Adnan Tariq 
This workflow corresponds to n8n.io template #6293 — we link there as the canonical source.
This workflow follows the Emailsend → Google Sheets recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "NFAdtz3N4rRUqnzA",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "CyberScan Github copy",
"tags": [],
"nodes": [
{
"id": "0870b24e-73db-4732-a523-72d36cee59c3",
"name": "Send Email",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1900
],
"parameters": {
"html": "={{ $json.emailBody }}",
"text": "={{ $json.emailBody }}",
"options": {},
"subject": "\ud83d\udee1 Vulnerability Assessment report",
"toEmail": "user@example.com",
"fromEmail": "user@example.com"
},
"credentials": {
"smtp": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"id": "8815595e-a521-40be-8293-cb4bcec276fa",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
-860,
1660
],
"parameters": {
"jsCode": "return items[0].json.groupData.map(obj => ({ json: obj }));"
},
"typeVersion": 2
},
{
"id": "5fb385bd-0968-4fdd-8cac-bbeb4dae8a6d",
"name": "\ud83d\udce7 Alert Security Team",
"type": "n8n-nodes-base.emailSend",
"position": [
-400,
1200
],
"parameters": {
"html": "=<h2>\ud83d\udea8 Critical Vulnerability Alert!</h2>\n<p>One or more vulnerabilities with an <strong>AI Risk Score \u2265 8</strong> were detected in the latest scan.</p>\n<p>Please review them immediately in the <strong>CyberPulse</strong> report or dashboard.</p>\n\n<p>\n \ud83d\udd0e <strong>Triggered by:</strong> {{ $workflow.name }}<br>\n \ud83d\udcc5 <strong>Timestamp:</strong> {{ new Date().toISOString() }}\n</p>\n\n<p>Stay secure,<br>\n<em>n8n - CyberPulse Automation</em></p>\n",
"options": {},
"subject": "Alert",
"toEmail": "user@example.com",
"fromEmail": "user@example.com"
},
"credentials": {
"smtp": {
"name": "<your credential>"
}
},
"typeVersion": 2.1
},
{
"id": "1fbe731c-bd9e-4d95-91cc-2bcac733d83f",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1940,
80
],
"parameters": {
"color": 7,
"width": 860,
"height": 460,
"content": "Error Handling"
},
"typeVersion": 1
},
{
"id": "4c32eb18-9d44-4d0e-8702-045456b8dbcb",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
60
],
"parameters": {
"color": 5,
"width": 500,
"height": 1160,
"content": "\ud83d\udd10 AUTH \n\ud83c\udf10 Discovery Phase"
},
"typeVersion": 1
},
{
"id": "21fd5ee3-7ad4-40a4-af92-99fa53d295fe",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1880,
1280
],
"parameters": {
"color": 2,
"width": 700,
"height": 200,
"content": "\ud83e\uddea SCAN Phase"
},
"typeVersion": 1
},
{
"id": "67585ecc-fc87-4c54-84bc-5c160b599ee9",
"name": "Sticky Note4",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1020,
1500
],
"parameters": {
"color": 6,
"width": 320,
"height": 520,
"content": "\ud83d\udea8 ALERT \n\ud83d\udcca REPORT phase"
},
"typeVersion": 1
},
{
"id": "529a0bec-7ebc-4551-852c-9faa63d7f110",
"name": "Sticky Note5",
"type": "n8n-nodes-base.stickyNote",
"position": [
-460,
1100
],
"parameters": {
"color": 6,
"height": 920,
"content": "\ud83d\udce4 EXPORT phase"
},
"typeVersion": 1
},
{
"id": "0a819a33-967d-4bf4-bc85-e3ff2563432f",
"name": "\u23f1\ufe0f Trigger \u2013 Scheduled Scan",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-860,
120
],
"parameters": {
"rule": {
"interval": [
{
"field": "cronExpression",
"expression": "0 0 7 * * *"
}
]
}
},
"typeVersion": 1.2
},
{
"id": "c4ac0db7-a571-4b89-b119-99f368d17e46",
"name": "\ud83d\udd10 AUTH \u2013 Login to Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
340
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/session",
"method": "POST",
