Automates daily analysis of CrowdStrike security detections, enriches with VirusTotal IOC lookups, creates Jira tickets, and notifies via Slack for efficient incident response.
This n8n workflow automates security incident handling from CrowdStrike detections. Triggered daily at midnight via Schedule Trigger, it fetches recent detections using HTTP Request to CrowdStrike API, splits them into individual items, and enriches each with detailed info from another CrowdStrike API call. Processing occurs sequentially via Split In Batches to manage load.
Next, it queries VirusTotal for behavioral data using SHA256 hashes and IOC values through two HTTP Requests, incorporatin
Platform
n8n
Category
Crypto & Blockchain
Price
$24.99
Creator
Maxim Luong
CrowdStrike
VirusTotal
Jira
Slack
Security
Incident Response
IOC Analysis
Automation
Threat Detection
EDR
How to import this workflow into n8n
1Purchase or download the workflow to get the n8n workflow JSON file.
2In your n8n instance, open Workflows and choose "Import from File" (or paste the JSON with Ctrl+V on the canvas).
3Open each node marked with a credential warning and connect your own accounts and API keys.
4Run the workflow once manually to verify the data flow, then toggle it to Active.