Template description
Who is this for?
- Security professionals
- Developers
- Individuals interested in data breach awareness
Use Case
- Automated monitoring for new breaches
- Proactive identity protection
- Demonstration of simple cache mechanism
What this workflow does
- Checks the Have I Been Pwned API every 15 minutes for the latest breaches.
- Compares new breach data against previously notified breaches.
- Demonstrates a simple cache mechanism to track previously seen breaches.
How the Cache Functionality Works
- Read from Cache: Retrieves the last known breach from
cache.jsonto avoid redundant alerts for the same breach. - Compare Against Current Breach: The workflow checks if the latest fetched breach differs from the cached one.
- Update the Cache: If a new breach is detected, it updates
cache.jsonwith the latest breach data.
Setup instructions
- The endpoint used in this workflow does not require an API key.
- Add your desired alert mechanism in the red box attached to the
New breachnode.
How to customize this workflow to your needs
- Modify Notification Settings: Tailor where alerts are sent (email, Slack, etc.). Add the desired node after the
New breachnode. This node contains all the data from the breach so it is eaisily available.
You can choose from a variety of n8n nodes to send alerts when a new breach is detected. Below are a few common options you might consider adding after the New breach node:
- Email Node
What it does: Sends an email notification to one or more recipients.
Use case: Great for simple alerts to your inbox or a team distribution list.
Customization: You can include breach details in the subject or body of the email, using data from the New breach node. - Slack Node
What it does: Sends a message to a Slack channel or user.
Use case: Perfect for real-time alerts to your team in Slack.
Customization: You can post breach details directly in a channel or DM. You can also format the message (bold, code blocks, etc.). - Microsoft Teams Node
What it does: Sends a message to a Teams channel.
Use case: For organizations that use Microsoft Teams for communication.
Customization: Similar to Slack, you can customize the message content and include all relevant breach information. - Discord Node
What it does: Sends an alert message to a Discord channel.
Use case: Useful for teams or communities that coordinate via Discord.
Customization: Add formatted messages with breach details for easy viewing. - Telegram Node
What it does: Sends messages to a Telegram chat or group.
Use case: Good for mobile notifications and fast alerts.
Customization: You can include breach summaries or detailed information, and even use bots to automate this. - Webhook Node (as a sender)
What it does: Sends breach data to another service via a webhook.
Use case: If you have an external system or app that handles alerts, you can push the data directly to it.
Customization: Send JSON payloads with detailed breach information to trigger actions in other systems. - SMS Nodes (like Twilio)
What it does: Sends an SMS notification to one or more phone numbers.
Use case: For urgent alerts that need to be seen immediately.
Customization: Keep messages concise, including key breach details like the time, type of breach, and affected system.
- Adjust Check Frequency: Change the interval in the Schedule Trigger node (e.g., hourly or daily).
Share Template
More Support workflow templates
+5
🚀 Boost your customer service with this WhatsApp Business bot!
This n8n workflow demonstrates how to automate customer interactions and appointment management via WhatsApp Business bot.
After submitting a Google Form, the user receives a notification via WhatsApp. These notifications are sent via a template message.
In case user sends a message to the bot, the text and user data is stored in Google Sheets.
To reply back to the user, fill in the ReplyText column and change the Status to 'Ready'. In a few seconds n8n will fetch the unsent replies and deliver them one by one via WhatsApp Business node.
Customize this workflow to fit your specific needs, connect different online services and enhance your customer communication! 🎉
Setup Instructions
To get this workflow up and running, you'll need to:
👇 Create a WhatsApp template message on the Meta Business portal.
Obtain an Access Token and WhatsApp Business Account ID from the Meta Developers Portal. This is needed for the WhatsApp Business Node to send messages.
Set up a WhatsApp Trigger node with App ID and App Secret from the Meta Developers Portal.
Right after that copy the WhatsApp Trigger URL and add it as a Callback URL in the Meta Developers Portal. This trigger is needed to receive incoming messages and their status updates.
Connect your Google Sheets account for data storage and management. Check out the documentation page.
⚠️ Important Notes
WhatsApp allows automatic custom text messages only within 24 hours of the last user message. Outside with time frame only approved template messages can be sent.
The workflow uses a Google Sheet to manage form submissions, incoming messages and prepare responses. You can replace these nodes and connect the WhatsApp bot with other systems.
Eduard
+6
Notion AI Assistant Generator
This n8n workflow template lets teams easily generate a custom AI chat assistant based on the schema of any Notion database. Simply provide the Notion database URL, and the workflow downloads the schema and creates a tailored AI assistant designed to interact with that specific database structure.