"options": {
"response": {
"response": {
"fullResponse": "={{ true }}"
}
},
"allowUnauthorizedCerts": true
},
"jsonBody": "{\n \"username\": \"{{ $env.NESSUS_USER }}\",\n \"password\": \"{{ $env.NESSUS_PASS }}\"\n}\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{}
]
}
},
"typeVersion": 4.2
},
{
"id": "fcab6fc5-90b7-4ebe-8919-f107a619d9d2",
"name": "\ud83d\udd10 AUTH \u2013 Set API Token",
"type": "n8n-nodes-base.set",
"position": [
-860,
540
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "6a2b3ad8-a5ae-45a8-98c3-80186948969e",
"name": "X-Cookie",
"type": "string",
"value": "={{ $('\ud83d\udd10 AUTH \u2013 Login to Nessus').item.headers['set-cookie'][0].split(';')[0] }}\n"
}
]
},
"includeOtherFields": true
},
"typeVersion": 3.4
},
{
"id": "4cbcc3bb-1288-449d-9147-8158e6372f46",
"name": "\ud83c\udf10 DISC \u2013 Initialize Network Segments",
"type": "n8n-nodes-base.function",
"position": [
-860,
700
],
"parameters": {
"functionCode": "const networkSegments = JSON.parse($env.NETWORK_SEGMENTS || '[]');\nreturn { json: { networkSegments } };"
},
"typeVersion": 1
},
{
"id": "34c4a8c7-918a-4489-9176-2c901493a812",
"name": "\ud83c\udf10 DISC \u2013 Discover Assets",
"type": "n8n-nodes-base.httpRequest",
"position": [
-860,
880
],
"parameters": {
"url": "https://localhost:8834/scans",
"options": {
"allowUnauthorizedCerts": true
},
"sendHeaders": true,
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ 'token=' + $('\ud83d\udd10 AUTH \u2013 Set API Token').item.json.body.token }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "4e82b300-3fa5-4fbd-9055-8636f0c87a7e",
"name": "\ud83e\udde0 AI \u2013 Process Assets",
"type": "n8n-nodes-base.function",
"position": [
-860,
1080
],
"parameters": {
"functionCode": "return {\n json: {\n assets: [\n {\n id: \"asset-001\",\n ipAddress: \"0.0.0.0\",\n hostName: \"host-a\"\n },\n {\n id: \"asset-002\",\n ipAddress: \"0.0.0.0\",\n hostName: \"host-b\"\n }\n ]\n }\n};\n"
},
"typeVersion": 1
},
{
"id": "d635e765-4121-4f6a-9898-ecb26c930ff1",
"name": "\ud83d\udd04 UTILS \u2013 Split Assets",
"type": "n8n-nodes-base.splitOut",
"position": [
-1700,
1300
],
"parameters": {
"options": {},
"fieldToSplitOut": "assets"
},
"typeVersion": 1
},
{
"id": "3022ba53-e2f0-4cf3-872a-889fb65b9311",
"name": "\ud83e\uddea SCAN \u2013 Run Nessus",
"type": "n8n-nodes-base.httpRequest",
"position": [
-1520,
1300
],
"parameters": {
"url": "{{ $env.NESSUS_API_URL }}/scans",
"options": {
"allowUnauthorizedCerts": true
},
"jsonBody": "={\n \"uuid\": \"{{ $env.NESSUS_SCAN_UUID }}\",\n \"settings\": {\n \"name\": \"Scan \u2013 {{ $json.hostName || $json.ipAddress }}\",\n \"text_targets\": \"{{ $json.ipAddress }}\",\n \"folder_id\": 3,\n \"launch_now\": true\n }\n}\n\n",
"sendBody": true,
"sendHeaders": true,
"specifyBody": "json",
"headerParameters": {
"parameters": [
{
"name": "X-Cookie",
"value": "={{ $('AUTH \u2013 Set API Token').json['X-Cookie'] }}"
}
]
}
},
"typeVersion": 3
},
{
"id": "be2e05e7-3889-465f-bf16-30135e717c1c",
"name": "\ud83d\udd0d SCAN \u2013 Process Vulnerabilities",
"type": "n8n-nodes-base.function",
"position": [
-1320,
1300
],
"parameters": {
"functionCode": "return {\n json: {\n vulnerabilities: [\n {\n id: \"vuln-001\",\n cve: \"CVE-2023-1234\",\n risk: \"High\",\n ip: \"0.0.0.0\"\n }\n ]\n }\n};"
},
"typeVersion": 1
},
{
"id": "19eb1ac3-5ce2-48f1-b4f3-8807e968f068",
"name": "\ud83e\udd16 AI \u2013 Risk Evaluation",
"type": "n8n-nodes-base.function",
"position": [
-1020,
1300
],
"parameters": {
