system for handling potentially malicious emails flagged by Sublime Security. It begins with a Webhook trigger that Sublime Securitā¦ | HTTP Request, Slack, Webhook, Jira Software | 2,005 |
| Generate, retrieve and download a report using the SecurityScorecard | This workflow allows you to generate, retrieve and download a report using the SecurityScorecard node. | Start, SecurityScorecard | 2,004 |
| Automate Wazuh alert triage and reporting with GPT-4o-mini and Telegram | This n8n workflow supercharges your SOC by fully automating triage, analysis, and notification for Wazuh alertsāblending event-driven automation, OpenAI-powered contextual analysis, and real-time cā¦ | Webhook, Telegram, Summarization Chain, OpenAI Chat Model | 1,941 |
| AI-Powered Vendor Policy & RSS Feed Analysis with Integrated Risk Scoring | A dual-engine, AI-driven n8n workflow that automates the monitoring of both vendor policy webpages and compliance-related RSS feeds. It intelligently detects recent updates, evaluates their potentiā¦ | HTTP Request, RSS Read, Gmail, Schedule Trigger, Filter, AI Agent | 1,937 |
| Cybersecurity assistant with GPT-4, Telegram bot & command execution | QuantumDefender AI is a next-generation intelligent cybersecurity assistant designed to harness the symbolic strength of quantum computingās promise alongside cutting-edge AI capabilities. This sopā¦ | Telegram, Telegram Trigger, AI Agent, OpenAI Chat Model, Simple Memory, Calculator | 1,878 |
| IP reputation check & SOC alerts with Splunk, VirusTotal and AlienVault | This workflow automates IP reputation analysis using Splunk alerts, enriches data via VirusTotal and AlienVault OTX, and generates actionable threat summaries for SOC teams ā all without any coding. | HTTP Request, Slack, Webhook, Gmail, ServiceNow | 1,877 |
| Automate free IP analysis: NixGuard AI summaries & Wazuh integration | Stop wasting time manually investigating suspicious IP addresses. This workflow template is your launchpad to automating real-time IP cybersecurity analysis using the NixGuard platform, which you cā¦ | Slack, Webhook, Execute Sub-workflow | 1,813 |
| Subdomain enumeration with Subfinder, HTTPX & GPT-4-Mini for security reconnaissance | Generates a wordlist of 1,000ā15,000 subdomains created by an AI agent by correlating detected technologies and recurring patterns. | HTTP Request, Webhook, SSH, Convert to File, Extract from File, Summarize | 1,807 |
| Report phishing websites to Steam and CloudFlare | Webhook to report through Mailgun phishing websites to Steam and CloudFlare (if the domain is on CloudFlare) | Mailgun, Start, Webhook | 1,713 |
| Monitor software compliance with Jamf patch summaries in Slack | š§© Jamf Patch Summary to Slack | HTTP Request, Slack, Filter | 1,673 |
| Automated SSL Certificate Monitoring and Renewal with Notion and Telegram | Automatically fetch existing domains from Notionās Database and verify the validity of SSL certificates through SSL-Checker. If the validity period is less than 14 days, send a Telegram message notā¦ | HTTP Request, Telegram, Execute Sub-workflow, Notion, SSH, Execute Workflow Trigger | 1,569 |
| Automated CVE scanning of Bug Bounty programs with Nuclei and Project Discovery | Automates daily CVE-driven scanning against bug bounty scopes. It fetches bug-bounty domains, pulls newly published Project Discovery templates, converts them to Nuclei rules, runs targeted scans, ā¦ | HTTP Request, Gmail, SSH, Schedule Trigger, Filter, Convert to File | 1,401 |
| Automate security alert triage with NixGuard AI and route to Slack or Jira | Are you drowning in a sea of security notifications? Do your analysts spend more time sifting through low-level logs than investigating real threats? This workflow transforms n8n into an autonomousā¦ | Slack, Execute Sub-workflow, Schedule Trigger | 1,393 |
| Complete guide to setting up and generating TOTP codes in n8n š | 1. Receive the QR Code from the 2FA service | TOTP | 1,373 |
| AI-powered domain & IP security check automation | !AI5.png!AI4.png | Google Sheets, HTTP Request, Schedule Trigger, AI Agent, Simple Memory, OpenRouter Chat Model | 1,363 |
| Web security scanner for OWASP compliance with Markdown reports | How the n8n OWASP Scanner Works & How to Set It Up | HTTP Request, Gmail, n8n Form Trigger, Convert to File | 1,340 |
| Enhance security operations with the Qualys Slack shortcut bot! | !n8n | HTTP Request, Webhook, Execute Sub-workflow | 1,299 |
