{ "id": "MvJSPCnxMNXujG2d", "name": "Automated Compliance and Audit Framework with AI-Powered Violation Detection", "tags": [], "nodes": [ { "id": "170b52a8-7df8-457f-85da-9ce2362f9acc", "name": "Schedule Compliance Audit", "type": "n8n-nodes-base.scheduleTrigger", "position": [ -736, 208 ], "parameters": { "rule": { "interval": [ { "triggerAtHour": 2 } ] } }, "typeVersion": 1.3 }, { "id": "f49cdcc5-0245-42fc-8448-22032a7853fc", "name": "Workflow Configuration", "type": "n8n-nodes-base.set", "position": [ -544, 208 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "id-1", "name": "serverLogsUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__Server logs API endpoint URL__>" }, { "id": "id-2", "name": "apiGatewayLogsUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__API Gateway logs endpoint URL__>" }, { "id": "id-3", "name": "hrSystemUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__HR system API endpoint URL__>" }, { "id": "id-4", "name": "financeSystemUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__Finance system API endpoint URL__>" }, { "id": "id-5", "name": "storageApiUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__Evidence storage API endpoint URL__>" }, { "id": "id-6", "name": "taskManagementUrl", "type": "string", "value": "<__PLACEHOLDER_VALUE__Task management system API endpoint URL__>" }, { "id": "id-7", "name": "auditReportRecipients", "type": "string", "value": "<__PLACEHOLDER_VALUE__Comma-separated email addresses for audit reports__>" }, { "id": "id-8", "name": "complianceStandards", "type": "string", "value": "GDPR,SOC 2,ISO 27001" } ] }, "includeOtherFields": true }, "typeVersion": 3.4 }, { "id": "487d81b8-2787-43ea-96e5-4ed34055b2c7", "name": "Pull Server Logs", "type": "n8n-nodes-base.httpRequest", "position": [ -320, 32 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.serverLogsUrl }}", "options": {}, "sendQuery": true, "queryParameters": { "parameters": [ { "name": "startDate", "value": "={{ $now.minus({ days: 1 }).toISO() }}" }, { "name": "endDate", "value": "={{ $now.toISO() }}" } ] } }, "typeVersion": 4.3 }, { "id": "3fcd0137-49de-44bb-bbc8-d5fe356d317d", "name": "Pull API Gateway Logs", "type": "n8n-nodes-base.httpRequest", "position": [ -320, 176 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.apiGatewayLogsUrl }}", "options": {}, "sendQuery": true, "queryParameters": { "parameters": [ { "name": "startDate", "value": "={{ $now.minus({ days: 1 }).toISO() }}" }, { "name": "endDate", "value": "={{ $now.toISO() }}" } ] } }, "typeVersion": 4.3 }, { "id": "3ab03107-6415-4fdd-ac91-48b91e5f78a4", "name": "Pull HR System Data", "type": "n8n-nodes-base.httpRequest", "position": [ -320, 304 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.hrSystemUrl }}", "options": {}, "sendQuery": true, "queryParameters": { "parameters": [ { "name": "startDate", "value": "={{ $now.minus({ days: 1 }).toISO() }}" }, { "name": "endDate", "value": "={{ $now.toISO() }}" } ] } }, "typeVersion": 4.3 }, { "id": "b10d9da7-714a-4bc4-bc5f-b43edadc19d2", "name": "Pull Finance System Data", "type": "n8n-nodes-base.httpRequest", "position": [ -320, 464 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.financeSystemUrl }}", "options": {}, "sendQuery": true, "queryParameters": { "parameters": [ { "name": "startDate", "value": "={{ $now.minus({ days: 1 }).toISO() }}" }, { "name": "endDate", "value": "={{ $now.toISO() }}" } ] } }, "typeVersion": 4.3 }, { "id": "c468aef9-fa0d-4e3b-b785-1171f095e498", "name": "Combine All Logs", "type": "n8n-nodes-base.aggregate", "position": [ -96, 208 ], "parameters": { "options": {}, "aggregate": "aggregateAllItemData" }, "typeVersion": 1 }, { "id": "ac93e85b-f647-4c65-b809-17a6a7f9d966", "name": "Normalize Log Data", "type": "n8n-nodes-base.set", "position": [ 80, 208 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "id-1", "name": "timestamp", "type": "string", "value": "={{ $now.toISO() }}" }, { "id": "id-2", "name": "source", "type": "string", "value": "={{ $json.source || 'unknown' }}" }, { "id": "id-3", "name": "logData", "type": "object", "value": "={{ $json }}" }, { "id": "id-4", "name": "auditDate", "type": "string", "value": "={{ $now.toFormat('yyyy-MM-dd') }}" } ] }, "includeOtherFields": true }, "typeVersion": 3.4 }, { "id": "29cbf75f-e7ed-43d5-a707-95a2ff78cc04", "name": "AI Compliance Classifier", "type": "@n8n/n8n-nodes-langchain.agent", "position": [ 256, 208 ], "parameters": { "text": "={{ $json.logData }}", "options": { "systemMessage": "You are a compliance auditor AI specialized in analyzing system logs, API gateway logs, HR data, and financial records for compliance violations.\n\nYour task is to:\n1. Analyze the provided log data against compliance standards: GDPR, SOC 2, and ISO 27001\n2. Identify potential violations including:\n - GDPR: Unauthorized data access, missing consent, data retention violations, cross-border data transfers without safeguards\n - SOC 2: Security control failures, access control violations, monitoring gaps, change management issues\n - ISO 27001: Information security policy violations, asset management issues, access control failures, incident response gaps\n3. Classify the severity of each violation (Critical, High, Medium, Low)\n4. Provide evidence from the logs supporting each violation\n5. Suggest corrective actions\n\nReturn your analysis in the structured JSON format defined by the output parser." }, "promptType": "define", "hasOutputParser": true }, "typeVersion": 3 }, { "id": "4bddd4da-d4db-4590-8517-786d0c07b302", "name": "OpenAI GPT-4", "type": "@n8n/n8n-nodes-langchain.lmChatOpenAi", "position": [ 256, 432 ], "parameters": { "model": { "__rl": true, "mode": "id", "value": "gpt-4o" }, "options": {}, "builtInTools": {} }, "credentials": { "openAiApi": { "name": "" } }, "typeVersion": 1.3 }, { "id": "d778cda7-f6b1-4cdd-835a-d7baf882a6c9", "name": "Structured Violation Output", "type": "@n8n/n8n-nodes-langchain.outputParserStructured", "position": [ 384, 432 ], "parameters": { "schemaType": "manual", "inputSchema": "{\n \"type\": \"object\",\n \"properties\": {\n \"hasViolations\": {\n \"type\": \"boolean\",\n \"description\": \"Whether any compliance violations were detected\"\n },\n \"violations\": {\n \"type\": \"array\",\n \"items\": {\n \"type\": \"object\",\n \"properties\": {\n \"standard\": {\n \"type\": \"string\",\n \"enum\": [\"GDPR\", \"SOC 2\", \"ISO 27001\"]\n },\n \"violationType\": {\n \"type\": \"string\"\n },\n \"severity\": {\n \"type\": \"string\",\n \"enum\": [\"Critical\", \"High\", \"Medium\", \"Low\"]\n },\n \"description\": {\n \"type\": \"string\"\n },\n \"evidence\": {\n \"type\": \"string\"\n },\n \"correctiveAction\": {\n \"type\": \"string\"\n }\n },\n \"required\": [\"standard\", \"violationType\", \"severity\", \"description\", \"evidence\", \"correctiveAction\"]\n }\n },\n \"summary\": {\n \"type\": \"string\",\n \"description\": \"Overall summary of compliance status\"\n }\n },\n \"required\": [\"hasViolations\", \"violations\", \"summary\"]\n}" }, "typeVersion": 1.3 }, { "id": "4b97a49d-cc86-4f4e-9793-f5e6ff198620", "name": "Check for Violations", "type": "n8n-nodes-base.if", "position": [ 544, 208 ], "parameters": { "options": {}, "conditions": { "options": { "leftValue": "", "caseSensitive": true, "typeValidation": "strict" }, "combinator": "and", "conditions": [ { "id": "id-1", "operator": { "type": "boolean", "operation": "equals" }, "leftValue": "={{ $json.hasViolations }}", "rightValue": true } ] } }, "typeVersion": 2.3 }, { "id": "8b3c9db5-e95a-4151-ae54-04b5bb16a4c1", "name": "Archive Evidence to Storage", "type": "n8n-nodes-base.httpRequest", "position": [ 768, 208 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.storageApiUrl }}", "method": "POST", "options": {}, "jsonBody": "={{ { auditDate: $('Normalize Log Data').first().json.auditDate, timestamp: $('Normalize Log Data').first().json.timestamp, violations: $json.violations, summary: $json.summary, rawLogs: $('Normalize Log Data').first().json.logData } }}", "sendBody": true, "specifyBody": "json" }, "typeVersion": 4.3 }, { "id": "98b68b0c-8b7e-4c4f-ace0-b61df34b5965", "name": "Prepare Audit Report Data", "type": "n8n-nodes-base.set", "position": [ 944, 208 ], "parameters": { "options": {}, "assignments": { "assignments": [ { "id": "id-1", "name": "reportTitle", "type": "string", "value": "={{ 'Compliance Audit Report - ' + $('Normalize Log Data').first().json.auditDate }}" }, { "id": "id-2", "name": "totalViolations", "type": "number", "value": "={{ $json.violations.length }}" }, { "id": "id-3", "name": "criticalCount", "type": "number", "value": "={{ $json.violations.filter(v => v.severity === 'Critical').length }}" }, { "id": "id-4", "name": "highCount", "type": "number", "value": "={{ $json.violations.filter(v => v.severity === 'High').length }}" }, { "id": "id-5", "name": "mediumCount", "type": "number", "value": "={{ $json.violations.filter(v => v.severity === 'Medium').length }}" }, { "id": "id-6", "name": "lowCount", "type": "number", "value": "={{ $json.violations.filter(v => v.severity === 'Low').length }}" } ] }, "includeOtherFields": true }, "typeVersion": 3.4 }, { "id": "a736d0ee-9af7-49a2-9c39-8067001e8d3c", "name": "Generate Audit Report HTML", "type": "n8n-nodes-base.code", "position": [ 1120, 208 ], "parameters": { "jsCode": "// Generate comprehensive HTML audit report from violation data\nconst items = $input.all();\nconst data = items[0].json;\n\n// Extract violation data from previous nodes\nconst violations = data.violations || [];\nconst reportTitle = data.reportTitle || 'Compliance Audit Report';\nconst totalViolations = data.totalViolations || violations.length;\nconst criticalCount = data.criticalCount || violations.filter(v => v.severity === 'Critical').length;\nconst highCount = data.highCount || violations.filter(v => v.severity === 'High').length;\nconst mediumCount = data.mediumCount || violations.filter(v => v.severity === 'Medium').length;\nconst lowCount = data.lowCount || violations.filter(v => v.severity === 'Low').length;\nconst summary = data.summary || 'Compliance audit completed';\n\n// Calculate compliance rate\nconst complianceRate = totalViolations === 0 ? '100%' : `${Math.max(0, 100 - (totalViolations * 5)).toFixed(1)}%`;\n\n// Group violations by severity\nconst criticalViolations = violations.filter(v => v.severity === 'Critical');\nconst highViolations = violations.filter(v => v.severity === 'High');\nconst mediumViolations = violations.filter(v => v.severity === 'Medium');\nconst lowViolations = violations.filter(v => v.severity === 'Low');\n\n// Generate recommendations based on violations\nconst recommendations = [];\nif (criticalCount > 0) {\n recommendations.push('URGENT: Address all Critical violations immediately (within 24 hours)');\n}\nif (highCount > 0) {\n recommendations.push('High priority violations require attention within 3 days');\n}\nif (totalViolations > 10) {\n recommendations.push('Consider comprehensive compliance review due to high violation count');\n}\nif (violations.some(v => v.standard === 'GDPR')) {\n recommendations.push('Review data protection policies and access controls');\n}\nif (violations.some(v => v.standard === 'SOC 2')) {\n recommendations.push('Strengthen security controls and monitoring procedures');\n}\nif (violations.some(v => v.standard === 'ISO 27001')) {\n recommendations.push('Update information security management system documentation');\n}\nif (recommendations.length === 0) {\n recommendations.push('Continue regular monitoring and maintain current compliance practices');\n}\n\n// Build HTML report\nconst html = `\n\n\n\n \n\n\n
\n