"functionCode": "const vulns = $json.vulnerabilities;\n\nreturn vulns.map((v, i) => {\n return {\n json: {\n ...v,\n aiRisk: [6.5, 9.1][i] || 5,\n path: [\"self-healing\", \"expert-review\", \"monitoring\"][i % 3],\n lev: [0.93, 0.72][i] || 0.45\n }\n };\n});"
},
"typeVersion": 1
},
{
"id": "34374b11-c7a5-483c-8f69-d39b09d0b967",
"name": "\ud83d\udcca AI \u2013 Triage Vulnerabilities",
"type": "n8n-nodes-base.function",
"position": [
-860,
1300
],
"parameters": {
"functionCode": "const triage = {\n self: [],\n expert: [],\n monitor: [],\n};\n\nconst assessed = $input.all();\n\nfor (const item of assessed) {\n const v = item.json;\n const levScore = v.lev || 0; // fallback if missing\n\n if (levScore > 0.9) {\n triage.expert.push({ ...v, levScore, levLabel: \"Critical\" });\n } else if (levScore > 0.5) {\n triage.self.push({ ...v, levScore, levLabel: \"High\" });\n } else {\n triage.monitor.push({ ...v, levScore, levLabel: \"Low\" });\n }\n}\n\nreturn [{ json: triage }];"
},
"typeVersion": 1
},
{
"id": "338c4b2e-dbdb-484c-a517-244c6550f502",
"name": "\ud83d\udea6 ALERT \u2013 LEV Trigger",
"type": "n8n-nodes-base.if",
"position": [
-620,
1300
],
"parameters": {
"options": {},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": true,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "0888daeb-abba-419a-a069-ec47d7eef9ab",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "{{ $json.expert && $json.expert.length > 0 }}",
"rightValue": "true"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "481c9594-87d0-457f-af1c-b03868765fd5",
"name": "\ud83d\udcdd REPORT \u2013 Generate Summary",
"type": "n8n-nodes-base.function",
"position": [
-860,
1820
],
"parameters": {
"functionCode": "const triage = $json;\nconst all = [...triage.expert, ...triage.self, ...triage.monitor];\n\n// Calculate max LEV score\nconst maxLEV = Math.max(...all.map(v => v.lev || 0));\n\n// Get top CVE (prefer expert > self > monitor)\nconst topCVE = triage.expert[0]?.cve || triage.self[0]?.cve || triage.monitor[0]?.cve || \"None\";\n\n// Final return\nreturn {\n summary: {\n expert: triage.expert.length,\n self: triage.self.length,\n monitor: triage.monitor.length,\n total: all.length,\n timestamp: new Date().toISOString(),\n topCVE,\n maxLEV\n },\n emailBody: `\n <h2>\ud83d\udd0d Vulnerability Assessment Report</h2>\n <p><strong>\ud83d\udcc5 Timestamp:</strong> ${new Date().toISOString()}</p>\n <ul>\n <li><strong>\ud83d\udc68\u200d\ud83d\udcbb Expert Group:</strong> ${triage.expert.length}</li>\n <li><strong>\ud83e\uddea Self Group:</strong> ${triage.self.length}</li>\n <li><strong>\ud83d\udcca Monitor Group:</strong> ${triage.monitor.length}</li>\n <li><strong>\ud83d\udea8 Max LEV Score:</strong> ${maxLEV}</li>\n <li><strong>\ud83d\udca1 Top CVE:</strong> ${topCVE}</li>\n </ul>\n `\n};"
},
"typeVersion": 1
},
{
"id": "657c0890-0dbd-4d1c-b6c8-51d451d66f6b",
"name": "\ud83d\udee0\ufe0f UTILS \u2013 Field Editor",
"type": "n8n-nodes-base.set",
"position": [
-860,
1500
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "4d6df3e2-210b-43d6-8b71-edcfed2bf1fc",
"name": "groupData",
"type": "array",
"value": "={{ JSON.parse(JSON.stringify((() => {\n const triage = $json;\n const timestamp = new Date().toISOString();\n return [\n { timestamp, group: \"self\", count: triage.self.length || 0 },\n { timestamp, group: \"expert\", count: triage.expert.length || 0 },\n { timestamp, group: \"monitor\", count: triage.monitor.length || 0 }\n ];\n})())) }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "af12b887-2a0f-4f87-a16e-05b32e0f81d4",
"name": "\ud83d\udcc4 EXPORT \u2013 Save to Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