| Qualys scan Slack report subworkflow | This workflow is a sub workflow of the Qualys Slack Shortcut Bot workflow. It is triggered when someone fills out the modal popup in slack generated by the Qualys Slack Shortcut Bot. | HTTP Request, Slack, Execute Workflow Trigger | 1,255 |
| Scan URLs for security threats with urlscan.io and GPT-4o mini | ā¢ Webhook ā urlscan.io ā GPT-4o mini ā Gmail | Webhook, Gmail, urlscan.io, OpenAI | 1,228 |
| Automated GitHub scanner for exposed AWS IAM keys | This n8n workflow automatically scans GitHub for exposed AWS IAM access keys associated with your AWS account, helping security teams quickly identify and respond to potential security breaches. Whā¦ | HTTP Request, Slack | 1,223 |
| JavaScriptSentry: detect sensitive information in JavaScript | This workflow contains community nodes that are only compatible with the self-hosted version of n8n. | Gmail, AI Agent, OpenAI Chat Model, n8n Form Trigger | 1,186 |
| Save Qualys reports to TheHive | !n8n | HTTP Request, Execute Sub-workflow, n8n, Schedule Trigger, Filter, TheHive 5 | 1,182 |
| Automate AI vulnerability monitoring with GPT-4 and ServiceNow incident creation | This n8n workflow automatically monitors RSS feeds for the latest AI vulnerability news, extracts key threat details, and creates a corresponding Security Incident in ServiceNow for each item. | RSS Read, ServiceNow, Schedule Trigger, OpenAI Chat Model, Information Extractor, Jina AI | 1,161 |
| Manage group members in Bitwarden automatically | This workflow allows you to create a group, add members to the group, and get the members of the group. | Bitwarden | 1,141 |
| Venafi Cloud Slack cert bot | Venafi Presentation - Watch Video | HTTP Request, Slack, Webhook, Execute Sub-workflow, Venafi TLS Protect Cloud, OpenAI | 1,103 |
| Automate CVE monitoring with OpenAI processing for ServiceNow security incidents | This n8n workflow automatically fetches the latest CVE data at scheduled intervals, extracts relevant security details, and creates a corresponding Security Incident in ServiceNow for each new vulnā¦ | HTTP Request, ServiceNow, Schedule Trigger, OpenAI Chat Model, Information Extractor | 1,094 |
| Monitor authentication IPs from SaaS alerts & email reports via SMTP2Go | This n8n workflow automates the process of collecting sign-in IP addresses from SaaS Alerts over the past 24 hours and emailing the results using SMTP2Go. Designed for security teams, IT administraā¦ | HTTP Request, Convert to/from binary data, n8n Form Trigger, Convert to File | 1,086 |
| š ļø TheHive tool MCP server | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 1,081 |
| Automated lead generation & qualification with Google Maps, GPT-4 & HubSpot | This n8n workflow automates CVE tracking by retrieving vulnerability details from the NVD API š”ļø, organizing and updating the data in Google Sheets š, and optionally alerting teams via Slack or Emaā¦ | Google Sheets, HTTP Request, Slack, HubSpot, OpenAI | 1,038 |
| Prevent prompt injection attacks with a GPT-4O security defense system | Protect your AI workflows from prompt injection attacks, XSS attempts, and malicious content with this multi-layer security sanitization system. | Send Email, Webhook, OpenAI | 1,015 |
| Detect multi-source transaction fraud and reconcile finances with OpenAI, Nvidia NIM, Gmail, Slack and Google Sheets | This workflow automates financial transaction surveillance by monitoring multiple payment systems, analyzing transaction patterns with AI, and triggering instant fraud alerts. Designed for finance ā¦ | HTTP Request, Postgres, Slack, Webhook, Gmail, Schedule Trigger | 1,013 |
| Send TheHive alerts using SIGNL4 | This sample workflow allows you to forward alerts from TheHive 5 to SIGNL4 in order to send reliable alerts to your team. | Start, Webhook, SIGNL4, TheHive | 1,012 |
| Receive updates when an event occurs in TheHive | !workflow-screenshot | Start, TheHive Trigger | 1,005 |
| Monitor new CVEs for bug bounty hunting with Gemini AI and Slack alerts | Automatically monitors NISTās CVE database every hour for new vulnerabilities and uses AI to assess their relevance for bug bounty hunting, delivering actionable intelligence directly to Slack. | HTTP Request, Slack, Schedule Trigger, AI Agent, Google Gemini Chat Model | 995 |
| Automated security alert analysis with Sophos, Gemini AI, and VirusTotal | This workflow automates the analysis of security alerts from Sophos Central, turning raw events into actionable intelligence. It uses the official Sophos SIEM integration tool to fetch data, enrichā¦ | HTTP Request, Webhook, Telegram, AI Agent, Simple Memory, Google Gemini Chat Model | 975 |