Set Up
Watch this quick set up video 👇
Key Features
Instant Assistant Generation**: Enter a Notion database URL, and the workflow produces an AI assistant configured to the database schema.
Advanced Querying**: The assistant performs flexible queries, filtering records by multiple fields (e.g., tags, names). It can also search inside Notion pages to pull relevant content from specific blocks.
Schema Awareness**: Understands and interacts with various Notion column types like text, dates, and tags for accurate responses.
Reference Links**: Each query returns direct links to the exact Notion pages that inform the assistant’s response, promoting transparency and easy access.
Self-Validation**: The workflow has logic to check the generated assistant, and if any errors are detected, it reruns the agent to fix them.
Ideal for
Product Managers**: Easily access and query product data across Notion databases.
Support Teams**: Quickly search through knowledge bases for precise information to enhance support accuracy.
Operations Teams**: Streamline access to HR, finance, or logistics data for fast, efficient retrieval.
Data Teams**: Automate large dataset queries across multiple properties and records.
How It Works
This AI assistant leverages two HTTP request tools—one for querying the Notion database and another for retrieving data within individual pages. It’s powered by the Anthropic LLM (or can be swapped for GPT-4) and always provides reference links for added transparency.
Max Tkacz
+3
Slack chatbot powered by AI
This workflow offers an effective way to handle a chatbot's functionality, making use of multiple tools for information retrieval, conversation context storage, and message sending. It's a setup tailored for a Slack environment, aiming to offer an interactive, AI-driven chatbot experience.
Note that to use this template, you need to be on n8n version 1.19.4 or later.
n8n Team
+12
HR & IT Helpdesk Chatbot with Audio Transcription
An intelligent chatbot that assists employees by answering common HR or IT questions, supporting both text and audio messages. This unique feature ensures employees can conveniently ask questions via voice messages, which are transcribed and processed just like text queries.
How It Works
Message Capture: When an employee sends a message to the chatbot in WhatsApp or Telegram (text or audio), the chatbot captures the input.
Audio Transcription: For audio messages, the chatbot transcribes the content into text using an AI-powered transcription service (e.g., Whisper, Google Cloud Speech-to-Text).
Query Processing:
The transcribed text (or directly entered text) is sent to an AI service (e.g., OpenAI) to generate embeddings.
These embeddings are used to search a vector database (e.g., Supabase or Qdrant) containing the company’s internal HR and IT documentation.
The most relevant data is retrieved and sent back to the AI service to compose a concise and helpful response.
Response Delivery: The chatbot sends the final response back to the employee, whether the input was text or audio.
Set Up Steps
Estimated Time**: 20–25 minutes
Prerequisites**:
Create an account with an AI provider (e.g., OpenAI).
Connect WhatsApp or Telegram credentials in n8n.
Set up a transcription service (e.g., Whisper or Google Cloud Speech-to-Text).
Configure a vector database (e.g., Supabase or Qdrant) and add your internal HR and IT documentation.
Import the workflow template into n8n and update environment variables for your credentials.
Felipe Braga
+8
Advanced Telegram Bot, Ticketing System, LiveChat, User Management, Broadcasting
A robust n8n workflow designed to enhance Telegram bot functionality for user management and broadcasting. It facilitates automatic support ticket creation, efficient user data storage in Redis, and a sophisticated system for message forwarding and broadcasting.
How It Works
Telegram Bot Setup: Initiate the workflow with a Telegram bot configured for handling different chat types (private, supergroup, channel).
User Data Management: Formats and updates user data, storing it in a Redis database for efficient retrieval and management.
Support Ticket Creation: Automatically generates chat tickets for user messages and saves the corresponding topic IDs in Redis.
Message Forwarding: Forwards new messages to the appropriate chat thread, or creates a new thread if none exists.
Support Forum Management: Handles messages within a support forum, differentiating between various chat types and user statuses.
Broadcasting System: Implements a broadcasting mechanism that sends channel posts to all previous bot users, with a system to filter out blocked users.
Blocked User Management: Identifies and manages blocked users, preventing them from receiving broadcasted messages.
Versatile Channel Handling: Ensures that messages from verified channels are properly managed and broadcasted to relevant users.
Set Up Steps
Estimated Time**: Around 30 minutes.
Requirements**: A Telegram bot, a Redis database, and Telegram group/channel IDs are necessary.
Configuration**: Input the Telegram bot token and relevant group/channel IDs. Configure message handling and user data processing according to your needs.
Detailed Instructions**: Sticky notes within the workflow provide extensive setup information and guidance.