-400,
1720
],
"parameters": {
"options": {},
"fieldsUi": {
"fieldValues": [
{
"fieldId": "timestamp",
"fieldValue": "={{ $json.summary.timestamp }}"
},
{
"fieldId": "self",
"fieldValue": "={{ $json.summary.self }}"
},
{
"fieldId": "expert",
"fieldValue": "={{ $json.summary.expert }}"
},
{
"fieldId": "monitor",
"fieldValue": "={{ $json.summary.monitor }}"
},
{
"fieldId": "total",
"fieldValue": "={{ $json.summary.total }}"
},
{
"fieldId": "topCVE",
"fieldValue": "={{$json.summary.topCVE}}"
},
{
"fieldId": "maxLEV",
"fieldValue": "={{$json.summary.maxLEV}}"
}
]
},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "summary"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "daily summary report"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"name": "<your credential>"
}
},
"typeVersion": 3
},
{
"id": "c27b1b3d-da02-4604-b49b-5c67e9da9aa2",
"name": " ERROR \u2013 On Failure",
"type": "n8n-nodes-base.errorTrigger",
"position": [
-1780,
260
],
"parameters": {},
"typeVersion": 1
},
{
"id": "f26f685f-f45f-43ba-8542-a364bacb7568",
"name": "\ud83d\udee0\ufe0f UTILS \u2013 Set Grouped Data",
"type": "n8n-nodes-base.set",
"position": [
-1600,
260
],
"parameters": {
"options": {},
"assignments": {
"assignments": [
{
"id": "bc8583cc-bf45-4b39-9336-79bf405bf941",
"name": "timestamp",
"type": "string",
"value": "={{ new Date().toISOString() }}"
},
{
"id": "1cae924e-3639-4f3c-a0f7-c6035ad26ba0",
"name": "workflow",
"type": "string",
"value": "={{ $workflow.name }}"
},
{
"id": "f7f0d797-195b-4483-ba9e-2453f4593dba",
"name": "node",
"type": "string",
"value": "={{ $error.node.name }}"
},
{
"id": "9717bba1-611d-4a6b-9062-a8f53943a89c",
"name": "error message",
"type": "string",
"value": "={{ $error.message }}"
}
]
}
},
"typeVersion": 3.4
},
{
"id": "9ae08f82-748a-4d8f-9231-261c13362577",
"name": "\ud83d\udcc4 EXPORT \u2013 Sheet Append",
"type": "n8n-nodes-base.googleSheets",
"position": [
-1280,
260
],
"parameters": {
"columns": {
"value": {
"node": "{{ $json[\"node\"] }}",
"workflow": "{{ $json[\"workflow\"] }}",
"timestamp": "{{ $json[\"timestamp\"] }}",
"error message": "{{ $json[\"error message\"] }}"
},
"schema": [
{
"id": "timestamp",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "timestamp",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "workflow",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "workflow",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "node",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "node",
"defaultMatch": false,
"canBeUsedToMatch": true
},
{
"id": "error message",
"type": "string",
"display": true,
"removed": false,
"required": false,
"displayName": "error message",
"defaultMatch": false,
"canBeUsedToMatch": true
}
],
"mappingMode": "defineBelow",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": false
},
"options": {},
"operation": "append",
"sheetName": {
"__rl": true,
"mode": "list",
"value": "gid=0",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "logs"
},
"documentId": {
"__rl": true,
"mode": "list",
"value": "1ABCFAKE1234567890TESTFAKEID",
"cachedResultUrl": "https://docs.google.com/spreadsheets/d/1ABCFAKE1234567890TESTFAKEID/edit#gid=0",
"cachedResultName": "error_log"
}
},
"credentials": {
"googleSheetsOAuth2Api": {
"name": "<your credential>"
}
},
"typeVersion": 4.5
},
{
"id": "ceea68a1-5323-4e26-af05-0c333c136f61",
"name": "Sticky Note6",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1840,
560
],
"parameters": {
"color": 7,
"width": 760,
"height": 400,
