The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"id": 3,
"name": "TheHive",
"nodes": [
{
"name": "TheHive Create Alert",
"type": "n8n-nodes-base.theHive",
"position": [
500,
360
],
"parameters": {
"date": "2022-04-25T08:53:18.000Z",
"tags": "tlp:pwhite",
"type": "misp",
"title": "TheHive Alert",
"source": "1311",
"sourceRef": "1330",
"description": "Security issue detected on server A2. Please check and take care.",
"additionalFields": {}
},
"credentials": {
"theHiveApi": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"name": "TheHive Read Alerts",
"type": "n8n-nodes-base.theHive",
"position": [
500,
200
],
"parameters": {
"filters": {},
"options": {},
"operation": "getAll"
},
"credentials": {
"theHiveApi": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"name": "IF",
"type": "n8n-nodes-base.if",
"position": [
280,
540
],
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"object\"][\"stage\"]}}",
"value2": "=Closed",
"operation": "notEqual"
}
]
}
},
"typeVersion": 1
},
{
"name": "SIGNL4 Send Alert",
"type": "n8n-nodes-base.signl4",
"position": [
500,
520
],
"parameters": {
"message": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"details\"][\"description\"]}}",
"additionalFields": {
"title": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"details\"][\"title\"]}}",
"externalId": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"objectId\"]}}"
}
},
"credentials": {
"signl4Api": {
"name": "<your credential>"
}
},
"typeVersion": 1
},
{
"name": "TheHive Webhook Request",
"type": "n8n-nodes-base.webhook",
"position": [
80,
540
],
"parameters": {
"path": "22c76955-3f52-469e-a8ae-3f62e8e87ebe",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 1
},
{
"name": "Start (Testing)",
"type": "n8n-nodes-base.manualTrigger",
"position": [
80,
200
],
"parameters": {},
"typeVersion": 1
},
{
"name": "SIGNL4 Resolve Alert",
"type": "n8n-nodes-base.signl4",
"position": [
500,
720
],
"parameters": {
"operation": "resolve",
"externalId": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"objectId\"]}}"
},
"credentials": {
"signl4Api": {
"name": "<your credential>"
}
},
"typeVersion": 1
}
],
"active": false,
"settings": {},
"connections": {
"IF": {
"main": [
[
{
"node": "SIGNL4 Send Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "SIGNL4 Resolve Alert",
"type": "main",
"index": 0
}
]
]
},
"Start (Testing)": {
"main": [
[
{
"node": "TheHive Create Alert",
"type": "main",
"index": 0
}
]
]
},
"TheHive Webhook Request": {
"main": [
[
{
"node": "IF",
"type": "main",
"index": 0
}
]
]
}
}
}
Credentials you'll need
Each integration node will prompt for credentials when you import. We strip credential IDs before publishing — you'll add your own.
signl4ApitheHiveApi
About this workflow
TheHive. Uses theHive, signl4, manualTrigger. Webhook trigger; 7 nodes.
Source: https://github.com/Zie619/n8n-workflows — original creator credit. Request a take-down →