Jonathan | NEX This workflow corresponds to n8n.io template #5937 — we link there as the canonical source.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"meta": {
"templateCredsSetupCompleted": true
},
"nodes": [
{
"id": "6f7ace63-a7d6-498e-9805-3de8f00b4275",
"name": "Execute NixGuard & Wazuh Workflow",
"type": "n8n-nodes-base.executeWorkflow",
"position": [
-420,
-1220
],
"parameters": {
"options": {},
"workflowId": {
"__rl": true,
"mode": "list",
"value": "I0nUORqYTwDFZa51",
"cachedResultName": "Get Real-Time Security Insights with NixGuard RAG and Wazuh Integration"
},
"workflowInputs": {
"value": {},
"schema": [],
"mappingMode": "passThrough",
"matchingColumns": [],
"attemptToConvertTypes": false,
"convertFieldsToString": true
}
},
"typeVersion": 1.2
},
{
"id": "da86d2fb-89ab-4431-a6a9-6ccbd0f66121",
"name": "Format NixGuard AI Summary & Wazuh Insights",
"type": "n8n-nodes-base.set",
"position": [
-200,
-1220
],
"parameters": {
"values": {
"string": [
{
"name": "ai_summary",
"value": "={{ $json.output }}"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "c0ac70b6-0545-4681-af88-e3baae9d658e",
"name": "(Optional) Send Slack Alert for High-Risk Events",
"type": "n8n-nodes-base.slack",
"disabled": true,
"position": [
40,
-1220
],
"parameters": {
"text": "=\ud83d\udea8 *NixGuard IP Analysis* \ud83d\udea8\n\n*AI Summary:*\n{{ $json.ai_summary }}",
"otherOptions": {},
"authentication": "oAuth2"
},
"typeVersion": 2
},
{
"id": "64dfc08c-5b6c-4982-b779-ab368cfabc73",
"name": "Webhook Trigger\n(REAL-WORLD USE)1",
"type": "n8n-nodes-base.webhook",
"active": false,
"position": [
-640,
-980
],
"parameters": {
"path": "e74aeb1a-0659-4a89-8ede-17bb9fdbe317",
"options": {}
},
"typeVersion": 1
},
{
"id": "2b8da30e-22d6-4900-bc3d-37c5a4cfb3c4",
"name": "Set API Key & Initial Prompt",
"type": "n8n-nodes-base.set",
"position": [
-640,
-1220
],
"parameters": {
"values": {
"string": [
{
"name": "apiKey",
"value": "PASTE_YOUR_NIXGUARD_API_KEY_HERE"
},
{
"name": "chatInput",
"value": "Scan this url for me: https://thenex.world"
}
]
},
"options": {}
},
"typeVersion": 2
},
{
"id": "c22b6b46-ee9a-4ed5-82ef-d693f7e1b7b3",
"name": "Next Steps: Automate Response2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-200,
-1000
],
"parameters": {
"color": 7,
"width": 520,
"height": 380,
"content": "### \u26a1\ufe0f Next Steps: Automate Your SOC/IR Process\n\nThis workflow delivers actionable intelligence. The `Set` node formats the powerful insights from NixGuard and Wazuh, ready to fuel your SOAR playbooks.\n\nFrom here, you can automate your entire security response:\n- \ud83d\udea8 **Enable the Slack Node**: Add your credentials to immediately start receiving alerts.\n- \ud83c\udf9f\ufe0f **Create Jira Tickets**: Add a Jira node to automatically create an incident ticket for high-risk events.\n- \ud83d\udcca **Log Results**: Connect a Google Sheets or database node to log every analysis for auditing and reporting.\n- \ud83d\udee1\ufe0f **Trigger Remediation**: Connect another `Execute Workflow` node to a workflow that blocks the malicious IP on your firewall."