"content": "\u23f1\ufe0f Trigger \u2013 Scheduled Scan \tTrigger scan daily/weekly\n\ud83d\udd10 AUTH \u2013 Login to Nessus\t Login to scanner API\n\ud83d\udd10 AUTH \u2013 Set API Token\t Store token securely for session\n\ud83c\udf10 DISC \u2013 Init Segments\t Initialize IP ranges or subnets\n\ud83c\udf10 DISC \u2013 Discover Assets \tIdentify hosts in network scope\n\ud83e\udde0 AI \u2013 Process Assets \tRefine asset list for scan input\n\ud83d\udd04 UTILS \u2013 Split Assets \tSplit asset data for scanning\n\ud83e\uddea SCAN \u2013 Run Nessus\t Perform scan via Nessus\n\ud83d\udd0d SCAN \u2013 Process Findings \tParse and extract vulnerability data\n\ud83e\udd16 AI \u2013 Risk Evaluation\t Analyze risk scores using logic/ML\n\ud83d\udcca AI \u2013 Triage Findings\t Categorize severity groups\n\ud83d\udea6 ALERT \u2013 LEV Trigger\t Check if LEV exceeds threshold\n\ud83d\udce7 EMAIL \u2013 Alert\t Send report to security team\n\ud83d\udcdd REPORT \u2013 Generate Summary\t Prepare summary for export/report\n\ud83d\udee0\ufe0f UTILS \u2013 Field Editor\t Adjust field format for export\n\ud83d\udcc4 EXPORT \u2013 Save to Sheet\t Log results in Google Sheet\n\u26a0\ufe0f ERROR \u2013 On Failure\t Trigger error handler on failure\n\ud83d\udee0\ufe0f UTILS \u2013 Set Grouped Data \tFormat grouped output\n\ud83d\udcc4 EXPORT \u2013 Sheet Append\t Store vulnerability data"
},
"typeVersion": 1
},
{
"id": "07c7104c-7217-42e5-9d35-db6732577adb",
"name": "Sticky Note7",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
40
],
"parameters": {
"color": 5,
"width": 500,
"height": 360,
"content": "\n\n\ud83d\udd0d IDENTIFY \u2014 Asset & Risk Awareness\n\nIdentify all hardware, software, and assets connected to the network. \n- Login to Nessus \n- Initialize segments \n- Discover assets \n- Tag metadata \n(NIST: ID.AM-1, ID.AM-2)\n\n\u2705 Nodes \n\nAUTH - Login to Nessus\n\nDISC - Initialize Network Segments\n\nDISC - Discover Assets\n\nAI - Process Assets\n"
},
"typeVersion": 1
},
{
"id": "7fb065fb-50fb-4abd-abc3-2e70a063ecf5",
"name": "Sticky Note9",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
420
],
"parameters": {
"color": 5,
"width": 500,
"height": 300,
"content": "\n\n\ud83d\udee1\ufe0f PROTECT \u2014 Baseline Security Control\n\nEstablish controls to limit or contain security events. \n- Scheduled scans \n- Role-based scan control \n- Ensure credentials securely managed \n(NIST: PR.AC-1, PR.PT-1)\n\n\u2705 Nodes \n\nTrigger - Scheduled Scan\n\nAUTH - Set API Token\n"
},
"typeVersion": 1
},
{
"id": "93304aa3-f1b7-4468-9f63-061fbbe3ebf5",
"name": "Sticky Note10",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1160,
1280
],
"parameters": {
"color": 3,
"width": 680,
"height": 200,
"content": "\ud83e\udde0 AI Calculate Risk phase"
},
"typeVersion": 1
},
{
"id": "f187080f-4d7a-49df-8deb-75dd36665651",
"name": "Sticky Note11",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
740
],
"parameters": {
"color": 2,
"width": 500,
"height": 360,
"content": "\n\n\ud83d\udea8 DETECT \u2014 Vulnerability & Threat Scan\n\nContinuously monitor to detect anomalies or security events. \n- Asset split-out \n- Scan via Nessus \n- Process vulnerability data \n(NIST: DE.CM-1, DE.CM-8)\n\n\u2705 Nodes:\n\nUTILS - Split Assets\n\nSCAN - Run Nessus\n\nSCAN - Process Vulnerabilities\n"
},
"typeVersion": 1
},
{
"id": "987e0856-efd8-41b4-9399-a386b669d751",
"name": "Sticky Note12",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1120
],
"parameters": {
"color": 3,
"width": 500,
"height": 340,