Live Demo Workflow
Bot: Telegram Bot Link (Click here)
Support Group: Telegram Group Link (Click here)
Broadcasting Channel: Telegram Channel Link (Click here)
Keywords: n8n workflow, Telegram bot, chat ticket system, Redis database, message broadcasting, user data management, support forum automation
Nskha
+10
Automate Customer Support Issue Resolution using AI Text Classifier
This n8n template is designed to assist and improve customer support team member capacity by automating the resolution of long-lived and forgotten JIRA issues.
How it works
Schedule Trigger runs daily to check for long-lived unresolved issues and imports them into the workflow.
Each Issue is handled as a separate subworkflow by using an execute workflow node. This allows parallel processing.
A report is generated from the issue using its comment history allowing the issue to be classified by AI - determining the state and progress of the issue.
If determined to be resolved, sentiment analysis is performed to track customer satisfaction. If negative, a slack message is sent to escalate, otherwise the issue is closed automatically.
If no response has been initiated, an AI agent will attempt to search and resolve the issue itself using similar resolved issues or from the notion database. If a solution is found, it is posted to the issue and closed.
If the issue is blocked and waiting for responses, then a reminder message is added.
How to use
This template searches for JIRA issues which are older than 7 days which are not in the "Done" status. Ensure there are some issues that meet this criteria otherwise adjust the search query to suit.
Works best if you frequently have long-lived issues that need resolving.
Ensure the notion tool is configured as to not read documents you didn't intend it to ie. private and/or internal documentation.
Requirements
JIRA for issues management
OpenAI for LLM
Slack for notifications
Customising this workflow
Why not try classifying issues as they are created? One use-case may be for quality control such as ensuring reporting criteria is adhered to, summarising and rephrasing issue for easier reading or adjusting priority.
Jimleuk
More SecOps workflow templates
+4
Automate Image Validation Tasks using AI Vision
This n8n workflow shows how using multimodal LLMs with AI vision can tackle tricky image validation tasks which are near impossible to achieve with code and often impractical to be done by humans at scale.
You may need image validation when users submitted photos or images are required to meet certain criteria before being accepted. A wine review website may require users only submit photos of wine with labels, a bank may require account holders to submit scanned documents for verification etc.
In this demonstration, our scenario will be to analyse a set of portraits to verify if they meet the criteria for valid passport photos according to the UK government website (https://www.gov.uk/photos-for-passports).
How it works
Our set of portaits are jpg files downloaded from our Google Drive using the Google Drive node.
Each image is resized using the Edit Image node to ensure a balance between resolution and processing speed.
Using the Basic LLM node, we'll define a "user message" option with the type of binary (data). This will allow us to pass our portrait to the LLM as an input.
With our prompt containing the criteria pulled off the passport photo requirements webpage, the LLM is able to validate the photo does or doesn't meet its criteria.
A structured output parser is used to structure the LLM's response to a JSON object which has the "is_valid" boolean property. This can be useful to further extend the workflow.
Requirements
Google Gemini API key
Google Drive account
Customising this workflow
Not using Gemini? n8n's LLM node works with any compatible multimodal LLM so feel free to swap Gemini out for OpenAI's GPT4o or Antrophic's Claude Sonnet.
Don't need to validate portraits? Try other use cases such as document classification, security footage analysis, people tagging in photos and more.
Jimleuk
+4
Phishing Analysis - URLScan.io and VirusTotal
This n8n workflow automates the analysis of email messages received in a Microsoft Outlook inbox to identify indicators of compromise (IOCs), specifically suspicious URLs. It can be triggered manually or scheduled to run daily at midnight.
The workflow begins by retrieving up to 100 read email messages from the Outlook inbox. However, there seems to be a configuration issue as it should retrieve unread messages, not read ones. It then marks these messages as read to avoid processing them again in the future.
The messages are then split into individual items using the Split In Batches node for sequential processing. For each email, the workflow analyzes its content to find URLs, which are considered potential IOCs. If URLs are found, the workflow proceeds to check these URLs for potential threats using two services, URLScan.io and VirusTotal, in parallel.
In the first path, URLScan.io scans each URL, and if there are no errors, the results from URLScan.io and VirusTotal are merged. If there are errors, the workflow waits 1 minute before attempting to retrieve the URLScan results again. The loop then continues for the next email. In the second path, VirusTotal is used to scan the URLs, and the results are retrieved.
Finally, the workflow checks if the data field is not empty, filtering out items where no data was found. It then sends a summarized Slack message to report details about the analyzed email, including the subject, sender, date, URLScan report URL, and VirusTotal verdict for URLs that were reported as malicious.