},
"typeVersion": 1
},
{
"id": "5794f296-fa9a-4b6e-a6fa-eef14f78b225",
"name": "Workflow Overview2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-1280,
-1220
],
"parameters": {
"color": 7,
"width": 540,
"height": 440,
"content": "### \ud83c\udfaf Workflow Overview: The Dispatcher\n\nThis workflow acts as a **Dispatcher**. Its only job is to provide an input (like an IP address) and an API key to trigger your main, more complex analysis workflow.\n\nThis powerful pattern allows you to build your core NixGuard & Wazuh analysis logic once and then trigger it from many different sources (webhooks, other workflows, schedules, etc.).\n\n**Why use this pattern?**\n- **Reusable Logic**: Build your complex analysis once and call it from anywhere.\n- **Simplicity & Focus**: This workflow handles the *when* and *how* of starting the job, while the main workflow handles the *what*.\n\n---\n**Learn more about NixGuard:** https://thenex.world\n\n**Tags:** `IP Analysis`, `Threat Intelligence`, `Wazuh`, `SOAR`, `SOC`, `NixGuard`, `Free`, `AI`, `Incident Response`, `Cybersecurity`, `Automation`, `SIEM`"
},
"typeVersion": 1
},
{
"id": "a8687553-569a-41cf-8ab3-175a031ad6db",
"name": "Setup Instructions2",
"type": "n8n-nodes-base.stickyNote",
"position": [
-640,
-1740
],
"parameters": {
"color": 7,
"width": 560,
"height": 440,
"content": "### \u2699\ufe0f Critical Setup: Go Live in 2 Steps\n\nThis template is a 'dispatcher' and requires two actions to function correctly.\n\n1\ufe0f\u20e3 **Add Your API Key:**\n - Click the blue **`Set API Key & Initial Prompt`** node.\n - In the `apiKey` field, replace the placeholder with your actual NixGuard API key.\n\n2\ufe0f\u20e3 **Connect the Main Workflow:**\n - Click the **`Execute NixGuard & Wazuh Workflow`** node.\n - In the `Workflow` field, select your main `Get Real-Time Security Insights...` workflow from the list.\n\n---\n*Don't have the main workflow yet? You'll need to create or import it first. Don't have a key? Get one for free at [thenex.world/security/subscribe](https://thenex.world/security/subscribe)*\n\n - **Don't have the main workflow yet?** Get it here:\n https://n8n.io/workflows/4693-get-real-time-security-insights-with-nixguard-rag-and-wazuh-integration/"
},
"typeVersion": 1
}
],
"connections": {
"Set API Key & Initial Prompt": {
"main": [
[
{
"node": "Execute NixGuard & Wazuh Workflow",
"type": "main",
"index": 0
}
]
]
},
"Execute NixGuard & Wazuh Workflow": {
"main": [
[
{
"node": "Format NixGuard AI Summary & Wazuh Insights",
"type": "main",
"index": 0
}
]
]
},
"Format NixGuard AI Summary & Wazuh Insights": {
"main": [
[
{
"node": "(Optional) Send Slack Alert for High-Risk Events",
"type": "main",
"index": 0
}
]
]
}
}
}
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
Stop manually checking suspicious links. This free n8n workflow provides the foundation for a powerful, automated URL analysis pipeline. Using the NixGuard AI engine, you can instantly analyze suspicious URLs from emails, logs, or tickets to uncover phishing attempts, malware…
Source: https://n8n.io/workflows/5937/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Limit. Uses respondToWebhook, httpRequest, serviceNow, slack. Webhook trigger; 29 nodes.
Splitout. Uses stickyNote, respondToWebhook, httpRequest, splitInBatches. Webhook trigger; 29 nodes.
This workflow is for teams that use Slack for internal communication and need a streamlined way to upload public-facing images to an S3 Cloudflare bucket. It's especially beneficial for DevOps, market
This workflow is designed for IT teams, service desk personnel, and incident management professionals who need a streamlined way to monitor and report on recent ServiceNow incidents directly within Sl
This n8n workflow automates task creation and scheduled reminders for users via a Telegram bot, ensuring timely notifications across multiple channels like email and Slack. It streamlines task managem