Auto remediate endpoint infections with Wazuh, ClamAV, and GPT-4
Reduce human delays between malware detection and remediation in MSSP/SOC environments. This workflow automates full endpoint antivirus scanning immediately after high-severity endpoint infection wazuh alerts, closing the gap between alerting and action. Why Use This Workflow? Malware alerts are only effective if acted upon swiftly. Manual follow-ups are slow or often missed, letting threats persist. Automates detection, triage, scan initiation, and notification—all within one minute of alerting. Ensures consistent, auditable actions across endpoints running Linux or Windows. --- 🔑 Key Features Listens for high-severity Wazuh AV infection alerts (e.g., rule 52502). Uses GPT-4 for AI-powered alert summaries to speed triage and decision making. Extracts exact infected file paths using AI and regex for targeted scanning. Runs ClamAV/defender scans directly on endpoints via SSH with least-privilege credentials. Sends real-time scan results and remediation updates through Telegram, Slack, or email. Runs locally with limited permissions—no need for elevated Wazuh manager access. --- 🎯 Impact Eliminates manual lag—scans start automatically and immediately. Standardizes response playbooks for reliable, repeatable remediation. Reduces threat dwell time, minimizing risk exposure. Provides full event-to-remediation visibility via logs and notifications. --- 🚀 Get Started Configure Wazuh Manager to forward AV alerts to this n8n webhook. Import this workflow JSON into your n8n instance. Set up required credentials: OpenAI API, SSH access for ClamAV scanning, notification channels (Telegram/Slack/email). Activate the workflow and monitor alerts triggering automated scans and reports. --- 📂 Enjoy customizing Swap ClamAV with your preferred antivirus commands (e.g., Defender) as needed. Integrate with your existing communication or ticketing systems. Extend or adapt for multi-endpoint orchestration or other alert rules. --- Created by Mariskarthick M Senior Security Analyst | Detection Engineer | Threat Hunter | Open-Source Enthusiast
By mariskarthick🛠️ Mattermost tool MCP server 💪 all 19 operations
Need help? Want access to this workflow + many more paid workflows + live Q&A sessions with a top verified n8n creator? Join the community Complete MCP server exposing all Mattermost Tool operations to AI agents. Zero configuration needed - all 19 operations pre-built. ⚡ Quick Setup Import this workflow into your n8n instance Activate the workflow to start your MCP server Copy the webhook URL from the MCP trigger node Connect AI agents using the MCP URL 🔧 How it Works • MCP Trigger: Serves as your server endpoint for AI agent requests • Tool Nodes: Pre-configured for every Mattermost Tool operation • AI Expressions: Automatically populate parameters via $fromAI() placeholders • Native Integration: Uses official n8n Mattermost Tool tool with full error handling 📋 Available Operations (19 total) Every possible Mattermost Tool operation is included: 📺 Channel (7 operations) • Add a user to a channel • Create a channel • Delete a channel • Get a page of members for a channel • Restore a soft-deleted channel • Search for a channel • Get statistics for a channel 💬 Message (3 operations) • Delete a message • Post a message • Post an ephemeral message 🔧 Reaction (3 operations) • Create a reaction • Delete a reaction • Get many reactions 👤 User (6 operations) • Create a user • Deactivate a user • Get a user by email • Get a user by ID • Get many users • Invite a user 🤖 AI Integration Parameter Handling: AI agents automatically provide values for: • Resource IDs and identifiers • Search queries and filters • Content and data payloads • Configuration options Response Format: Native Mattermost Tool API responses with full data structure Error Handling: Built-in n8n error management and retry logic 💡 Usage Examples Connect this MCP server to any AI agent or workflow: • Claude Desktop: Add MCP server URL to configuration • Custom AI Apps: Use MCP URL as tool endpoint • Other n8n Workflows: Call MCP tools from any workflow • API Integration: Direct HTTP calls to MCP endpoints ✨ Benefits • Complete Coverage: Every Mattermost Tool operation available • Zero Setup: No parameter mapping or configuration needed • AI-Ready: Built-in $fromAI() expressions for all parameters • Production Ready: Native n8n error handling and logging • Extensible: Easily modify or add custom logic > 🆓 Free for community use! Ready to deploy in under 2 minutes.