| Get the job details using the Cortex node | !workflow-screenshot | Start, Cortex | 909 |
| Monitor CISA critical vulnerability alerts with RSS feed & Slack notifications | This concise workflow efficiently captures, filters, and delivers crucial cybersecurity-related mentions. | Slack, RSS Feed Trigger | 879 |
| Auto remediate endpoint infections with Wazuh, ClamAV, and GPT-4 | Reduce human delays between malware detection and remediation in MSSP/SOC environments. This workflow automates full endpoint antivirus scanning immediately after high-severity endpoint infection wā¦ | Webhook, Telegram, SSH, AI Agent, Summarization Chain, OpenAI Chat Model | 873 |
| Security reconnaissance with Google Dorks, Parsera scraping, and Gmail reports | This workflow contains community nodes that are only compatible with the self-hosted version of n8n. | Gmail, n8n Form Trigger | 838 |
| Scan single URLs for security vulnerabilities with GPT-4 (JS, PHP, Python) | This workflow automates static security analysis for JavaScript, PHP, and Python codebases. | Google Drive, Filter, AI Agent, OpenAI Chat Model, n8n Form Trigger | 830 |
| Automated AWS IAM key compromise response with Slack & Claude AI | This n8n workflow provides a secure, enterprise-grade response system for AWS IAM access key compromises with built-in form submission and human approval mechanisms. When an AWS access key is suspeā¦ | HTTP Request, Slack, AI Agent, Anthropic Chat Model, n8n Form Trigger, AWS IAM | 817 |
| Fraudulent booking detector: Identify suspicious travel transactions with Google Gemini | This automated n8n workflow detects and manages fraudulent booking transactions through comprehensive AI-powered analysis and multi-layered security checks. The system processes incoming travel booā¦ | Google Sheets, HTTP Request, Webhook, Gmail, AI Agent, Google Gemini Chat Model | 810 |
| Extract actionable security insights from HackerOne reports with Google Gemini | A streamlined AI-powered tool that extracts actionable technical insights from HackerOne security reports for advanced bug bounty hunters. | AI Agent, Chat Trigger, Google Gemini Chat Model | 773 |
| Monitor cybersecurity brand mentions on X and send alerts to Slack | This concise workflow efficiently captures, filters, and delivers crucial cybersecurity-related mentions. | Slack, X (Formerly Twitter), Schedule Trigger | 751 |
| Automate external attack surface mapping with Shodan API and DNS lookups | The Bug Bounty Target Recon n8n workflow is a powerful automation tool for security professionals and ethical hackers. | Google Sheets, HTTP Request | 741 |
| Automate regulatory compliance monitoring with ScrapeGraphAI and email alerts | This workflow automatically monitors government regulatory changes and provides comprehensive compliance tracking and executive alerts. | Send Email, Schedule Trigger | 737 |
| New TheHive case Slack notification bot | !theHive | HTTP Request, Slack, Webhook, TheHive 5, TheHive 5 Trigger | 694 |
| Check suspicious links via Telegram with GPT-4 analysis of VirusTotal & urlscan.io results | The workflow is designed to scan submitted URLs using urlscan.io and VirusTotal, combine the results into a single structured summary, and send the report via Telegram. | Google Sheets, HTTP Request, Telegram, Telegram Trigger, urlscan.io, AI Agent | 690 |
| Send organized security CVE digests from NVD with AI-polished summaries to Gmail | Summary | HTTP Request, Gmail, Schedule Trigger, OpenAI | 669 |
| Monitor VPS security with GPT-4 mini analysis via SSH and Telegram alerts | This n8n template automatically monitors your VPS for suspicious processes and network connections using AI analysis. It connects to your server via SSH, analyzes running processes, and sends Telegā¦ | Telegram, SSH, Schedule Trigger, Basic LLM Chain, OpenAI Chat Model, Structured Output Parser | 653 |
| IP threat intelligence report generator with VirusTotal, OpenAI and Google Docs | Cybersec IP Intelligence Gatherer | HTTP Request, Google Docs, AI Agent, OpenAI Chat Model, n8n Form Trigger | 643 |
| Validate TOTP token (without creating a credential) | This template allows you to verify if a 6-digit TOTP code is valid using the corresponding TOTP secret. It can be used in an authentication system. | 629 | |
