HumationHuman + Automation
Back to Catalog

Monitor CISA critical vulnerability alerts with RSS feed & Slack notifications

MarthMarth
748 views
2/3/2026
AIMultimodalAudioTranscriptionWhisperOpenAIGeminiVisionAnalysisGoogle
Official Page

How It Works: The 5-Node Monitoring Flow

This concise workflow efficiently captures, filters, and delivers crucial cybersecurity-related mentions.

1. Monitor: Cybersecurity Keywords (X/Twitter Trigger)

This is the entry point of your workflow. It actively searches X (formerly Twitter) for tweets containing the specific keywords you define.

  • Function: Continuously polls X for tweets that match your specified queries (e.g., your company name, "Log4j," "CVE-2024-XXXX," "ransomware").
  • Process: As soon as a matching tweet is found, it triggers the workflow to begin processing that information.

2. Format Notification (Code Node)

This node prepares the raw tweet data, transforming it into a clean, actionable message for your alerts.

  • Function: Extracts key details from the raw tweet and structures them into a clear, concise message.
  • Process: It pulls out the tweet's text, the user's handle (@screen_name), and the direct URL to the tweet. These pieces are then combined into a user-friendly notificationMessage. You can also include basic filtering logic here if needed.

3. Valid Mention? (If Node)

This node acts as a quick filter to help reduce noise and prevent irrelevant alerts from reaching your team.

  • Function: Serves as a simple conditional check to validate the mention's relevance.
  • Process: It evaluates the notificationMessage against specific criteria (e.g., ensuring it doesn't contain common spam words like "bot"). If the mention passes this basic validation, the workflow continues. Otherwise, it quietly ends for that particular tweet.

4. Send Notification (Slack Node)

This is the delivery mechanism for your alerts, ensuring your team receives instant, visible notifications.

  • Function: Delivers the formatted alert message directly to your designated communication channel.
  • Process: The notificationMessage is sent straight to your specified Slack channel (e.g., #cyber-alerts or #security-ops).

5. End Workflow (No-Op Node)

This node simply marks the successful completion of the workflow's execution path.

  • Function: Indicates the end of the workflow's process for a given trigger.

How to Set Up

Implementing this simple cybersecurity monitor in your n8n instance is quick and straightforward.

1. Prepare Your Credentials

Before building the workflow, ensure all necessary accounts are set up and their respective credentials are ready for n8n.

  • X (Twitter) API: You'll need an X (Twitter) developer account to create an application and obtain your Consumer Key/Secret and Access Token/Secret. Use these to set up your Twitter credential in n8n.
  • Slack API: Set up your Slack credential in n8n. You'll also need the Channel ID of the Slack channel where you want your security alerts to be posted (e.g., #security-alerts or #it-ops).

2. Import the Workflow JSON

Get the workflow structure into your n8n instance.

  • Import: In your n8n instance, go to the "Workflows" section. Click the "New" or "+" icon, then select "Import from JSON." Paste the provided JSON code (from the previous response) into the import dialog and import the workflow.

3. Configure the Nodes

Customize the imported workflow to fit your specific monitoring needs.

  • Monitor: Cybersecurity Keywords (X/Twitter):
    • Click on this node.
    • Select your newly created Twitter Credential.
    • CRITICAL: Modify the "Query" parameter to include your specific brand names, relevant CVEs, or general cybersecurity terms. For example: "YourCompany" OR "CVE-2024-1234" OR "phishing alert". Use OR to combine multiple terms.
  • Send Notification (Slack):
    • Click on this node.
    • Select your Slack Credential.
    • Replace "YOUR_SLACK_CHANNEL_ID" with the actual Channel ID you noted earlier for your security alerts.
  • (Optional: You can adjust the "Valid Mention?" node's condition if you find specific patterns of false positives in your search results that you want to filter out.)

4. Test and Activate

Verify that your workflow is working correctly before setting it live.

  • Manual Test: Click the "Test Workflow" button (usually in the top right corner of the n8n editor). This will execute the workflow once.
  • Verify Output: Check your specified Slack channel to confirm that any detected mentions are sent as notifications in the correct format. If no matching tweets are found, you won't see a notification, which is expected.
  • Activate: Once you're satisfied with the test results, toggle the "Active" switch (usually in the top right corner of the n8n editor) to ON. Your workflow will then automatically monitor X (Twitter) at the specified polling interval.

Monitor CISA Critical Vulnerability Alerts with RSS Feed & Slack Notifications

This n8n workflow automates the process of monitoring the CISA (Cybersecurity and Infrastructure Security Agency) RSS feed for critical vulnerability alerts and sending notifications to a Slack channel. It helps security teams and individuals stay informed about new, high-priority vulnerabilities without manually checking the CISA website.

What it does

  1. Monitors CISA RSS Feed: Regularly checks the specified CISA RSS feed for new items.
  2. Filters for Critical Alerts: Uses a "Code" node to filter the incoming RSS feed items, identifying those that contain the keyword "critical" in their title or description.
  3. Routes Alerts: If a critical alert is found, it proceeds to the notification step. If not, the workflow ends without action.
  4. Sends Slack Notification: For each critical alert, a formatted message is posted to a designated Slack channel, including the alert's title and a link to the full details.