By David AshbyMonitor WooCommerce daily revenue spikes and send Slack alerts
WooCommerce Daily Sales & Revenue Spike Monitor → Slack Alert This workflow automatically checks your WooCommerce store’s last 24 hours of revenue, top-selling products, and cancelled orders on a daily schedule. It sends Slack notifications when sales cross a defined threshold or provides a detailed status update—including cancellation impact—if the target hasn’t been met, helping teams react quickly without manual reporting. 🚀 Quick Implementation Steps Set up the Schedule Trigger to run daily Connect WooCommerce and fetch recent orders Filter paid and cancelled orders separately Filter both datasets to the last 24 hours Calculate revenue, top products, and cancellation impact Merge and format sales and cancellation data Compare revenue with a configurable threshold Send enriched Slack alerts with sales and cancellation insights What It Does This workflow serves as a daily sales and revenue health monitoring assistant for your WooCommerce store. It runs automatically on a schedule and collects recent order data from WooCommerce via API. Only paid orders (Completed / Processing) are considered for revenue calculations. Cancelled orders are processed in a separate branch to track revenue loss. Orders created within the last 24 hours are filtered for both paid and cancelled orders. The workflow calculates total revenue, order count, average order value, and top-selling products. It also calculates cancelled order count and cancelled revenue to highlight potential revenue leakage. Sales and cancellation data are merged into a single structured object. An IF node checks whether revenue exceeds a predefined threshold. If the threshold is crossed, a Slack Sales Spike Alert is sent with cancellation context. If the threshold is not reached, a Slack Status / Pending Alert is sent showing progress, top products, and cancellation impact—keeping the team informed without noise. Who’s It For Business owners monitoring daily sales and revenue health Sales and marketing teams tracking revenue spikes and losses E-commerce managers using WooCommerce Operations teams monitoring cancellations and fulfillment risks Non-technical users who want actionable insights without dashboards Requirements to Use This Workflow An active WooCommerce store WooCommerce REST API credentials An n8n instance (cloud or self-hosted) A Slack workspace with incoming webhook or Slack credentials Permission to read WooCommerce orders and post Slack messages How It Works & Set Up Schedule Trigger Configure the Schedule Trigger to run once per day at your preferred time. Fetch Orders from WooCommerce Use the WooCommerce node to retrieve recent orders from your store. Filter Paid Orders Keep only orders with status Completed or Processing. Filter Last 24 Hours Orders A Code node filters paid orders created within the last 24 hours. Calculate Top Products A Code node aggregates product quantities sold in the last 24 hours. Calculate Total Revenue A Code node calculates total revenue, order count, and average order value. Fetch & Process Cancelled Orders A separate WooCommerce branch fetches orders with status Cancelled. Cancelled orders are filtered to the last 24 hours using a Code node. A Code node calculates cancelled order count and cancelled revenue. Merge & Format Sales Data A Merge node combines sales metrics and cancellation metrics. A Code node formats all results into a single JSON object for Slack. Threshold Check An IF node compares total revenue against a fixed threshold. Send Slack Alerts TRUE path: Sends a Sales Spike Alert including revenue, top products, and cancellation impact. FALSE path: Sends a Status / Pending Alert showing current performance, top products, and cancellation insights. Activate Workflow Test once and activate the workflow for daily monitoring. How To Customize Nodes Threshold Value: Update the IF node condition to match your business target Schedule Time: Change the Schedule Trigger execution time Slack Channels: Update Slack nodes to post in your desired channels Order Status Logic: Adjust filters for paid or cancelled orders if needed Time Window: Modify the 24-hour logic to 12 hours, 48 hours, or weekly Cancellation Sensitivity: Add conditions to alert on high cancellation volume or revenue impact Add-ons (Optional Enhancements) Add cancellation rate (%) and net revenue calculations Trigger alerts when cancellation revenue exceeds a defined percentage Store daily sales and cancellation history in Google Sheets or a database Add day-over-day or week-over-week comparisons Send alerts to Microsoft Teams or Email Attach a CSV report with order and cancellation details Use Case Examples Detect viral product sales quickly Monitor flash sale performance Identify revenue loss due to cancellations Alert leadership on high-revenue or high-risk days Track campaign-driven sales spikes and drop-offs Support inventory, operations, and customer experience planning > Many more business scenarios can be addressed based on your store’s needs. Troubleshooting Guide | Issue | Possible Cause | Solution | | ---------------------------------- | -------------------------------- | ---------------------------------------- | | No Slack alert received | Revenue did not exceed threshold | Check threshold or test with lower value | | Workflow fails | WooCommerce API error | Verify API credentials and permissions | | Revenue or cancellation shows zero | Orders filtered out | Validate order status and date logic | | Slack message not sent | Wrong Slack credentials | Reconnect Slack node | | Orders missing | Timezone mismatch | Align WooCommerce and n8n timezone | Need Help? Need help setting up this workflow or customizing it further? Our n8n workflow development team at WeblineIndia can assist you with implementation, add-ons, performance optimization and building similar n8n automations tailored to your business needs. 👉 Contact WeblineIndia today to automate smarter and scale faster.
By WeblineIndia