| Monitor SSL certificate expiry with Google Sheets and email alerts | This n8n template automatically monitors SSL certificates of websites listed in a Google Sheet and sends email alerts if any are expiring within 14 days. It helps ensure you avoid downtime, securitā¦ | Send Email, Google Sheets, HTTP Request, Schedule Trigger | 620 |
| Monitor domains & IPs on AbuseIPDB blacklist with Slack alerts | The automated blacklist monitor is designed to be a proactive, not reactive, tool. Here is the high-level process: | HTTP Request, Slack, Schedule Trigger | 523 |
| IP geolocation & HTTP port scanning with Google Sheets | This n8n template automatically enriches IP addresses with geolocation data and performs HTTP port scanning when new IPs are added to a Google Sheets document. Perfect for network monitoring, securā¦ | Google Sheets, HTTP Request, Google Sheets Trigger | 513 |
| Automated weekly security audit reports with Gmail delivery | This workflow automatically generates and emails a comprehensive security audit report for your N8N instance every week. It identifies potential security risks related to: | Cron, Gmail, n8n | 474 |
| Automate CVE detection with AI-powered Nuclei template generation & Google Drive | Automates collection, technical extraction, and automatic generation of Nuclei templates from public CVE PoCs. | HTTP Request, Google Drive, SSH, Schedule Trigger, AI Agent, OpenAI Chat Model | 431 |
| Proxy detection by IP2Proxy - MCP server | Complete MCP server exposing 1 IP2Proxy Proxy Detection API operations to AI agents. | MCP Server Trigger | 428 |
| IAM compliance automation: enforce MFA and clean up access keys in AWS | > This workflow leverages AWS IAM APIs and n8n automation to ensure strict security compliance by continuously monitoring IAM users for MFA (Multi-Factor Authentication) enforcement. | HTTP Request, Slack, Schedule Trigger, Filter, AWS IAM | 407 |
| Generate security vulnerability reports with Google Dorks, SerpAPI and PDF4me | How it Works: | Gmail, n8n Form Trigger | 372 |
| Intelligent real-time financial fraud detection and risk scoring engine | Automates fraud risk detection for financial transactions by analyzing real-time webhook events through AI-powered scoring. Target audience: fintech companies, payment processors, and banking teamsā¦ | Send Email, Google Sheets, HTTP Request, Slack, Webhook, AI Agent | 370 |
| Triage AWS security misconfigurations with GPT-4.1 Mini and send alerts to Gmail | Automatically triages risky AWS misconfigurations and alerts your team. | Airtable, HTTP Request, Webhook, Gmail, OpenAI | 368 |
| Monitor security logs for failed login attempts with Slack alerts | This workflow efficiently processes logs to detect anomalies. | HTTP Request, Slack, Schedule Trigger | 348 |
| Kubernetes deployment & pod monitoring with Telegram alerts | - Open the āKubeconfig Setupā node | Write Binary File, Telegram, Schedule Trigger | 346 |
| File hash verification for AI agents with hashlookup CIRCL API | Complete MCP server exposing 11 hashlookup CIRCL API operations to AI agents. | MCP Server Trigger | 342 |
| Automated DNS records lookup for subdomains with HackerTarget API reports | š§ EnumX: Auto DNS Lookup for Subdomains with Markdown Export | HTTP Request, Gmail | 335 |
| Monitor remote server file integrity with SSH and Slack alerts | This workflow efficiently performs a scheduled file integrity audit. | Cron, Slack, SSH | 334 |
| Auto-renew AWS certificates with Slack approval workflow | - SRE/DevOps teams managing many ACM certs. | Slack, AWS Certificate Manager, Schedule Trigger, Filter | 317 |
| š ļø Elastic Security Tool MCP Server šŖ all 14 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 290 |
| Monitor & alert on inactive AWS IAM users with Slack notifications | > Weekly job that finds IAM users with no activity for > 90 days and notifies a Slack channel. | HTTP Request, Slack, Schedule Trigger, Filter, AWS IAM | 278 |
| Monitor email data breaches with HIBP API and send Slack alerts | This workflow efficiently performs a scheduled data breach scan. | HTTP Request, Slack, Schedule Trigger | 272 |
| SSL/TLS certificate expiry monitor with Slack alert | This workflow efficiently monitors your domains for certificate expiry. | HTTP Request, Slack, Schedule Trigger | 248 |
| Scan URLs with urlscan.io and send results via Gmail | Receive a URL via Webhook, submit it to urlscan.io, wait ~30 seconds for artifacts (e.g., screenshot), then email a clean summary with links to the result page, screenshot, and API JSON. | Webhook, Gmail, urlscan.io | 245 |
