This workflow follows the HTTP Request → OpenAI recipe pattern — see all workflows that pair these two integrations.
The workflow JSON
Copy or download the full n8n JSON below. Paste it into a new n8n workflow, add your credentials, activate. Full import guide →
{
"name": "X-n8 AI Analysis Workflow",
"nodes": [
{
"parameters": {},
"id": "start",
"name": "Start",
"type": "n8n-nodes-base.manualTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"model": "gpt-4",
"messages": {
"values": [
{
"content": "You are the X-n8 Triage Agent. Analyze the following security alert and provide a JSON response with severity_score (0-100), severity_label, confidence (0-1), is_true_positive, summary, mitre_tactics, mitre_techniques, recommended_actions, and escalate_to_xsoar boolean.\n\nAlert Data:\n{{ JSON.stringify($json, null, 2) }}"
}
]
},
"options": {
"temperature": 0.3,
"maxTokens": 1000
}
},
"id": "openai-analysis",
"name": "AI Triage",
"type": "@n8n/n8n-nodes-langchain.openAi",
"typeVersion": 1,
"position": [
450,
300
]
},
{
"parameters": {
"jsCode": "// Parse AI response and merge with original alert\nconst alert = $('Start').first().json;\nconst aiResponse = JSON.parse($input.first().json.message.content);\n\nreturn {\n json: {\n ...alert,\n xn8_metadata: {\n correlation_id: alert.alert_id,\n alert_count: 1,\n first_seen: alert.timestamp,\n last_seen: alert.timestamp,\n ai_summary: aiResponse.summary,\n ai_severity_score: aiResponse.severity_score,\n ai_confidence: aiResponse.confidence,\n recommended_actions: aiResponse.recommended_actions,\n mitre_mapping: aiResponse.mitre_techniques,\n is_true_positive: aiResponse.is_true_positive,\n escalate_to_xsoar: aiResponse.escalate_to_xsoar\n }\n }\n};"
},
"id": "merge-analysis",
"name": "Merge AI Analysis",
"type": "n8n-nodes-base.code",
"typeVersion": 2,
"position": [
650,
300
]
},
{
"parameters": {
"conditions": {
"number": [
{
"value1": "={{ $json.xn8_metadata.ai_severity_score }}",
"operation": "largerEqual",
"value2": 70
}
]
}
},
"id": "severity-router",
"name": "Route by Severity",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
850,
300
]
},
{
"parameters": {
"method": "POST",
"url": "={{ $env.XSOAR_URL }}/incident",
"authentication": "genericCredentialType",
"genericAuthType": "httpHeaderAuth",
"sendBody": true,
"bodyParameters": {
"parameters": [
{
"name": "name",
"value": "={{ 'X-n8: ' + $json.event_type + ' - ' + ($json.entities.host || $json.entities.user || 'Unknown') }}"
},
{
"name": "severity",
"value": "={{ $json.xn8_metadata.ai_severity_score >= 90 ? 4 : $json.xn8_metadata.ai_severity_score >= 70 ? 3 : 2 }}"
},
{
"name": "type",
"value": "={{ $json.event_type }}"
},
{
"name": "rawJSON",
"value": "={{ JSON.stringify($json) }}"
}
]
}
},
"id": "xsoar-create-incident",
"name": "Create XSOAR Incident",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 4,
"position": [
1050,
200
]
},
{
"parameters": {
"channel": "#soc-alerts",
"text": ":warning: *Low/Medium Alert Auto-Closed*\n*Event:* {{ $json.event_type }}\n*Summary:* {{ $json.xn8_metadata.ai_summary }}\n*Score:* {{ $json.xn8_metadata.ai_severity_score }}/100"
},
"id": "slack-notify",
"name": "Notify Slack",
"type": "n8n-nodes-base.slack",
"typeVersion": 2,
"position": [
1050,
400
]
}
],
"connections": {
"Start": {
"main": [
[
{
"node": "AI Triage",
"type": "main",
"index": 0
}
]
]
},
"AI Triage": {
"main": [
[
{
"node": "Merge AI Analysis",
"type": "main",
"index": 0
}
]
]
},
"Merge AI Analysis": {
"main": [
[
{
"node": "Route by Severity",
"type": "main",
"index": 0
}
]
]
},
"Route by Severity": {
"main": [
[
{
"node": "Create XSOAR Incident",
"type": "main",
"index": 0
}
],
[
{
"node": "Notify Slack",
"type": "main",
"index": 0
}
]
]
}
},
"settings": {
"executionOrder": "v1"
},
"tags": [
"x-n8",
"core",
"ai-analysis"
]
}
For the full experience including quality scoring and batch install features for each workflow upgrade to Pro
About this workflow
X-n8 AI Analysis Workflow. Uses openAi, httpRequest, slack. Event-driven trigger; 6 nodes.
Source: https://github.com/Masriyan/X-n8-Exnate/blob/47ea3ca20453e8ae528e38a6460d3212ea28d08c/n8n-workflows/core/ai-analysis.json — original creator credit. Request a take-down →
Related workflows
Workflows that share integrations, category, or trigger type with this one. All free to copy and import.
This workflow automatically turns any audio file uploaded to Google Drive into a complete podcast episode. It handles transcription, content generation, blog drafting, social copy creation, thumbnail
This workflow is an AI-powered lighting and look development pipeline designed for VFX production. It transforms a single lighting brief into multiple high-quality cinematic lighting references using
Overview
This workflow triggers on HubSpot dealstage changes, pulls full deal, contact, and owner details, uses OpenAI to generate a concise Slack-ready update with next steps, notifies the right Slack channel
How This Works This automation automatically scrapes leads from Apollo using the Apify scraper, filters out those who do not have an Email or URL included, scrapes the leads' website content and write