Prerequisites/Requirements

  • n8n Instance: A running n8n instance (self-hosted or cloud).
  • Slack Account: A Slack workspace and a channel where notifications will be posted.
  • Slack API Token: A Slack API token with permissions to post messages to your chosen channel. This will be configured as an n8n credential.
  • CISA RSS Feed URL: The URL for the CISA RSS feed you wish to monitor. A common one is https://www.cisa.gov/uscert/ncas/current-activity.xml or https://www.cisa.gov/news-events/rss-feeds/alerts-bulletins.

Setup/Usage

  1. Import the Workflow:
    • Download the provided JSON file for this workflow.
    • In your n8n instance, click on "Workflows" in the left sidebar.
    • Click "New" and then "Import from JSON".
    • Paste the JSON content or upload the JSON file.
  2. Configure the RSS Feed Trigger:
    • Click on the "RSS Feed Trigger" node.
    • In the "URL" field, enter the CISA RSS feed URL you want to monitor (e.g., https://www.cisa.gov/uscert/ncas/current-activity.xml).
    • Set the "Interval" to your desired frequency (e.g., every 15 minutes, 1 hour).
  3. Configure the Code Node:
    • Click on the "Code" node.
    • Review the JavaScript code. It's designed to check for the word "critical" (case-insensitive) in the title or description of each RSS item. You can modify this logic if you need to filter for other keywords or criteria.
  4. Configure Slack Credentials:
    • Click on the "Slack" node.
    • Click "Create New" next to the "Credential" field.
    • Select "Slack API" as the credential type.
    • Enter your Slack API Token. Instructions on how to obtain a Slack API token can be found in the n8n documentation or Slack's API documentation.
    • Give your credential a descriptive name (e.g., "My Slack Account").
    • Click "Save".
  5. Configure Slack Channel:
    • In the "Slack" node, after selecting your credential, enter the name of the Slack channel where you want the alerts to be posted (e.g., #security-alerts).
  6. Activate the Workflow:
    • Once all configurations are complete, click the "Activate" toggle in the top right corner of the n8n editor to enable the workflow.

The workflow will now run at the specified interval, fetching new CISA alerts, filtering them for "critical" mentions, and notifying your Slack channel accordingly.

Related Templates

AI multi-agent executive team for entrepreneurs with Gemini, Perplexity and WhatsApp

This workflow is an AI-powered multi-agent system built for startup founders and small business owners who want to automate decision-making, accountability, research, and communication, all through WhatsApp. The β€œvirtual executive team,” is designed to help small teams to work smarter. This workflow sends you market analysis, market and sales tips, It can also monitor what your competitors are doing using perplexity (Research agent) and help you stay a head, or make better decisions. And when you feeling stuck with your start-up accountability director is creative enough to break the barrier 🎯 Core Features πŸ§‘β€πŸ’Ό 1. President (Super Agent) Acts as the main controller that coordinates all sub-agents. Routes messages, assigns tasks, and ensures workflow synchronization between the AI Directors. πŸ“Š 2. Sales & Marketing Director Uses SerpAPI to search for market opportunities, leads, and trends. Suggests marketing campaigns, keywords, or outreach ideas. Can analyze current engagement metrics to adjust content strategy. πŸ•΅οΈβ€β™€οΈ 3. Business Research Director Powered by Perplexity AI for competitive and market analysis. Monitors competitor moves, social media engagement, and product changes. Provides concise insights to help the founder adapt and stay ahead. ⏰ 4. Accountability Director Keeps the founder and executive team on track. Sends motivational nudges, task reminders, and progress reports. Promotes consistency and discipline β€” key traits for early-stage success. πŸ—“οΈ 5. Executive Secretary Handles scheduling, email drafting, and reminders. Connects with Google Calendar, Gmail, and Sheets through OAuth. Automates follow-ups, meeting summaries, and notifications directly via WhatsApp. πŸ’¬ WhatsApp as the Main Interface Interact naturally with your AI team through WhatsApp Business API. All responses, updates, and summaries are delivered to your chat. Ideal for founders who want to manage operations on the go. βš™οΈ How It Works Trigger: The workflow starts from a WhatsApp Trigger node (via Meta Developer Account). Routing: The President agent analyzes the incoming message and determines which Director should handle it. Processing: Marketing or sales queries go to the Sales & Marketing Director. Research questions are handled by the Business Research Director. Accountability tasks are assigned to the Accountability Director. Scheduling or communication requests are managed by the Secretary. Collaboration: Each sub-agent returns results to the President, who summarizes and sends the reply back via WhatsApp. Memory: Context is maintained between sessions, ensuring personalized and coherent communication. 🧩 Integrations Required Gemini API – for general intelligence and task reasoning Supabase- for RAG and postgres persistent memory Perplexity API – for business and competitor analysis SerpAPI – for market research and opportunity scouting Google OAuth – to connect Sheets, Calendar, and Gmail WhatsApp Business API – for message triggers and responses πŸš€ Benefits Acts like a team of tireless employees available 24/7. Saves time by automating research, reminders, and communication. Enhances accountability and strategy consistency for founders. Keeps operations centralized in a simple WhatsApp interface. 🧰 Setup Steps Create API credentials for: WhatsApp (via Meta Developer Account) Gemini, Perplexity, and SerpAPI Google OAuth (Sheets, Calendar, Gmail) Create a supabase account at supabase Add the credentials in the corresponding n8n nodes. Customize the system prompts for each Director based on your startup’s needs. Activate and start interacting with your virtual executive team on WhatsApp. Use Case You are a small organisation or start-up that can not afford hiring; marketing department, research department and secretar office, then this workflow is for you πŸ’‘ Need Customization? Want to tailor it for your startup or integrate with CRM tools like Notion or HubSpot? You can easily extend the workflow or contact the creator for personalized support. Consider adjusting the system prompt to suite your business