${reportTitle}

\n

Generated: ${new Date().toLocaleString()}

\n

Audit Period: Last 24 hours

\n \n
\n

Executive Summary

\n

${summary}

\n
\n
\n
${totalViolations}
\n
Total Violations
\n
\n
\n
${criticalCount}
\n
Critical
\n
\n
\n
${highCount}
\n
High
\n
\n
\n
${mediumCount}
\n
Medium
\n
\n
\n
${lowCount}
\n
Low
\n
\n
\n
${complianceRate}
\n
Compliance Rate
\n
\n
\n
\n \n ${totalViolations > 0 ? `\n

Violations by Severity

\n \n ${criticalCount > 0 ? `\n

CRITICAL Critical Violations (${criticalCount})

\n ${criticalViolations.map(v => `\n
\n

${v.standard} - ${v.violationType}

\n

Description: ${v.description}

\n
Evidence: ${v.evidence}
\n
Corrective Action: ${v.correctiveAction}
\n
\n `).join('')}\n ` : ''}\n \n ${highCount > 0 ? `\n

HIGH High Priority Violations (${highCount})

\n ${highViolations.map(v => `\n
\n

${v.standard} - ${v.violationType}

\n

Description: ${v.description}

\n
Evidence: ${v.evidence}
\n
Corrective Action: ${v.correctiveAction}
\n
\n `).join('')}\n ` : ''}\n \n ${mediumCount > 0 ? `\n

MEDIUM Medium Priority Violations (${mediumCount})

\n ${mediumViolations.map(v => `\n
\n

${v.standard} - ${v.violationType}

\n

Description: ${v.description}

\n
Evidence: ${v.evidence}
\n
Corrective Action: ${v.correctiveAction}
\n
\n `).join('')}\n ` : ''}\n \n ${lowCount > 0 ? `\n

LOW Low Priority Violations (${lowCount})

\n ${lowViolations.map(v => `\n
\n

${v.standard} - ${v.violationType}

\n

Description: ${v.description}

\n
Evidence: ${v.evidence}
\n
Corrective Action: ${v.correctiveAction}
\n
\n `).join('')}\n ` : ''}\n \n

Detailed Violation Table

\n \n \n \n \n \n \n \n \n ${violations.map(v => `\n \n \n \n \n \n \n \n `).join('')}\n
StandardViolation TypeSeverityDescriptionCorrective Action
${v.standard}${v.violationType}${v.severity}${v.description}${v.correctiveAction}
\n ` : `\n
\n

\u2713 All Systems Compliant

\n

No compliance violations detected during this audit period.

\n
\n `}\n \n
\n

Recommendations

\n
    \n ${recommendations.map(r => `
  • ${r}
    • `).join('')}\n
\n
\n \n
\n

This report was automatically generated by the n8n Compliance Audit Framework.

\n

For questions or concerns, please contact your compliance team.

