Aggregate endpoint security risk scores with EDR, vulnerability data & Google Sheets
π€ Who itβs for Security teams, SOC analysts, and small-to-mid IT teams looking to automatically assess endpoint risk by combining known vulnerabilities with internal asset value and dynamic threat indicators.
Perfect for teams using Google Sheets or CSV asset inventories who want to prioritize incidents based on true business risk β not just raw CVE scores.
βοΈ How it works / What it does Fetches endpoint-specific CVE data from prior modules or external feeds
Loads enriched internal asset inventory (IP, department, criticality, etc.)
Calculates risk score using a weighted formula: (CVE severity Γ Asset risk rating Γ Exposure coefficient)
Applies custom playbook rules to determine action level (Notify / Investigate / Isolate)
Outputs filtered, triaged list of high-risk endpoints
Logs results to active and historical threat sheets
Sends summary email alerts based on final triaged list
π οΈ How to set up Google Sheets: Connect your enriched asset inventory and endpoint vulnerability input sheets using your OAuth2 credentials
Edit Thresholds: Adjust scoring logic or thresholds in the βπ Risk Score Calculatorβ node
Email Alerts: Add your sender credentials and customize recipient address list
Automation Trigger: Optional: Add a Cron node or Webhook to run this aggregator hourly/daily
Review sticky notes: All logic is labeled clearly with setup instructions
π Requirements Google account + access to n8n Google Sheets integration
Vulnerability scan output (from CyberScan or external CVE feed)
Enriched asset inventory with basic scoring fields (asset value, criticality)
SMTP or email alert service (optional)
𧩠How to customize the workflow Replace Google Sheets with Supabase, Airtable, or internal DB
Add columns for department ownership, system type, or live agent signals
Integrate with EDR/XDR system or incident tracking tool
Expand the playbook to include automatic isolation triggers
π¦ This is a clean, production-ready version with no sensitive data. Placeholders are clearly marked.
π This module is part of the CYBERPULSEBlueOps Pro Pack. Get access to advanced automation, isolation triggers, full asset triage logic, and instant download at π cyberpulsesolutions.com/blueops
Aggregate Endpoint Security Risk Scores with EDR Vulnerability Data
This n8n workflow automates the process of fetching endpoint security risk scores and EDR (Endpoint Detection and Response) vulnerability data, then prepares this information for further analysis or reporting. It's designed to run on a schedule, ensuring your security data is consistently updated.
What it does
This workflow performs the following key steps:
- Schedules Execution: The workflow is triggered on a predefined schedule (e.g., daily, weekly).
- Prepares API Request: A "Function" node prepares the necessary data or parameters for an API call to retrieve endpoint security risk scores.
- Fetches Endpoint Security Data: An "HTTP Request" node makes an API call to an external service to fetch the endpoint security risk scores.
- Prepares EDR Vulnerability Request: Another "Function" node prepares the data for a subsequent API call to retrieve EDR vulnerability data.
- Fetches EDR Vulnerability Data: An "HTTP Request" node makes an API call to an external service to fetch the EDR vulnerability data.
- Combines Data: A "Merge" node combines the endpoint security risk scores and the EDR vulnerability data into a single dataset.
- Writes to Google Sheets: The aggregated data is then written to a specified Google Sheet, providing a centralized repository for your security insights.
Prerequisites/Requirements
To use this workflow, you will need:
- n8n Instance: A running instance of n8n.
- Google Sheets Account: With appropriate permissions to write to a spreadsheet.
- Google Sheets Credential: Configured in n8n to connect to your Google Sheets account.
- API Endpoints: Access to the API endpoints for your endpoint security solution and EDR platform.
- API Credentials/Authentication: Any necessary API keys, tokens, or other authentication details for the security and EDR APIs.
Setup/Usage
-
Import the Workflow:
- Download the provided JSON workflow definition.
- In your n8n instance, click on "Workflows" in the left sidebar.
- Click "New" and then "Import from JSON".
- Paste the JSON content or upload the file.
-
Configure Credentials:
- Locate the "Google Sheets" node. Click on it and select or create a new "Google Sheets API" credential.
- For the "HTTP Request" nodes, you will need to configure the authentication method (e.g., API Key, OAuth2, Header Auth) according to the requirements of your endpoint security and EDR platforms.
-
Configure Nodes:
- Cron: Adjust the schedule to your desired frequency (e.g., daily, weekly).
- Function (Prepare Endpoint Security Request): Modify the JavaScript code to construct the API request (URL, headers, body) for your specific endpoint security platform.
- HTTP Request (Get Endpoint Security Data): Update the URL, HTTP method, and any other parameters to match your endpoint security API.
- Function (Prepare EDR Vulnerability Request): Modify the JavaScript code to construct the API request for your specific EDR platform.
- HTTP Request (Get EDR Vulnerability Data): Update the URL, HTTP method, and any other parameters to match your EDR vulnerability API.
- Google Sheets: Specify the Spreadsheet ID and Sheet Name where you want to write the aggregated data. Ensure the column headers in your Google Sheet match the keys in the data output by the "Merge" node.
-
Activate the Workflow:
- Once all configurations are complete, save the workflow.
- Toggle the "Active" switch in the top right corner to enable the workflow. It will now run automatically based on your defined schedule.
