{ "meta": { "templateCredsSetupCompleted": true }, "nodes": [ { "id": "4e688357-b526-4ec6-aa52-ba57bef8ceea", "name": "Execute NixGuard & Wazuh Workflow", "type": "n8n-nodes-base.executeWorkflow", "position": [ -420, -1220 ], "parameters": { "options": {}, "workflowId": { "__rl": true, "mode": "list", "value": "I0nUORqYTwDFZa51", "cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration" }, "workflowInputs": { "value": {}, "schema": [], "mappingMode": "passThrough", "matchingColumns": [], "attemptToConvertTypes": false, "convertFieldsToString": true } }, "typeVersion": 1.2 }, { "id": "c1ec5184-46b1-4893-a021-966b95e46c01", "name": "Format NixGuard AI Summary & Wazuh Insights", "type": "n8n-nodes-base.set", "position": [ -200, -1220 ], "parameters": { "values": { "string": [ { "name": "ai_summary", "value": "={{ $json.output }}" } ] }, "options": {} }, "typeVersion": 2 }, { "id": "698377ac-1c77-45fe-b877-eff606701b82", "name": "(Optional) Send Slack Alert for High-Risk Events", "type": "n8n-nodes-base.slack", "disabled": true, "position": [ 40, -1220 ], "parameters": { "text": "=\ud83d\udea8 *NixGuard IP Analysis* \ud83d\udea8\n\n*AI Summary:*\n{{ $json.ai_summary }}", "otherOptions": {}, "authentication": "oAuth2" }, "typeVersion": 2 }, { "id": "c534132a-9320-42fc-9db2-786725257cd6", "name": "Next Steps: Automate Response", "type": "n8n-nodes-base.stickyNote", "position": [ -200, -1000 ], "parameters": { "color": 7, "width": 520, "height": 380, "content": "## \u26a1 Next Steps: Automate Your SOC/IR Process\n\nThis workflow doesn't just get data; it helps you take action. The `Set` node formats the powerful insights from NixGuard and Wazuh.\n\nFrom here, you can automate your entire security response:\n- **Enable the Slack Node**: Add your credentials to immediately start receiving alerts.\n- **Create Jira Tickets**: Add a Jira node to automatically create an incident ticket for high-risk events.\n- **Log Results**: Connect a Google Sheets or database node to log every analysis for auditing.\n- **Trigger Remediation**: Connect another `Execute Workflow` node to a workflow that blocks the malicious IP on your firewall." }, "typeVersion": 1 }, { "id": "cfef93de-f471-410a-b326-ae50f810172c", "name": "Set API Key & Initial Prompt1", "type": "n8n-nodes-base.set", "position": [ -640, -1220 ], "parameters": { "values": { "string": [ { "name": "apiKey", "value": "" }, { "name": "chatInput", "value": "Scan this ip for me 0.0.0.0" } ] }, "options": {} }, "typeVersion": 2 }, { "id": "9f8c29b7-c2fc-4ac2-895c-2e3b1d68bde2", "name": "Webhook Trigger\n(REAL-WORLD USE)1", "type": "n8n-nodes-base.webhook", "active": false, "position": [ -640, -980 ], "parameters": { "path": "my-analysis-webhook", "options": {} }, "typeVersion": 1 }, { "id": "b5f50c3b-d692-41e2-8077-a2d6f6e975be", "name": "Workflow Overview", "type": "n8n-nodes-base.stickyNote", "position": [ -1260, -1220 ], "parameters": { "color": 7, "width": 540, "height": 440, "content": "## \ud83c\udfaf Workflow Overview: The Dispatcher\n\nThis workflow acts as a **Dispatcher**. Its only job is to provide an input and API key to trigger your main, more complex analysis workflow:\n\n`Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration`\n\nThis powerful combination uses NixGuard's AI to analyze security data from sources like Wazuh.\n\n### Why use this pattern?\n- **Reusable Logic**: Build your complex NixGuard & Wazuh analysis once and trigger it from many different places.\n- **Simplicity & Focus**: This workflow handles the \"how\" and \"when\" of starting the job, while the main workflow handles the \"what\".\n\n---\n**Learn more about NixGuard:** https://nixguard.thenex.world" }, "typeVersion": 1 }, { "id": "2f909465-6db7-4508-9156-8283197a42f5", "name": "Setup Instructions", "type": "n8n-nodes-base.stickyNote", "position": [ -640, -1740 ], "parameters": { "color": 7, "width": 460, "height": 440, "content": "## \u2699\ufe0f **CRITICAL SETUP (2 STEPS)**\n\nThis template requires two actions to function correctly.\n\n**1. Add Your API Key:**\n - Click the blue `Set API Key & Initial Prompt` node.\n - In the `apiKey` field, replace `PASTE_YOUR_NIXGUARD_API_KEY_HERE` with your actual NixGuard API key.\n\n**2. Connect the Main Workflow:**\n - Click the `Execute NixGuard & Wazuh Workflow` node.\n - In the `Workflow` field, select your `Get Real-Time Security Insights...` workflow.\n\n - **Don't have the main workflow yet?** Get it here:\n https://n8n.io/workflows/4693-get-real-time-security-insights-with-nixguard-rag-and-wazuh-integration/" }, "typeVersion": 1 } ], "connections": { "Set API Key & Initial Prompt1": { "main": [ [ { "node": "Execute NixGuard & Wazuh Workflow", "type": "main", "index": 0 } ] ] }, "Execute NixGuard & Wazuh Workflow": { "main": [ [ { "node": "Format NixGuard AI Summary & Wazuh Insights", "type": "main", "index": 0 } ] ] }, "Format NixGuard AI Summary & Wazuh Insights": { "main": [ [ { "node": "(Optional) Send Slack Alert for High-Risk Events", "type": "main", "index": 0 } ] ] } } }