\n
\n
\n\n\n`;\n\nreturn [\n {\n json: {\n reportTitle: reportTitle,\n html: html,\n totalViolations: totalViolations,\n criticalCount: criticalCount,\n highCount: highCount,\n mediumCount: mediumCount,\n lowCount: lowCount,\n complianceRate: complianceRate,\n violations: violations,\n summary: summary,\n recommendations: recommendations\n }\n }\n];" }, "typeVersion": 2 }, { "id": "d249a3ec-ea58-4f29-98f9-4a8346392397", "name": "Send Audit Report Email", "type": "n8n-nodes-base.gmail", "position": [ 1312, 208 ], "parameters": { "sendTo": "={{ $('Workflow Configuration').first().json.auditReportRecipients }}", "message": "={{ $json.html }}", "options": {}, "subject": "={{ $json.reportTitle }}" }, "credentials": { "gmailOAuth2": { "name": "" } }, "typeVersion": 2.2 }, { "id": "09a8e526-b5f8-4b18-9c44-14e2897d114e", "name": "Create Corrective Action Tasks", "type": "n8n-nodes-base.httpRequest", "position": [ 1520, 208 ], "parameters": { "url": "={{ $('Workflow Configuration').first().json.taskManagementUrl }}", "method": "POST", "options": {}, "jsonBody": "={{ { tasks: $('Prepare Audit Report Data').first().json.violations.map(v => ({ title: v.standard + ' Violation: ' + v.violationType, description: v.description, priority: v.severity, action: v.correctiveAction, dueDate: $now.plus({ days: v.severity === 'Critical' ? 1 : v.severity === 'High' ? 3 : 7 }).toISO() })) } }}", "sendBody": true, "specifyBody": "json" }, "typeVersion": 4.3 }, { "id": "37a9238e-95ac-40eb-805a-e5e448d7f581", "name": "Sticky Note1", "type": "n8n-nodes-base.stickyNote", "position": [ 944, -336 ], "parameters": { "color": 5, "width": 768, "height": 176, "content": "## Customization\nModify source integrations by adding/removing trigger nodes. Adjust AI prompts in Anthropic node for different analysis types. \n\n## Benefits\nSaves 5+ hours weekly on manual data collection. Ensures no communication missed across platforms. " }, "typeVersion": 1 }, { "id": "33ae46b5-98e9-46f0-b238-7993232fe2ed", "name": "Sticky Note3", "type": "n8n-nodes-base.stickyNote", "position": [ 368, -336 ], "parameters": { "color": 3, "width": 560, "height": 224, "content": "\n## Prerequisites\nSlack workspace admin, Teams account, Gmail account, GitHub repository access, Anthropic API subscription, Notion workspace, n8n self-hosted or cloud instance.\n\n## Use Cases\nMarketing teams aggregating customer feedback across channels; Documentation teams collecting technical updates; " }, "typeVersion": 1 }, { "id": "2429a592-b527-4d1c-a49f-39520b885ca9", "name": "Sticky Note4", "type": "n8n-nodes-base.stickyNote", "position": [ -80, -336 ], "parameters": { "color": 4, "width": 400, "height": 192, "content": "## Setup Steps\n* **Connect credentials:** Slack App API, Microsoft Teams credentials, Gmail OAuth, GitHub Personal Access Token, Anthropic API key \n* **Configure monitoring parameters:** Specify channels, repositories, and email labels to track\n* **Set schedule triggers: \n " }, "typeVersion": 1 }, { "id": "849fa718-508a-4106-9840-79334ebd4870", "name": "Sticky Note5", "type": "n8n-nodes-base.stickyNote", "position": [ -736, -336 ], "parameters": { "width": 592, "height": 240, "content": "## How It Works\nThis solution centralizes communication data from Slack, Microsoft Teams, Gmail, and GitHub into a unified AI-powered analysis and documentation workflow for teams managing distributed knowledge. Manual aggregation across multiple tools is time-consuming and leads to information silos that obscure key decisions and context. By automating secure data collection and normalization, the workflow enables AI models to analyze conversations, extract decisions, action items, and key themes, and convert these insights into continuously updated documentation such as design notes and knowledge base articles. This improves visibility, preserves organizational knowledge, and supports more effective collaboration and decision-making.