mariskarthick This workflow corresponds to n8n.io template #6978 — we link there as the canonical source.
This workflow follows the Chainsummarization → OpenAI Chat recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "",
"meta": {
"templateCredsSetupCompleted": true
},
"name": "Wazuh_Alert_Investigation copy",
"tags": [
{
"id": "",
"name": "Github",
"createdAt": "2025-07-08T08:24:29.609Z",
"updatedAt": "2025-07-08T08:24:29.609Z"
}
],
"nodes": [
{
"id": "",
"name": "If",
"type": "n8n-nodes-base.if",
"position": [
240,
-20
],
"parameters": {
"options": {
"ignoreCase": true
},
"conditions": {
"options": {
"version": 2,
"leftValue": "",
"caseSensitive": false,
"typeValidation": "strict"
},
"combinator": "and",
"conditions": [
{
"id": "",
"operator": {
"name": "filter.operator.equals",
"type": "string",
"operation": "equals"
},
"leftValue": "={{ $json.body.severity }}",
"rightValue": "1 low"
}
]
}
},
"typeVersion": 2.2
},
{
"id": "",
"name": "Wazuh Alert",
"type": "n8n-nodes-base.webhook",
"position": [
-20,
-20
],
"parameters": {
"path": "",
"options": {
"rawBody": true
},
"httpMethod": "POST"
},
"typeVersion": 2
},
{
"id": "",
"name": "No Operations",
"type": "n8n-nodes-base.noOp",
"position": [
260,
200
],
"parameters": {},
"typeVersion": 1
},
{
"id": "",
"name": "Investigation Summarization",
"type": "@n8n/n8n-nodes-langchain.chainSummarization",
"position": [
540,
-40
],
"parameters": {
"options": {
"summarizationMethodAndPrompts": {
"values": {
"prompt": "You are the experinced SOC AI Analyst designed by Mariskarthick M, Analyse the following and provide the detailed investigation with the below mentioned format.\n\n\"{text}\"\n\nconicise summary",
"combineMapPrompt": "You are the experinced SOC AI Analyst designed by Mariskarthick M, Analyse the following and provide the detailed investigation with the below mentioned format.\n\n#Analyse:\n{{ $json.body.all_fields.full_log }}\n\n#Format:\nAlert Name: \nAlert Description: (describe about that alert)\nMitre Tactic & Technique\nImpacted Scope: Source IP, Destiantion IP, Host Machine\n\nExternal Artificats Reputation check:\n\nAnalysis:\n\nSecurity Recommendations.\n\nPlease make the investigation report in organized way and each fields line by line.\n {{ $json.body }}"
}
}
}
},
"typeVersion": 2.1
},
{
"id": "",
"name": "SOC Team",
"type": "n8n-nodes-base.telegram",
"position": [
920,
-20
],
"parameters": {
"text": "={{ \n $json.output.text\n .replaceAll('\\\\', '') // Remove escape slashes\n .replaceAll('*', '') // Remove Markdown stars\n .replaceAll('#', '') // Remove Markdown headers\n .replaceAll('_', '') // Remove underscores\n .replaceAll('[', '') // Remove leftover brackets\n .replaceAll(']', '') // Remove closing brackets\n .replaceAll('(', '(') // Retain parentheses\n .replaceAll(')', ')')\n .replaceAll('`', '') // Remove backticks\n .replaceAll(' ', ' ') // Extra space trim\n .replaceAll('\\n\\n', '\\n') // Collapse double newlines\n .replaceAll('\\n ', '\\n') // Remove leading spaces on lines\n .replaceAll(' - ', ' \u2014 ') // Optional: replace dash with em dash for clarity\n .trim()\n}}\n",
"chatId": "",
"additionalFields": {
"appendAttribution": true
}
},
"credentials": {
"telegramApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.2
},
{
"id": "717713de-4a80-4b51-910c-3b6a588e2f56",
"name": "Customized AI Model",
"type": "@n8n/n8n-nodes-langchain.lmChatOpenAi",
"position": [
560,
200
],
"parameters": {
"model": {
"__rl": true,
"mode": "list",
"value": "gpt-4o-mini"
},
"options": {}
},
"credentials": {
"openAiApi": {
"name": "<your credential>"
}
},
"typeVersion": 1.2
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "2f2786be-474f-4ab6-a41e-391e7427d022",
"connections": {
"If": {
"main": [
[
{
"node": "Investigation Summarization",
"type": "main",
"index": 0
}
],
[
{
"node": "No Operations",
"type": "main",
"index": 0
}
]
]
},
"Wazuh Alert": {
"main": [
[
{
"node": "If",
"type": "main",
"index": 0
}
]
]
},
"Customized AI Model": {
"ai_languageModel": [
[
{
"node": "Investigation Summarization",
"type": "ai_languageModel",
"index": 0
}
]
]
},
"Investigation Summarization": {
"main": [
[
{
"node": "SOC Team",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
openAiApitelegramApi
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
This n8n workflow supercharges your SOC by fully automating triage, analysis, and notification for Wazuh alerts—blending event-driven automation, OpenAI-powered contextual analysis, and real-time collaboration for incident response.
Source: https://n8n.io/workflows/6978/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
I made this little workflow with care for people like you who are part of busy WhatsApp groups and want a simple way to keep track of everything.
This n8n template demonstrates how you can generate an AI-produced weather analysis of your local radar loop and home assistant precipitation sensor(s) to keep your family informed of National Weather
Sign up for Decodo — get better pricing here
Check out this channel for example.
This workflow is designed for researchers, students, and professionals who frequently read academic papers and need concise summaries. It is useful for anyone who wants to quickly extract key informat