| AI-powered security analysis for n8n with Google Gemini and n8n audit API | This workflow provides a deep-dive security assessment of an n8n instance using the native Audit API and AI analysis. | HTTP Request, Basic LLM Chain, Structured Output Parser, n8n Form Trigger, Google Gemini Chat Model, n8n Form | 244 |
| BlueOps Auto CVE & IOC feed ingestor with OpenAI risk triage & email alerts | This Blue Team workflow ingests threat intelligence from public CVE and IOC feeds, merges the data, performs automated triage using OpenAI, and routes actionable alerts via email. | Send Email, Google Sheets, HTTP Request, Schedule Trigger | 235 |
| Send Slack alerts for AWS IAM access keys older than 365 days | HTTP Request, Slack, Schedule Trigger, Filter, AWS IAM | 226 | |
| Cyberpulse AI GRC: Automate security questionnaire responses | Description | Google Sheets, Webhook, Google Drive, Gmail, OpenAI | 199 |
| š ļø Microsoft Entra ID tool MCP server šŖ all 12 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 196 |
| Secure user emails with AES-256 encryption and verification system | Professional-Grade AES-256 Data Protection for n8n | 182 | |
| Monitor SSL certificates for brand-impersonating domains with crt.sh, Urlscan.io and Slack | This workflow monitors SSL certificate logs to find and scan new domains that might be impersonating your brand. | HTTP Request, Slack, urlscan.io, Schedule Trigger | 177 |
| š ļø Microsoft Graph Security Tool MCP server šŖ all 5 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 177 |
| š ļø MISP tool MCP server šŖ all 44 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 168 |
| Automated Wazuh rule deployment pipeline with GitHub, XML validation & Telegram alerts | š Say Goodbye to Manual Rule Deployments in Wazuh! | Github Trigger, HTTP Request, Telegram, SSH | 158 |
| Real-time security threat dashboard with Google Sheets, AI risk analysis & email alerts | š¤ Who itās for | Send Email, Google Sheets, HTTP Request, Schedule Trigger | 158 |
| š ļø Okta tool MCP server šŖ all 5 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 154 |
| Monitor SSL certificate expiry dates with Google Sheets & Slack alerts | > ā ļø Notice: | Google Sheets, Slack, Schedule Trigger | 149 |
| Automated APK security scanning & PDF reporting with MobSF, AI & Google Drive | This workflow automatically analyzes any newly uploaded APK file and produces a clean, professional PDF security report. When an APK appears in Google Drive, the workflow downloads it, sends it to ā¦ | HTTP Request, Google Drive, Google Drive Trigger, OpenAI | 143 |
| Auto-classify security incidents with GPT-4 and Google Sheets for SOC teams | Blue Team leads, SOC analysts, and IT responders looking to automatically classify security alerts using AI-driven logic and asset-based risk signals. | Google Sheets, HTTP Request, Schedule Trigger | 138 |
| š ļø SecurityScorecard tool MCP server šŖ all 19 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 135 |
| Export Jamf policies to Slack as CSV for instant auditing | Quickly export and review your entire Jamf policy configurationāincluding triggers, frequencies, and scopeādirectly in Slack. | HTTP Request, Slack, Webhook, Convert to File | 133 |
| Automate cybersecurity incident response with Claude AI, VirusTotal and Slack | This workflow automates end-to-end cybersecurity incident response by ingesting alerts from multiple sources, enriching threat intelligence, assessing severity with Claude AI, executing containmentā¦ | Google Sheets, HTTP Request, Webhook, AI Agent, Anthropic Chat Model | 131 |
| š ļø Bitwarden tool MCP server šŖ all 19 operations | Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? | MCP Server Trigger | 131 |
| Monitor zero-day threats with Anthropic Claude, Airtable, Slack and Jira | This workflow continuously monitors CVE databases, threat intelligence feeds, and public security advisories to surface emerging zero-day threats, correlates them against your registered infrastrucā¦ | Airtable, Send Email, Google Sheets, HTTP Request, Webhook, Schedule Trigger | 130 |
| n8n enterprise AI security firewall ā guardrails for secure agents | This workflow provides a complete testing rig for evaluating text against seven essential AI guardrails used in production systems. | Google Sheets, Google Gemini Chat Model, Guardrails | 124 |