Potential issues during setup include configuring the Outlook node to retrieve unread messages, resolving a configuration issue in the VirusTotal node, and handling authentication and API keys for both URLScan.io and VirusTotal nodes. Additionally, proper error handling and testing with various email content types and URLs are essential to ensure the workflow accurately identifies IOCs and reports them to the Slack channel.
n8n Team
SSL Expiry Alert with SSL-Checker.io
Use Case
Managing SSL certificates manually can be time-consuming and error-prone, often leading to unexpected downtime or security risks due to expired certificates.
What This Workflow Does
This workflow automatically monitors SSL certificates for a list of websites, checks their expiry status using SSL-Checker.io, and sends timely notifications if a certificate is about to expire.
Setup
Add your credentials for Google Sheets, Gmail, and SSL-Checker.io.
Create a Google Sheet with a list of URLs for the websites you want to monitor.
Configure the workflow to check the SSL status weekly.
Set up email notifications to alert you when a certificate is close to expiry.
Activate the workflow to automate monitoring and notification.
How to Adjust It to Your Needs
Customize the URL Source: Replace Google Sheets with another data source like Airtable or CSV files.
Modify Notification Thresholds: Change the expiry threshold (e.g., notify for 14 days instead of 7).
Add Additional Actions: Integrate with tools like Slack or Teams for team-wide notifications.
Automate Renewal Requests: Add a step to send renewal requests directly to your SSL provider if a certificate is nearing expiry.
Vishal Kumar
+7
URL and IP lookups through Greynoise and VirusTotal
This n8n workflow serves as a powerful cybersecurity and threat intelligence tool to look up URLs or IP addresses through industry standard threat intelligence vendors. It starts with either a form submission or a webhook trigger, allowing users to input data, URLs or IPs that require analysis. The workflow then splits into two paths depending on whether the input data is an IP or URL. If an IP was given, it sets the ip variable to the IP; however if a URL was given the workflow will perform a DNS lookup using Google Public DNS and sets the ip variable based on the results from Google.
The workflow then checks the obtained IP addresses against GreyNoise services, with one branch utilizing GreyNoise RIOT IP Lookup to assess IP reputation and association with known benign services, and the other using GreyNoise IP Context to evaluate potential threats. The results from both GreyNoise services are merged to create a comprehensive analysis which includes the IP, classification (benign, malicious, or unknown), IP location, tags to identify activity or malware, category, and trust level.
In parallel, a VirusTotal scan is initiated for the URL/IP to identify if it is malicious. A 5-second wait ensures proper processing, and the workflow subsequently polls the scan result to determine when the analysis is complete. The workflow then summarizes the analysis including the overall security vendor analysis results, blockList analysis, OpenPhish analysis, the URL, and the IP.
Finally, the workflow combines the summarized intelligence from both GreyNoise and VirusTotal to provide a thorough analysis of the URL/IP. This summarized intelligence can then be emailed to the user that filled out the form via Gmail or it can be sent to the user via a Slack message.
Setting up this workflow may require proper configuration of the form submission or webhook trigger, and ensuring that the GreyNoise and VirusTotal API credentials are correctly integrated. Users should also consider the potential volume of data and API rate limits, as excessive requests could lead to issues. Proper documentation and validation of input data are crucial to ensure accurate and meaningful results in the final report.
n8n Team
Analyze emails with S1EM
With workflow, you analyze Email with TheHive/Cortex
https://github.com/V1D1AN/S1EM/wiki/Soar-guide
v1d1an
Send Email if server has upgradable packages
This workflow automates the routine check for upgradable packages on your Ubuntu server, ensuring you stay updated with the latest software patches and security improvements. By running a daily script, it efficiently monitors any available package upgrades and promptly notifies you via email, saving you time and enhancing your server’s security.
How It Works:
Daily Monitoring**: The workflow is configured to execute a script daily that connects to your Ubuntu server and checks for any upgradable packages.
Email Notification**: If any upgradable packages are detected during the check, the workflow triggers an alert mechanism that automatically sends you a notification email detailing the available updates.
Set Up Steps:
SSH Credentials**: Provide the SSH login credentials for your Ubuntu server. This will allow the workflow to securely connect and perform checks for software updates.
SMTP Credentials**: Provide SMTP login details for your email account. These credentials are used to configure the email notifications system, enabling it to send alerts about the upgradable packages.
Benefits:
Timeliness**: Receive prompt updates on critical software upgrades to maintain the optimal performance and security of your server.
Automation**: Reduces the need for manual checks, allowing you to focus on other critical tasks with peace of mind.
Customizable**: Easily adjust the checking frequency or update the notification settings according to your preferences.
Hostinger