"content": "\n\n\u26a0\ufe0f RESPOND \u2014 Risk Intelligence & Alerts\n\nAnalyze, prioritize, and respond to detected threats. \n- AI-based LEV scoring \n- Triage vulnerabilities \n- Trigger critical alerts \n(NIST: RS.AN-1, RS.RP-1)\n\n\u2705 Nodes:\n\nAI - Risk Evaluation\n\nAI - Triage Vulnerabilities\n\nALERT - LEV Trigger"
},
"typeVersion": 1
},
{
"id": "496dabfa-4ecb-4f9f-8633-0877f5e9698f",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
1480
],
"parameters": {
"color": 6,
"width": 500,
"height": 340,
"content": "\n\n\ud83d\udd01 RECOVER \u2014 Reporting & Remediation Support\n\nDocument, communicate, and improve based on assessments. \n- Generate summary \n- Email report to team \n- Export to Google Sheets \n(NIST: RC.IM-1, RC.CO-1)\n\n\u2705 Nodes:\n\nREPORT - Generate Summary\n\nEXPORT - Save to Sheet\n\nSend Email\n\n"
},
"typeVersion": 1
},
{
"id": "72ec5990-d65b-4dea-9570-a450f5b12256",
"name": "Sticky Note8",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
40
],
"parameters": {
"color": 7,
"width": 1240,
"height": 540,
"content": "\n\n\nCyberScan presenting an evidence-based, industry-backed strategy:\n\nLEV metric enhances risk-YOUR_OPENAI_KEY_HERE prioritization.\n\nCyberScan showcase the flaws in EPSS and how you overcome them.\n\nCyberScan align with federal cybersecurity directives (like BOD 22-01 and KEV compliance).\n\nThis makes CyberScan audit-friendly, policy-aligned, and modern\u2014something many companies care about.\n\n\n \n\n\n\n\n| **1. Identify** | \u201c\ud83e\udde0 Threat Inventory & CVE Scope\u201d | Maps to CVE enumeration; ensures CyberScan starts by identifying scope of all assets and their exposure, Based on NVD/CVE/EPSS\n \n\n| **2. Protect** | \u201c\ud83d\udd10 Hardening & Patch Guidance\u201d | Aligns with remediation prioritization from LEV + KEV lists. Focus on patch strategies & mitigation workflows. \n\n\n| **3. Detect** | \u201c\ud83d\udef0\ufe0f Vulnerability Monitoring Logic\u201d | Covers how CyberScan detects exploit attempts using EPSS predictions and LEV metric to find *likely exploited vulnerabilities*. \n\n\n| **4. Respond** | \u201c\ud83d\udea8 Automated Risk Response\u201d | Showcases logic for how CyberScan handles high-risk CVEs (KEV, LEV > 0.9), sending alerts or blocking actions. \n\n\n| **5. Recover** | \u201c\u267b\ufe0f Learning & Improvement Loop\u201d | Focus on logging, metrics, audit trail, and recurring updates using EPSS and NIST recommendations. Enables cyber resilience. \n\n\n"
},
"typeVersion": 1
},
{
"id": "fd06cc70-22bd-44fe-bb80-92a56976ab90",
"name": "Sticky Note13",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1040,
-80
],
"parameters": {
"color": 7,
"width": 500,
"height": 100,
"content": "\n\nCyberScan visually engaging within the n8n editor and align it with NIST cybersecurity framework stages"
},
"typeVersion": 1
},
{
"id": "9a09262e-327c-4bd6-a226-b9fffcdbab4e",
"name": "Sticky Note14",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
-120
],
"parameters": {
"color": 7,
"width": 1240,
"height": 80,
"content": "\n\nNIST CSF and insights from the NIST.CSWP.41 paper on Likely Exploited Vulnerabilities.\n\n\n"
},
"typeVersion": 1
},
{
"id": "75c4e2f7-90f1-468e-a930-f84bba5cc8d2",
"name": "Sticky Note15",
"type": "n8n-nodes-base.stickyNote",
"position": [
-140,
-120
],
"parameters": {
"color": 7,
"width": 500,
"height": 140,
"content": "\n\n\ud83d\udccc Compliance Alignment\n\n\u2705 CyberScan aligns with NIST CSF Cybersecurity controls designed around the 5 core NIST functions. \nBuilt on n8n, supports compliance reporting.\n"
},
"typeVersion": 1
},
{
"id": "df706700-7bf4-4e19-a432-63749c05f7b2",
"name": "Sticky Note16",