| CYBERPULSE AI RedOps: internal phishing simulation for security training | Simulate phishing awareness campaigns using OpenAI-generated emails. Send to target lists, log clicks with a webhook, and store results in Google Sheets. Built for internal testing and cyber awarenā¦ | Google Sheets, Webhook, Gmail, AI Agent, OpenAI Chat Model | 123 |
| Automate vulnerability triage from Snyk with Jira, Slack & Airtable integration | This workflow receives vulnerability data(e.g., Snyk, Dependabot or any security scanner) from Snyk through a webhook, standardizes and validates the payload, checks Jira for duplicates using a uniā¦ | Airtable, Function, Slack, Webhook, Jira Software | 122 |
| Monitor compliance with GPT-4 analysis of system logs and generate audit reports | This solution centralizes communication data from Slack, Microsoft Teams, Gmail, and GitHub into a unified AI-powered analysis and documentation workflow for teams managing distributed knowledge. Mā¦ | HTTP Request, Gmail, Schedule Trigger, AI Agent, OpenAI Chat Model, Structured Output Parser | 117 |
| CYBERPULSE AI GRC: automate PCI DSS control evaluation and compliance tracking | Description | Google Sheets, Filter | 116 |
| Automated failed login detection with Jira tasks, Slack alerts & Notion logging | Webhook: Failed Login Attempts ā Jira Security Case ā Slack Warnings | Function, Slack, Webhook, Jira Software, Notion | 116 |
| Discord server anti-impersonation / scammer tracker with data tables | This n8n template demonstrates how to automatically monitor and track username and nickname changes across your Discord server members. Perfect for community moderation, security monitoring, and maā¦ | Discord, Schedule Trigger, Data table | 104 |
| Monitor SSL certificate expiry with Google Sheets and SMTP email alerts | DevOps engineers, sysadmins, and website owners who manage multiple domains and need proactive SSL certificate expiration monitoring without manual checks. | Send Email, Google Sheets, Schedule Trigger | 98 |
| Automate security incident response with Google Sheets, email alerts and EDR isolation | š¤ Who itās for | Send Email, Google Sheets, HTTP Request, Schedule Trigger | 92 |
| Monitor cybersecurity compliance and send weekly reports via SIEM, Jira, PostgreSQL, Slack and email | This n8n workflow automates continuous compliance monitoring across IT, OT, and cloud environments by aggregating security controls, validating policies (ISO 27001, NIST, GDPR, SOC2), detecting anoā¦ | Send Email, HTTP Request, Postgres, Schedule Trigger, Filter | 91 |
| Track software security patents with ScrapeGraphAI, Notion, and Pushover alerts | !Workflow Preview Image | HTTP Request, Pushover, Notion, Schedule Trigger | 91 |
| CYBERPULSE AI redOps: credential trap sim: fake login page simulation | Simulate a phishing login page to test user behavior and SOC response. This controlled workflow sends trap links to predefined targets and logs simulated interaction resultsāwithout capturing real ā¦ | Google Sheets | 86 |
| CYBERPULSE AI redOps: phishing simulation with redirect tracking | Simulate cloaked phishing links that redirect through a controlled proxy. This module tracks if secure email gateways (SEGs) or sandboxes trigger the redirect before users do. Logs access, responseā¦ | Google Sheets | 85 |
| Aggregate endpoint security risk scores with EDR, vulnerability data & Google Sheets | š¤ Who itās for | Cron, Function, Google Sheets, HTTP Request | 85 |
| Monitor Zoho CRM changes & alert on suspicious activity with Google Sheets | This n8n workflow automatically monitors selected Zoho CRM modules for record changes, identifies suspicious modification patterns, logs all activity into a Google Sheet, generates an audit JSON fiā¦ | Function, Google Sheets, HTTP Request, Gmail | 84 |
| CYBERPULSE AI BlueOps: asset enrichment engine | š¤ Who itās for | Cron, Send Email, Function, Google Sheets | 82 |
| CYBERPULSE AI RedOps: generate daily RedOps security simulation reports | Automatically compiles a daily HTML report of all RedOps simulations (Modules 1ā5), summarizing offensive activity, response logs, and module effectiveness. Designed for GRC teams, Red/Purple teamsā¦ | Google Sheets, Gmail | 79 |
| Monitor PKI certificates & CRLs for expiration with Telegram & SMS alerts | This n8n workflow provides automated monitoring of Public Key Infrastructure (PKI) components including CA certificates, Certificate Revocation Lists (CRLs), and associated web services. It extractā¦ | HTTP Request, Write Binary File, Schedule Trigger | 70 |
