Automate Security Incident Triage with GPT-4o-mini & Gmail
Automatically triages security findings from AWS Security Hub via webhook, classifies severity with GPT-4o-mini, generates remediation plans, and sends HTML email notifications.
This n8n workflow automates the triage of inbound security incidents, such as those from AWS Security Hub via EventBridge and SNS to a webhook. It normalizes incoming JSON data (title, description, account, resource details), uses GPT-4o-mini to classify incidents by type, severity (P0-P3), urgency, and rationale, then generates a concise 3-step remediation plan with owner hints and success criteria.
The workflow streamlines incident response for security teams by reducing manual analysis time
Platform
n8n
Category
Crypto & Blockchain
Price
$14.99
Creator
Matt Buds
security
incident-triage
aws-security-hub
gpt-4o-mini
openai
gmail
webhook
automation
cloud-security
remediation
How to import this workflow into n8n
1Purchase or download the workflow to get the n8n workflow JSON file.
2In your n8n instance, open Workflows and choose "Import from File" (or paste the JSON with Ctrl+V on the canvas).
3Open each node marked with a credential warning and connect your own accounts and API keys.
4Run the workflow once manually to verify the data flow, then toggle it to Active.