This workflow follows the Postgres → Telegram recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"name": "SIEM - Alerta Entrante con Telegram",
"nodes": [
{
"parameters": {
"httpMethod": "POST",
"path": "alert/siem",
"options": {}
},
"id": "webhook-node",
"name": "Webhook SIEM",
"type": "n8n-nodes-base.webhook",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{ $json.headers['x-siem-key'] }}",
"operation": "equals",
"value2": "superpoderosas26"
}
]
}
},
"id": "if-auth",
"name": "Validar API Key",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
450,
300
]
},
{
"parameters": {
"operation": "insert",
"schema": "public",
"table": "alerts",
"columns": "rule_id, src_ip, username, severity, raw_event",
"returnFields": "*",
"options": {}
},
"id": "postgres-insert",
"name": "Insertar Alerta PostgreSQL",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
650,
200
],
"credentials": {
"postgres": {
"name": "<your credential>"
}
}
},
{
"parameters": {
"chatId": "={{$env.TELEGRAM_CHAT_ID}}",
"text": "\ud83d\udea8 **ALERTA SIEM**\n\n\ud83d\udccb **Regla:** {{ $json.body.rule_id }}\n\ud83d\udd34 **Severidad:** {{ $json.body.severity }}\n\ud83c\udf10 **IP Origen:** {{ $json.body.src_ip }}\n\ud83d\udc64 **Usuario:** {{ $json.body.username }}\n\u23f0 **Timestamp:** {{ $json.body.timestamp }}\n\n_Detectado por el sistema SIEM automatizado_",
"additionalFields": {
"parse_mode": "Markdown"
}
},
"id": "telegram-send",
"name": "Notificar Telegram",
"type": "n8n-nodes-base.telegram",
"typeVersion": 1,
"position": [
650,
400
],
"credentials": {
"telegramApi": {
"name": "<your credential>"
}
}
},
{
"parameters": {
"operation": "insert",
"schema": "public",
"table": "playbook_runs",
"columns": "alert_id, workflow, outcome",
"options": {}
},
"id": "postgres-playbook",
"name": "Registrar Playbook",
"type": "n8n-nodes-base.postgres",
"typeVersion": 2,
"position": [
850,
300
],
"credentials": {
"postgres": {
"name": "<your credential>"
}
}
},
{
"parameters": {
"values": {
"string": [
{
"name": "rule_id",
"value": "={{ $json.body.rule_id }}"
},
{
"name": "src_ip",
"value": "={{ $json.body.src_ip }}"
},
{
"name": "username",
"value": "={{ $json.body.username || 'unknown' }}"
},
{
"name": "severity",
"value": "={{ $json.body.severity }}"
},
{
"name": "raw_event",
"value": "={{ JSON.stringify($json.body) }}"
}
]
},
"options": {}
},
"id": "set-values",
"name": "Preparar Datos",
"type": "n8n-nodes-base.set",
"typeVersion": 2,
"position": [
450,
100
]
},
{
"parameters": {
"respondWith": "json",
"responseBody": "={\"status\": \"error\", \"message\": \"Unauthorized\"}",
"options": {
"responseCode": 401
}
},
"id": "respond-error",
"name": "Responder Error",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
650,
500
]
},
{
"parameters": {
"respondWith": "json",
"responseBody": "={\"status\": \"success\", \"message\": \"Alert processed\"}",
"options": {
"responseCode": 200
}
},
"id": "respond-success",
"name": "Responder OK",
"type": "n8n-nodes-base.respondToWebhook",
"typeVersion": 1,
"position": [
1050,
300
]
}
],
"connections": {
"Webhook SIEM": {
"main": [
[
{
"node": "Validar API Key",
"type": "main",
"index": 0
},
{
"node": "Preparar Datos",
"type": "main",
"index": 0
}
]
]
},
"Validar API Key": {
"main": [
[
{
"node": "Insertar Alerta PostgreSQL",
"type": "main",
"index": 0
},
{
"node": "Notificar Telegram",
"type": "main",
"index": 0
}
],
[
{
"node": "Responder Error",
"type": "main",
"index": 0
}
]
]
},
"Insertar Alerta PostgreSQL": {
"main": [
[
{
"node": "Registrar Playbook",
"type": "main",
"index": 0
}
]
]
},
"Registrar Playbook": {
"main": [
[
{
"node": "Responder OK",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
},
"staticData": null,
"tags": [
{
"name": "SIEM",
"createdAt": "2026-02-06T00:00:00.000Z",
"updatedAt": "2026-02-06T00:00:00.000Z"
}
],
"versionId": "1"
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
postgrestelegramApi
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
SIEM - Alerta Entrante con Telegram. Uses postgres, telegram. Webhook trigger; 8 nodes.
Source: https://github.com/micapaco/TP-Ciberseguridad/blob/aec83383a2bbed0e6cec1acdd9ccea37480139cc/n8n/workflow-siem-alerta.json — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
Send Telegram Alerts for New WooCommerce Orders. Uses stickyNote, telegram. Webhook trigger; 6 nodes.
Memorize Ghost Alerts. Uses postgres, telegram. Scheduled trigger; 4 nodes.