Related Templates
Automate Dutch Public Procurement Data Collection with TenderNed
TenderNed Public Procurement What This Workflow Does This workflow automates the collection of public procurement data from TenderNed (the official Dutch tender platform). It: Fetches the latest tender publications from the TenderNed API Retrieves detailed information in both XML and JSON formats for each tender Parses and extracts key information like organization names, titles, descriptions, and reference numbers Filters results based on your custom criteria Stores the data in a database for easy querying and analysis Setup Instructions This template comes with sticky notes providing step-by-step instructions in Dutch and various query options you can customize. Prerequisites TenderNed API Access - Register at TenderNed for API credentials Configuration Steps Set up TenderNed credentials: Add HTTP Basic Auth credentials with your TenderNed API username and password Apply these credentials to the three HTTP Request nodes: "Tenderned Publicaties" "Haal XML Details" "Haal JSON Details" Customize filters: Modify the "Filter op ..." node to match your specific requirements Examples: specific organizations, contract values, regions, etc. How It Works Step 1: Trigger The workflow can be triggered either manually for testing or automatically on a daily schedule. Step 2: Fetch Publications Makes an API call to TenderNed to retrieve a list of recent publications (up to 100 per request). Step 3: Process & Split Extracts the tender array from the response and splits it into individual items for processing. Step 4: Fetch Details For each tender, the workflow makes two parallel API calls: XML endpoint - Retrieves the complete tender documentation in XML format JSON endpoint - Fetches metadata including reference numbers and keywords Step 5: Parse & Merge Parses the XML data and merges it with the JSON metadata and batch information into a single data structure. Step 6: Extract Fields Maps the raw API data to clean, structured fields including: Publication ID and date Organization name Tender title and description Reference numbers (kenmerk, TED number) Step 7: Filter Applies your custom filter criteria to focus on relevant tenders only. Step 8: Store Inserts the processed data into your database for storage and future analysis. Customization Tips Modify API Parameters In the "Tenderned Publicaties" node, you can adjust: offset: Starting position for pagination size: Number of results per request (max 100) Add query parameters for date ranges, status filters, etc. Add More Fields Extend the "Splits Alle Velden" node to extract additional fields from the XML/JSON data, such as: Contract value estimates Deadline dates CPV codes (procurement classification) Contact information Integrate Notifications Add a Slack, Email, or Discord node after the filter to get notified about new matching tenders. Incremental Updates Modify the workflow to only fetch new tenders by: Storing the last execution timestamp Adding date filters to the API query Only processing publications newer than the last run Troubleshooting No data returned? Verify your TenderNed API credentials are correct Check that you have setup youre filter proper Need help setting this up or interested in a complete tender analysis solution? Get in touch π LinkedIn β Wessel Bulte
By Wessel Bulteπ How to transform unstructured email data into structured format with AI agent
This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From β senderβs email address To β recipientβs email address Subject β email subject line Summary β short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits β Full Automation: Eliminates manual reading and data entry from incoming emails. β Multi-Source Integration: Handles data from different email providers seamlessly. β AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. β Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. β Time Efficiency: Processes emails in real time, improving productivity and response speed. *β Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.
By DavideDynamic Hubspot lead routing with GPT-4 and Airtable sales team distribution
AI Agent for Dynamic Lead Distribution (HubSpot + Airtable) π§ AI-Powered Lead Routing and Sales Team Distribution This intelligent n8n workflow automates end-to-end lead qualification and allocation by integrating HubSpot, Airtable, OpenAI, Gmail, and Slack. The system ensures that every new lead is instantly analyzed, scored, and routed to the best-fit sales representative β all powered by AI logic, sir. --- π‘ Key Advantages β‘ Real-Time Lead Routing Automatically assigns new leads from HubSpot to the most relevant sales rep based on region, capacity, and expertise. π§ AI Qualification Engine An OpenAI-powered Agent evaluates the leadβs industry, region, and needs to generate a persona summary and routing rationale. π Centralized Tracking in Airtable Every lead is logged and updated in Airtable with AI insights, rep details, and allocation status for full transparency. π¬ Instant Notifications Slack and Gmail integrations alert the assigned rep immediately with full lead details and AI-generated notes. π Seamless CRM Sync Updates the original HubSpot record with lead persona, routing info, and timeline notes for audit-ready history, sir. --- βοΈ How It Works HubSpot Trigger β Captures a new lead as soon as itβs created in HubSpot. Fetch Contact Data β Retrieves all relevant fields like name, company, and industry. Clean & Format Data β A Code node standardizes and structures the data for consistency. Airtable Record Creation β Logs the lead data into the βLeadsβ table for centralized tracking. AI Agent Qualification β The AI analyzes the lead using the TeamDatabase (Airtable) to find the ideal rep. Record Update β Updates the same Airtable record with the assigned team and AI persona summary. Slack Notification β Sends a real-time message tagging the rep with lead info. Gmail Notification β Sends a personalized handoff email with context and follow-up actions. HubSpot Sync β Updates the original contact in HubSpot with the assignment details and AI rationale, sir. --- π οΈ Setup Steps Trigger Node: HubSpot β Detect new leads. HubSpot Node: Retrieve complete lead details. Code Node: Clean and normalize data. Airtable Node: Log lead info in the βLeadsβ table. AI Agent Node: Process lead and match with sales team. Slack Node: Notify the designated representative. Gmail Node: Email the rep with details. HubSpot Node: Update CRM with AI summary and allocation status, sir. --- π Credentials Required HubSpot OAuth2 API β To fetch and update leads. Airtable Personal Access Token β To store and update lead data. OpenAI API β To power the AI qualification and matching logic. Slack OAuth2 β For sending team notifications. Gmail OAuth2 β For automatic email alerts to assigned reps, sir. --- π€ Ideal For Sales Operations and RevOps teams managing multiple regions B2B SaaS and enterprise teams handling large lead volumes Marketing teams requiring AI-driven, bias-free lead assignment Organizations optimizing CRM efficiency with automation, sir --- π¬ Bonus Tip You can easily extend this workflow by adding lead scoring logic, language translation for follow-ups, or Salesforce integration. The entire system is modular β perfect for scaling across global sales teams, sir.
By MANISH KUMAR