Automates critical security alert handling by filtering high-severity incidents, sending formatted email alerts, logging to Google Sheets, and triggering EDR endpoint isolation.
This n8n workflow is designed for SOC teams and incident responders to automatically act on critical threats without manual intervention. It starts by reading classified alerts from a Google Sheet (e.g., output from prior classification modules), filters for severity='Critical', and processes each incident through a series of response actions. Key features include sending richly formatted HTML email summaries to responders, appending full details to a central incident log sheet, and optionally p
Platform
n8n
Category
Media & Entertainment
Price
$24.99
Creator
Bryce Yu
security
incident-response
SOC
EDR
CrowdStrike
Google-Sheets
email-alerts
automation
blueops
threat-detection
How to import this workflow into n8n
1Purchase or download the workflow to get the n8n workflow JSON file.
2In your n8n instance, open Workflows and choose "Import from File" (or paste the JSON with Ctrl+V on the canvas).
3Open each node marked with a credential warning and connect your own accounts and API keys.
4Run the workflow once manually to verify the data flow, then toggle it to Active.