"type": "n8n-nodes-base.stickyNote",
"position": [
380,
600
],
"parameters": {
"color": 7,
"width": 1560,
"height": 440,
"content": "\n\n\nGlossary of Key Terms\n |\n\n| **LEV** | **Likely Exploited Vulnerabilities** | A scoring system by NIST (in CSWP 41) that predicts if a vulnerability is likely to be exploited based on real-world intelligence. |\n\n| **BOD 22-01** | **Binding Operational Directive 22-01** | A federal mandate requiring U.S. government agencies to patch known exploited vulnerabilities from CISA\u2019s KEV catalog. |\n\n| **NIST CSF** | **National Institute of Standards and Technology Cybersecurity Framework** | A 5-stage security model (Identify, Protect, Detect, Respond, Recover) used by governments and enterprises for cyber defense planning. |\n\n| **EPSS** | **Exploit Prediction Scoring System** | A machine-learning based model that estimates the probability of a CVE being exploited within the next 30 days. |\n\n| **CSWP** | **Cybersecurity White Paper** | A detailed NIST publication that shares new concepts, guidance, and metrics for cybersecurity defense (e.g., CSWP.41 introduced LEV). |\n\n| **KEV** | **Known Exploited Vulnerabilities** | A catalog from CISA that lists CVEs confirmed to be actively exploited in the wild. |\n\n| **UTILS** | **CyberScan Utilities** (Custom term in your workflow) | Utility nodes in your workflow, like date formatters, filters, or metadata handlers. You can rename this group to \"UTILS\" for better organization. |\n\n| **CVE** | **Common Vulnerabilities and Exposures** | An ID system used to catalog known cybersecurity vulnerabilities in software and hardware. |\n\n| **CISA** | **Cybersecurity and Infrastructure Security Agency** | A U.S. federal agency that maintains the KEV list and enforces directives like BOD 22-01. |\n"
},
"typeVersion": 1
},
{
"id": "8c120e7f-c8e0-4173-a58f-11d6dedb2998",
"name": "Code1",
"type": "n8n-nodes-base.code",
"position": [
-1440,
260
],
"parameters": {
"jsCode": "const msg = $json[\"error message\"] || \"\";\nconst sanitized = msg\n .replace(/\\b\\d{1,3}(\\.\\d{1,3}){3}\\b/g, '***.***.***.***') // IPs\n .replace(/[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}/g, '[email]')\n .replace(/apikey=\\w+/gi, 'apikey=[redacted]')\n .replace(/https:\\/\\/[^\\s]+/g, 'https://[url]');\n\nreturn [{ json: {\n timestamp: $json[\"timestamp\"],\n workflow: $json[\"workflow\"],\n node: $json[\"node\"],\n \"error message\": sanitized\n}}];"
},
"typeVersion": 2
}
],
"active": false,
"settings": {
"timezone": "Australia/Sydney",
"callerPolicy": "workflowsFromSameOwner",
"executionOrder": "v1"
},
"versionId": "4f90f7a3-81cc-4334-a2df-5f9daf68939e",
"connections": {
"Code": {
"main": [
[
{
"node": "\ud83d\udcc4 EXPORT \u2013 Save to Sheet",
"type": "main",
"index": 0
}
]
]
},
"Code1": {
"main": [
[
{
"node": "\ud83d\udcc4 EXPORT \u2013 Sheet Append",
"type": "main",
"index": 0
}
]
]
},
" ERROR \u2013 On Failure": {
"main": [
[
{
"node": "\ud83d\udee0\ufe0f UTILS \u2013 Set Grouped Data",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\uddea SCAN \u2013 Run Nessus": {
"main": [
[
{
"node": "\ud83d\udd0d SCAN \u2013 Process Vulnerabilities",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udea6 ALERT \u2013 LEV Trigger": {
"main": [
[
{
"node": "\ud83d\udce7 Alert Security Team",
"type": "main",
"index": 0
}
],
[
{
"node": "\ud83d\udcdd REPORT \u2013 Generate Summary",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 AI \u2013 Process Assets": {
"main": [
[
{
"node": "\ud83d\udd04 UTILS \u2013 Split Assets",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd04 UTILS \u2013 Split Assets": {
