Jonathan | NEX This workflow corresponds to n8n.io template #5928 — we link there as the canonical source.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"meta": {
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "4e688357-b526-4ec6-aa52-ba57bef8ceea",
"name": "Execute NixGuard & Wazuh Workflow",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
-420,
-1220
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "passThrough",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "c1ec5184-46b1-4893-a021-966b95e46c01",
"name": "Format NixGuard AI Summary & Wazuh Insights",
"type": "n8n-nodes-base.set",
"position": [
-200,
-1220
],
"parameters": {
"values": {
"string": [
{
"name": "ai_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "698377ac-1c77-45fe-b877-eff606701b82",
"name": "(Optional) Send Slack Alert for High-Risk Events",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
40,
-1220
],
"parameters": {
"text": "=\ud83d\udea8 *NixGuard IP Analysis* \ud83d\udea8\n\n*AI Summary:*\n{{ $json.ai_summary }}",
"otherOptions": {},
"authentication": "oAuth2"
},
"typeVersion": 2
},
{
"id": "c534132a-9320-42fc-9db2-786725257cd6",
"name": "Next Steps: Automate Response",
"type": "n8n-nodes-base.stickyNote",
"position": [
-200,
-1000
],
"parameters": {
"color": 7,
"width": 520,
"height": 380,
"content": "## \u26a1 Next Steps: Automate Your SOC/IR Process\n\nThis workflow doesn't just get data; it helps you take action. The `Set` node formats the powerful insights from NixGuard and Wazuh.\n\nFrom here, you can automate your entire security response:\n- **Enable the Slack Node**: Add your credentials to immediately start receiving alerts.\n- **Create Jira Tickets**: Add a Jira node to automatically create an incident ticket for high-risk events.\n- **Log Results**: Connect a Google Sheets or database node to log every analysis for auditing.\n- **Trigger Remediation**: Connect another `Execute Workflow` node to a workflow that blocks the malicious IP on your firewall."
},
"typeVersion": 1
},
{
"id": "cfef93de-f471-410a-b326-ae50f810172c",
"name": "Set API Key & Initial Prompt1",
"type": "n8n-nodes-base.set",
"position": [
-640,
-1220
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": ""
},
{
"name": "chatInput",
"value": "Scan this ip for me 0.0.0.0"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "9f8c29b7-c2fc-4ac2-895c-2e3b1d68bde2",
"name": "Webhook Trigger\n(REAL-WORLD USE)1",
"type": "n8n-nodes-base.webhook",
"active": false,
"position": [
-640,
-980
],
"parameters": {
"path": "my-analysis-webhook",
"options": {}
},
"typeVersion": 1
},
{
"id": "b5f50c3b-d692-41e2-8077-a2d6f6e975be",
"name": "Workflow Overview",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1260,
-1220
],
"parameters": {
"color": 7,
"width": 540,
"height": 440,
"content": "## \ud83c\udfaf Workflow Overview: The Dispatcher\n\nThis workflow acts as a **Dispatcher**. Its only job is to provide an input and API key to trigger your main, more complex analysis workflow:\n\n`Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration`\n\nThis powerful combination uses NixGuard's AI to analyze security data from sources like Wazuh.\n\n### Why use this pattern?\n- **Reusable Logic**: Build your complex NixGuard & Wazuh analysis once and trigger it from many different places.\n- **Simplicity & Focus**: This workflow handles the \"how\" and \"when\" of starting the job, while the main workflow handles the \"what\".\n\n---\n**Learn more about NixGuard:** https://nixguard.thenex.world"
},
"typeVersion": 1
},
{
"id": "2f909465-6db7-4508-9156-8283197a42f5",
"name": "Setup Instructions",
"type": "n8n-nodes-base.stickyNote",
"position": [
-640,
-1740
],
"parameters": {
"color": 7,
"width": 460,
"height": 440,
"content": "## \u2699\ufe0f **CRITICAL SETUP (2 STEPS)**\n\nThis template requires two actions to function correctly.\n\n**1. Add Your API Key:**\n - Click the blue `Set API Key & Initial Prompt` node.\n - In the `apiKey` field, replace `PASTE_YOUR_NIXGUARD_API_KEY_HERE` with your actual NixGuard API key.\n\n**2. Connect the Main Workflow:**\n - Click the `Execute NixGuard & Wazuh Workflow` node.\n - In the `Workflow` field, select your `Get Real-Time Security Insights...` workflow.\n\n - **Don't have the main workflow yet?** Get it here:\n https://n8n.io/workflows/4693-get-real-time-security-insights-with-nixguard-rag-and-wazuh-integration/"
},
"typeVersion": 1
}
],
"connections": {
"Set API Key & Initial Prompt1": {
"main": [
[
{
"node": "Execute NixGuard & Wazuh Workflow",
"type": "main",
"index": 0
}
]
]
},
"Execute NixGuard & Wazuh Workflow": {
"main": [
[
{
"node": "Format NixGuard AI Summary & Wazuh Insights",
"type": "main",
"index": 0
}
]
]
},
"Format NixGuard AI Summary & Wazuh Insights": {
"main": [
[
{
"node": "(Optional) Send Slack Alert for High-Risk Events",
"type": "main",
"index": 0
}
]
]
}
}
}
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
Stop wasting time manually investigating suspicious IP addresses. This workflow template is your launchpad to automating real-time IP cybersecurity analysis using the NixGuard platform, which you can use for free.
Source: https://n8n.io/workflows/5928/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Limit. Uses respondToWebhook, httpRequest, serviceNow, slack. Webhook trigger; 29 nodes.
Splitout. Uses stickyNote, respondToWebhook, httpRequest, splitInBatches. Webhook trigger; 29 nodes.
This workflow is for teams that use Slack for internal communication and need a streamlined way to upload public-facing images to an S3 Cloudflare bucket. It's especially beneficial for DevOps, market
This workflow is designed for IT teams, service desk personnel, and incident management professionals who need a streamlined way to monitor and report on recent ServiceNow incidents directly within Sl
This n8n workflow automates task creation and scheduled reminders for users via a Telegram bot, ensuring timely notifications across multiple channels like email and Slack. It streamlines task managem