| Check phishing URL reputation with VirusTotal and log to Google Sheets | This n8n template helps you automatically analyze URLs for phishing and malicious activity using VirusTotalās multi-engine threat intelligence platform. It validates incoming URLs, submits them forā¦ | Google Sheets, HTTP Request, Webhook | 69 |
| Verify property ownership with blockchain, GPT-4 fraud detection, and compliance tracking | This workflow automates property registration verification, fraud detection, and blockchain-based compliance tracking by systematically assessing fraud risk, validating transactions, ensuring data ā¦ | Google Sheets, HTTP Request, Webhook, AI Agent, OpenAI Chat Model, Structured Output Parser | 68 |
| Orchestrate security vulnerability remediation with Port, OpenAI, Jira and Slack | Complete security workflow from vulnerability detection to automated remediation, with severity-based routing and full organizational context from Portās catalog. This template provides end-to-end ā¦ | HTTP Request, Slack, Webhook, Jira Software, OpenAI | 65 |
| Monitor Jamf policy integrity and send Slack alerts for changes | š”ļø Jamf Policy Integrity Monitor | HTTP Request, Slack, Webhook, Schedule Trigger, Data table | 62 |
| Automate risk treatment tasks with Google Sheets for GRC compliance | Description | Google Sheets, Schedule Trigger | 62 |
| CYBERPULSE AI RedOps: validate email security gateways generated payloads | Description: | Google Sheets, OpenAI | 61 |
| Track policy expiry dates and ownership with Google Sheets and Gmail notifications | Purpose | Google Sheets, Gmail | 60 |
| Report spam and phishing URLs from IMAP mailboxes to Spamhaus | This workflow automates URL reporting to Spamhaus based on incoming spam/phishing sample emails. It watches one or more IMAP folders, extracts URLs from each email body, removes duplicates and commā¦ | Email Trigger (IMAP), HTTP Request, Filter | 57 |
| Filter URLs with AI-powered robots.txt compliance & source verification | Version : 1.0 | HTTP Request, Postgres, Execute Workflow Trigger, Schedule Trigger, Mistral Cloud Chat Model, Google Gemini Chat Model | 52 |
| Detect and route cybersecurity threats with SIEM, Slack, email and PagerDuty | This n8n workflow proactively scans and aggregates threat intelligence, network logs, and vulnerability data every 15 minutes to detect emerging risks across the infrastructure. It analyzes anomaliā¦ | Send Email, HTTP Request, Postgres, Slack, Schedule Trigger | 50 |
| Secure GET webhooks with query parameter validation for limited authentication cases | Webhooks are special URLs that instantly trigger workflows when they receive an incoming HTTP request (like GET or POST). Theyāre perfect for connecting external tools to n8n in real time. | Webhook, Stop and Error | 50 |
| Run weekly WAF security audits with WAFtester and Slack alerts | Automated weekly WAF security assessments with Slack reporting. Detects your WAF vendor, runs a security assessment, grades your protection, and alerts your team when the grade drops below threshold. | HTTP Request, Slack, Schedule Trigger | 46 |
| Audit Website Security Headers with AI Remediation and Google Sheets Reporting | An automated workflow for auditing website security headers and generating | Google Sheets, HTTP Request, Gmail, AI Agent, n8n Form Trigger, OpenRouter Chat Model | 42 |
| Audit Confluence space permissions and public links for compliance | This workflow scans selected Confluence spaces for public exposure risks, helping teams identify unintended access and potential data leakage. | HTTP Request, GraphQL | 31 |
| Monitor GitHub repo access and push events with GitHub and Slack alerts | This workflow monitors GitHub for high-risk activities to ensure that only authorized users can modify the repository. It periodically polls GitHub for events such as PushEvent, MemberEvent, and Puā¦ | HTTP Request, Slack, Schedule Trigger, Data table | 30 |
| Prevent phishing emails with GPT-4, VirusTotal, Slack, and Google Sheets | This n8n workflow automates real-time phishing detection by ingesting incoming emails, extracting indicators, analyzing content with AI (GPT-4), calculating risk scores, and taking immediate actionā¦ | Send Email, Google Sheets, HTTP Request, Webhook, AI Agent, OpenAI Chat Model | 27 |
| Detect and isolate ransomware with Claude (Anthropic), EDR, SIEM and Slack | This workflow provides real-time detection of ransomware encryption patterns using Claude AI, with automated system isolation and incident response. | Send Email, Google Sheets, HTTP Request, Slack, Webhook, AI Agent | 22 |
