Adnan Tariq This workflow corresponds to n8n.io template #6415 — we link there as the canonical source.
This workflow follows the Emailsend → Google Sheets recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": "ncKIMRjTLjshxhIv",
"name": "M6 - Dashboards & Reporting",
"tags": [],
"nodes": [
{
"id": "d60a2fa1-a16e-4505-986c-388c37d3abbb",
"name": "\u23f0 Cron \u2013 Daily Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"position": [
-460,
120
],
"parameters": {},
"typeVersion": 1.2
},
{
"id": "30808a33-e169-43a0-b8f5-6a758a0bda50",
"name": "\ud83c\udf10 Get CVE Feed",
"type": "n8n-nodes-base.httpRequest",
"position": [
-220,
40
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "346452c0-c245-4434-8608-a38a738cd5ce",
"name": "\ud83d\udee1\ufe0f Get IOC Feed",
"type": "n8n-nodes-base.httpRequest",
"position": [
-220,
200
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "ffd4627e-d9e9-42f9-b55d-ad61201de651",
"name": "\ud83e\udde0 Merge Threat Data",
"type": "n8n-nodes-base.merge",
"position": [
-20,
120
],
"parameters": {},
"typeVersion": 3.1
},
{
"id": "fc00545f-b079-4d74-b050-481d3a92a924",
"name": "\ud83e\udde0Combine Threat Data",
"type": "n8n-nodes-base.code",
"position": [
-20,
320
],
"parameters": {},
"typeVersion": 2
},
{
"id": "7d7bb345-39c1-4104-a096-6c58409d67b4",
"name": "\ud83e\udde0 AI \u2013 Risk Evaluation",
"type": "n8n-nodes-base.code",
"position": [
-20,
500
],
"parameters": {},
"typeVersion": 2
},
{
"id": "22f90241-1d2e-4b1d-aecf-57fd9b412dfd",
"name": "\ud83e\udde0 AI \u2013 Triage Vulnerabilities",
"type": "n8n-nodes-base.code",
"position": [
-20,
680
],
"parameters": {},
"typeVersion": 2
},
{
"id": "7aabda51-2acd-467a-885e-39b522e2ce08",
"name": "\ud83d\udea8 ALERT \u2013 LEV Trigger",
"type": "n8n-nodes-base.if",
"position": [
-20,
880
],
"parameters": {},
"typeVersion": 2.2
},
{
"id": "85bba1fd-f169-421e-b934-47343b1624d6",
"name": "\ud83d\udce7 Send Alert Email",
"type": "n8n-nodes-base.emailSend",
"position": [
180,
820
],
"parameters": {},
"typeVersion": 2.1
},
{
"id": "123906b3-ece6-4c4c-be90-000db891b453",
"name": "Google Sheets",
"type": "n8n-nodes-base.googleSheets",
"position": [
180,
980
],
"parameters": {},
"typeVersion": 4.5
},
{
"id": "795d9741-27f5-4507-94e9-04f450cc7d60",
"name": "\ud83e\udde0 AI \u2013 Incident Playbook Selector",
"type": "n8n-nodes-base.code",
"position": [
420,
500
],
"parameters": {},
"typeVersion": 2
},
{
"id": "ae7a94c3-892f-493b-97de-cb3de458b20e",
"name": "Code",
"type": "n8n-nodes-base.code",
"position": [
600,
500
],
"parameters": {},
"typeVersion": 2
},
{
"id": "e0cd40a8-3b3e-40ef-8a54-ec6ffc447f6d",
"name": "\ud83e\udded Response Router",
"type": "n8n-nodes-base.switch",
"position": [
780,
500
],
"parameters": {},
"typeVersion": 3.2
},
{
"id": "b5a688b5-e45e-4a69-a7a6-31bd371a8524",
"name": "Send Alert Email",
"type": "n8n-nodes-base.emailSend",
"position": [
1100,
320
],
"parameters": {},
"typeVersion": 2.1
},
{
"id": "ec598d42-3ae3-4e40-b06a-f9dce667f478",
"name": "Log to Google Sheet",
"type": "n8n-nodes-base.googleSheets",
"position": [
1100,
500
],
"parameters": {},
"typeVersion": 4.5
},
{
"id": "8b17c379-c2cb-4db9-9238-bf2cf9c30abe",
"name": "HTTP Request",
"type": "n8n-nodes-base.httpRequest",
"position": [
1100,
680
],
"parameters": {},
"typeVersion": 4.2
},
{
"id": "819baad2-2f09-4990-824f-9dcb7c777546",
"name": "Split Out",
"type": "n8n-nodes-base.splitOut",
"position": [
260,
500
],
"parameters": {},
"typeVersion": 1
},
{
"id": "14f595f0-051b-48c1-9960-e98b232b9f1a",
"name": "Sticky Note",
"type": "n8n-nodes-base.stickyNote",
"position": [
1360,
300
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "646f962f-df67-4f33-bf14-9009a806d11a",
"name": "Sticky Note1",
"type": "n8n-nodes-base.stickyNote",
"position": [