"main": [
[
{
"node": "\ud83e\uddea SCAN \u2013 Run Nessus",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd10 AUTH \u2013 Set API Token": {
"main": [
[
{
"node": "\ud83c\udf10 DISC \u2013 Initialize Network Segments",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udd16 AI \u2013 Risk Evaluation": {
"main": [
[
{
"node": "\ud83d\udcca AI \u2013 Triage Vulnerabilities",
"type": "main",
"index": 0
}
]
]
},
"\ud83c\udf10 DISC \u2013 Discover Assets": {
"main": [
[
{
"node": "\ud83e\udde0 AI \u2013 Process Assets",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcc4 EXPORT \u2013 Save to Sheet": {
"main": [
[]
]
},
"\ud83d\udd10 AUTH \u2013 Login to Nessus": {
"main": [
[
{
"node": "\ud83d\udd10 AUTH \u2013 Set API Token",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udee0\ufe0f UTILS \u2013 Field Editor": {
"main": [
[
{
"node": "Code",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcdd REPORT \u2013 Generate Summary": {
"main": [
[
{
"node": "Send Email",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udcc4 EXPORT \u2013 Save to Sheet",
"type": "main",
"index": 0
}
]
]
},
"\u23f1\ufe0f Trigger \u2013 Scheduled Scan": {
"main": [
[
{
"node": "\ud83d\udd10 AUTH \u2013 Login to Nessus",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udcca AI \u2013 Triage Vulnerabilities": {
"main": [
[
{
"node": "\ud83d\udea6 ALERT \u2013 LEV Trigger",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udee0\ufe0f UTILS \u2013 Field Editor",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udee0\ufe0f UTILS \u2013 Set Grouped Data": {
"main": [
[
{
"node": "Code1",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udd0d SCAN \u2013 Process Vulnerabilities": {
"main": [
[
{
"node": "\ud83e\udd16 AI \u2013 Risk Evaluation",
"type": "main",
"index": 0
}
]
]
},
"\ud83c\udf10 DISC \u2013 Initialize Network Segments": {
"main": [
[
{
"node": "\ud83c\udf10 DISC \u2013 Discover Assets",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
googleSheetsOAuth2Apismtp
Pro
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
Security teams, DevOps engineers, vulnerability analysts, and automation builders who want to eliminate repetitive Nessus scan parsing, AI-based risk triage, and manual reporting. Designed for orgs following NIST CSF or CISA KEV compliance guidelines. Runs scheduled or manual…
Source: https://n8n.io/workflows/6293/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This n8n workflow automatically finds apartments for rent in Germany, filters them by your city, rent budget, and number of rooms, and applies to them via email. Each application includes: A personali
HTTP Request, Google Drive, Email Send +1
👤 Who it’s for Blue Team leads, CISOs, and SOC managers who want automated visibility into threat metrics, endpoint alerts, and response actions — without needing a full SIEM or BI platform.
HTTP Request, Email Send, Google Sheets
Workflow Overview Zoom Attendance Evaluator with Follow-up is an n8n automation workflow that automatically evaluates Zoom meeting attendance and sends follow-up emails to no-shows and early leavers w
Zoom, Item Lists, HTTP Request +3
Daily Business Report Generator. Uses googleSheets, httpRequest, slack, gmail. Scheduled trigger; 17 nodes.
Google Sheets, HTTP Request, Slack +3
This workflow automatically monitors Amazon product prices, tracks price changes, and sends alerts when significant price fluctuations occur. Built with ScrapeOps' structured data API, it provides a r
Google Sheets, HTTP Request, Email Send