\n" }, "typeVersion": 1 }, { "id": "a15bd0f4-bdda-4a63-abf3-e851185c5610", "name": "Sticky Note6", "type": "n8n-nodes-base.stickyNote", "position": [ -800, -80 ], "parameters": { "color": 7, "width": 208, "height": 480, "content": "## Schedule Trigger\n**What:** Initiates the workflow on a defined schedule.\n**Why:** Ensures regular and consistent data aggregation \n" }, "typeVersion": 1 }, { "id": "0bd60d87-c3c0-48f3-8eae-3b346d808c76", "name": "Sticky Note7", "type": "n8n-nodes-base.stickyNote", "position": [ -560, -80 ], "parameters": { "color": 7, "width": 768, "height": 688, "content": "## Merge AI Sources\n**What:** Consolidates data from five input channels into a single stream.\n**Why:** Creates a unified dataset that enables coherent and comprehensive analysis." }, "typeVersion": 1 }, { "id": "e82b1825-b85a-4f48-ae54-67b1bfcd201d", "name": "Sticky Note8", "type": "n8n-nodes-base.stickyNote", "position": [ 224, -80 ], "parameters": { "color": 7, "width": 464, "height": 688, "content": "## AI Content Analyzer\n**What:** Processes the merged data using the Claude API.\n**Why:** Extracts key insights and structures otherwise unorganized communication." }, "typeVersion": 1 }, { "id": "2925f40b-250e-4dce-8a4a-57ab3b138fd0", "name": "Sticky Note9", "type": "n8n-nodes-base.stickyNote", "position": [ 720, -80 ], "parameters": { "color": 7, "width": 1056, "height": 688, "content": "## Format & Publish\n**What:** Reviews output quality and applies standardized formatting for distribution.\n**Why:** Ensures consistency, clarity" }, "typeVersion": 1 } ], "active": false, "settings": { "executionOrder": "v1" }, "versionId": "32e796ef-2412-4360-8db5-82bfac67cec3", "connections": { "OpenAI GPT-4": { "ai_languageModel": [ [ { "node": "AI Compliance Classifier", "type": "ai_languageModel", "index": 0 } ] ] }, "Combine All Logs": { "main": [ [ { "node": "Normalize Log Data", "type": "main", "index": 0 } ] ] }, "Pull Server Logs": { "main": [ [ { "node": "Combine All Logs", "type": "main", "index": 0 } ] ] }, "Normalize Log Data": { "main": [ [ { "node": "AI Compliance Classifier", "type": "main", "index": 0 } ] ] }, "Pull HR System Data": { "main": [ [ { "node": "Combine All Logs", "type": "main", "index": 0 } ] ] }, "Check for Violations": { "main": [ [ { "node": "Archive Evidence to Storage", "type": "main", "index": 0 } ] ] }, "Pull API Gateway Logs": { "main": [ [ { "node": "Combine All Logs", "type": "main", "index": 0 } ] ] }, "Workflow Configuration": { "main": [ [ { "node": "Pull Server Logs", "type": "main", "index": 0 }, { "node": "Pull API Gateway Logs", "type": "main", "index": 0 }, { "node": "Pull HR System Data", "type": "main", "index": 0 }, { "node": "Pull Finance System Data", "type": "main", "index": 0 } ] ] }, "Send Audit Report Email": { "main": [ [ { "node": "Create Corrective Action Tasks", "type": "main", "index": 0 } ] ] }, "AI Compliance Classifier": { "main": [ [ { "node": "Check for Violations", "type": "main", "index": 0 } ] ] }, "Pull Finance System Data": { "main": [ [ { "node": "Combine All Logs", "type": "main", "index": 0 } ] ] }, "Prepare Audit Report Data": { "main": [ [ { "node": "Generate Audit Report HTML", "type": "main", "index": 0 } ] ] }, "Schedule Compliance Audit": { "main": [ [ { "node": "Workflow Configuration", "type": "main", "index": 0 } ] ] }, "Generate Audit Report HTML": { "main": [ [ { "node": "Send Audit Report Email", "type": "main", "index": 0 } ] ] }, "Archive Evidence to Storage": { "main": [ [ { "node": "Prepare Audit Report Data", "type": "main", "index": 0 } ] ] }, "Structured Violation Output": { "ai_outputParser": [ [ { "node": "AI Compliance Classifier", "type": "ai_outputParser", "index": 0 } ] ] } } }