| Test WAF security interactively with an AI agent and WAFtester MCP | A conversational AI agent that connects to WAFtester via MCP (Model Context Protocol) for interactive Web Application Firewall security testing. Type natural language requests ā the agent picks theā¦ | AI Agent, OpenAI Chat Model, Chat Trigger, MCP Client Tool | 20 |
| Detect and route gameplay security anomalies with GPT-4o, Slack and Sheets | This workflow automates cybersecurity incident detection and response for security operations centers (SOCs) managing constant threat landscapes. Designed for security analysts, IT operations teamsā¦ | Send Email, Google Sheets, Slack, Schedule Trigger, AI Agent, OpenAI Chat Model | 20 |
| Analyze domain threats via Telegram with VirusTotal, AbuseCH, and Gemini AI | !WorkFlow.png | HTTP Request, Telegram, Telegram Trigger, Google Gemini | 17 |
| Assess credential risk and route mitigation actions with GPT-4o-mini | This workflow automates comprehensive enterprise risk assessment and mitigation planning for organizations managing complex operational, financial, and compliance risks. Designed for risk managers,ā¦ | AI Agent, OpenAI Chat Model, Structured Output Parser, AI Agent Tool | 17 |
| Detect transaction fraud and manage compliance with GPT-4 and Airtable | This workflow automates financial transaction monitoring, fraud detection, and regulatory compliance using OpenAI GPT-4 across coordinated specialist agents. It targets compliance officers, fraud aā¦ | Airtable, Schedule Trigger, AI Agent, OpenAI Chat Model, Structured Output Parser, AI Agent Tool | 16 |
| Protect public webhooks with Ainoflow Guard rate limiting | Stop webhook flooding before it starts. Add production-grade rate limiting to any n8n webhook in minutes - reject abusive traffic before expensive workflow logic executes. | HTTP Request, Webhook | 14 |
| Check file hash reputation with VirusTotal and Slack alerts | File Hash Reputation Checker is a security automation workflow that validates file hashes (MD5, SHA1, SHA256) and checks their reputation using the VirusTotal API. It is designed for SOC teams, secā¦ | HTTP Request, Slack, Webhook | 9 |
| Enrich IP addresses with country attribution using IPinfo and Slack alerts | IP Enrichment & Country Attribution is a lightweight cybersecurity automation that enriches IP addresses with geographic and network intelligence. It validates incoming IPs, filters out private or ā¦ | HTTP Request, Slack, Webhook | 8 |
| Audit browser and proxy fingerprint/IP integrity with GPT-4o, Sheets and Slack | This workflow performs a comprehensive security audit on your web scraping infrastructure to detect potential IP leaks or bot detection flags. It iterates through a list of fingerprinting services ā¦ | Google Sheets, Slack, AI Agent, Structured Output Parser, OpenRouter Chat Model | 7 |
| Scan Gmail links with VirusTotal and send alerts to WhatsApp, Teams, and Sheets | This n8n workflow is designed for IT security professionals, email administrators, and organizations that want to automatically scan URLs received in emails for potential security threats. It proviā¦ | Google Sheets, HTTP Request, Microsoft Teams, Gmail Trigger | 5 |
| Filter fraudulent leads with GPT-4o-mini, AbstractAPI, Google Sheets and Slack | This n8n template serves as a security layer for your marketing efforts, ensuring that only high-quality, human-verified leads reach your CRM while automatically blacklisting bots and VPN-based subā¦ | Google Sheets, HTTP Request, Slack, Webhook, OpenAI | 4 |
| Manage vulnerabilities end-to-end with GPT-4, Jira, Slack and Google Sheets | Automates the full vulnerability lifecycle ā from scheduled scanning and data aggregation to intelligent prioritization, ticket creation, real-time alerting, weekly reporting, and centralized trackā¦ | Send Email, Google Sheets, HTTP Request, Webhook, Schedule Trigger, AI Agent | 4 |
| Detect and enforce abuse cases with OpenAI, Slack, Gmail and Sheets | This workflow automates platform trust and safety operations by deploying a multi-agent AI system that detects abuse signals, investigates behaviour, scores risk, checks policy compliance, and enfoā¦ | Send Email, Slack, Webhook, AI Agent, OpenAI Chat Model, Structured Output Parser | 1 |
š„ How to use: Click any template above, then download the workflow.json file and import it into n8n via Workflow menu ā Import from File. See the importing guide for detailed instructions.