1940,
300
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "988221b8-3143-4f9c-a403-55b25e5d116a",
"name": "Sticky Note2",
"type": "n8n-nodes-base.stickyNote",
"position": [
1940,
1000
],
"parameters": {
"content": ""
},
"typeVersion": 1
},
{
"id": "a1c88a89-8aff-411c-af0c-f949632436d0",
"name": "Sticky Note3",
"type": "n8n-nodes-base.stickyNote",
"position": [
1940,
1200
],
"parameters": {
"content": ""
},
"typeVersion": 1
}
],
"active": false,
"settings": {
"executionOrder": "v1"
},
"versionId": "f78b0e4e-fc09-4dd8-bcfa-9bf1db0eb2dd",
"connections": {
"Code": {
"main": [
[
{
"node": "\ud83e\udded Response Router",
"type": "main",
"index": 0
}
]
]
},
"Split Out": {
"main": [
[
{
"node": "\ud83e\udde0 AI \u2013 Incident Playbook Selector",
"type": "main",
"index": 0
}
]
]
},
"\ud83c\udf10 Get CVE Feed": {
"main": [
[
{
"node": "\ud83e\udde0 Merge Threat Data",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udee1\ufe0f Get IOC Feed": {
"main": [
[
{
"node": "\ud83e\udde0 Merge Threat Data",
"type": "main",
"index": 1
}
]
]
},
"\ud83e\udded Response Router": {
"main": [
[
{
"node": "Send Alert Email",
"type": "main",
"index": 0
}
],
[
{
"node": "Log to Google Sheet",
"type": "main",
"index": 0
}
],
[
{
"node": "HTTP Request",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 Merge Threat Data": {
"main": [
[
{
"node": "\ud83e\udde0Combine Threat Data",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0Combine Threat Data": {
"main": [
[
{
"node": "\ud83e\udde0 AI \u2013 Risk Evaluation",
"type": "main",
"index": 0
}
]
]
},
"\u23f0 Cron \u2013 Daily Trigger": {
"main": [
[
{
"node": "\ud83c\udf10 Get CVE Feed",
"type": "main",
"index": 0
},
{
"node": "\ud83d\udee1\ufe0f Get IOC Feed",
"type": "main",
"index": 0
}
]
]
},
"\ud83d\udea8 ALERT \u2013 LEV Trigger": {
"main": [
[
{
"node": "\ud83d\udce7 Send Alert Email",
"type": "main",
"index": 0
},
{
"node": "Google Sheets",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 AI \u2013 Risk Evaluation": {
"main": [
[
{
"node": "\ud83e\udde0 AI \u2013 Triage Vulnerabilities",
"type": "main",
"index": 0
},
{
"node": "Split Out",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 AI \u2013 Triage Vulnerabilities": {
"main": [
[
{
"node": "\ud83d\udea8 ALERT \u2013 LEV Trigger",
"type": "main",
"index": 0
}
]
]
},
"\ud83e\udde0 AI \u2013 Incident Playbook Selector": {
"main": [
[
{
"node": "Code",
"type": "main",
"index": 0
}
]
]
}
}
}
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
👤 Who it’s for Blue Team leads, CISOs, and SOC managers who want automated visibility into threat metrics, endpoint alerts, and response actions — without needing a full SIEM or BI platform.
Source: https://n8n.io/workflows/6415/ — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Security teams, DevOps engineers, vulnerability analysts, and automation builders who want to eliminate repetitive Nessus scan parsing, AI-based risk triage, and manual reporting. Designed for orgs fo
This n8n workflow automatically finds apartments for rent in Germany, filters them by your city, rent budget, and number of rooms, and applies to them via email. Each application includes: A personali
Workflow Overview Zoom Attendance Evaluator with Follow-up is an n8n automation workflow that automatically evaluates Zoom meeting attendance and sends follow-up emails to no-shows and early leavers w
This workflow automatically monitors Amazon product prices, tracks price changes, and sends alerts when significant price fluctuations occur. Built with ScrapeOps' structured data API, it provides a r
This n8n template automatically monitors SSL certificates of websites listed in a Google Sheet and sends email alerts if any are expiring within 14 days. It helps ensure you avoid downtime, security i