ShadrackBy Shadrack
331

πŸŽ“ How to transform unstructured email data into structured format with AI agent

This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From – sender’s email address To – recipient’s email address Subject – email subject line Summary – short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits βœ… Full Automation: Eliminates manual reading and data entry from incoming emails. βœ… Multi-Source Integration: Handles data from different email providers seamlessly. βœ… AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. βœ… Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. βœ… Time Efficiency: Processes emails in real time, improving productivity and response speed. *βœ… Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.

DavideBy Davide
1616

Send WooCommerce discount coupons to customers via WhatsApp using Rapiwa API

Who is this for? This workflow is ideal for WooCommerce store owners who want to automatically send promotional WhatsApp messages to their customers when new coupons are created. It’s designed for marketers and eCommerce managers looking to boost engagement, streamline coupon sharing, and track campaign performance effortlessly through Google Sheets. Overview This workflow listens for WooCommerce coupon creation events (coupon.created) and uses customer billing data to send promotional WhatsApp messages via the Rapiwa API. The flow formats the coupon data, cleans phone numbers, verifies WhatsApp registration with Rapiwa, sends the promotional message when verified, and logs each attempt to Google Sheets (separate sheets for verified/sent and unverified/not sent). What this Workflow Does Listens for new coupon creation events in WooCommerce via the WooCommerce Trigger node Retrieves all customer data from the WooCommerce store Processes customers in batches to control throughput Cleans and formats customer phone numbers for WhatsApp Verifies if phone numbers are valid WhatsApp accounts using Rapiwa API Sends personalized WhatsApp messages with coupon details to verified numbers Logs all activities to Google Sheets for tracking and analysis Handles both verified and unverified numbers appropriately Key Features Automated coupon distribution: Triggers when new coupons are created in WooCommerce Customer data retrieval: Fetches all customer information from WooCommerce Phone number validation: Verifies WhatsApp numbers before sending messages Personalized messaging: Includes customer name and coupon details in messages Dual logging system: Tracks both successful and failed message attempts Rate limiting: Uses batching and wait nodes to prevent API overload Data formatting: Structures coupon information for consistent messaging Google Sheet Column Structure A Google Sheet formatted like this ➀ sample The workflow uses a Google Sheet with the following columns to track coupon distribution: | name | number | email | address1 | couponCode | couponTitle | couponType | couponAmount | createDate | expireDate | validity | status | | ----------- | ------------- | --------------------------------------------------- | --------- | ---------- | -------------- | ---------- | ------------ | ------------------- | ------------------- | ---------- | -------- | | Abdul Mannan | 8801322827799 | contact@spagreen.net | mirpur-DOHS | 62dhryst | eid offer 2025 | percent | 20.00 | 2025-09-11 06:08:02 | 2025-09-15 00:00:00 | unverified | not sent | | Abdul Mannan | 8801322827799 | contact@spagreen.net | mirpur-DOHS | 62dhryst | eid offer 2025 | percent | 20.00 | 2025-09-11 06:08:02 | 2025-09-15 00:00:00 | verified | sent | Requirements n8n instance with the following nodes: WooCommerce Trigger, Code, SplitInBatches, HTTP Request, IF, Google Sheets, Wait WooCommerce store with API access Rapiwa account with API access for WhatsApp verification and messaging Google account with Sheets access Customer phone numbers in WooCommerce (stored in billing.phone field) Important Notes Phone Number Format: The workflow cleans phone numbers by removing all non-digit characters. Ensure your WooCommerce phone numbers are in a compatible format. API Rate Limits: Rapiwa and WooCommerce APIs have rate limits. Adjust batch sizes and wait times accordingly. Data Privacy: Ensure compliance with data protection regulations when sending marketing messages. Error Handling: The workflow logs unverified numbers but doesn't have extensive error handling. Consider adding error notifications for failed API calls. Message Content: The current message template references the first coupon only (coupons[0]). Adjust if you need to handle multiple coupons. Useful Links Dashboard: https://app.rapiwa.com Official Website: https://rapiwa.com Documentation: https://docs.rapiwa.com Support & Help WhatsApp: Chat on WhatsApp Discord: SpaGreen Community Facebook Group: SpaGreen Support Website: https://spagreen.net Developer Portfolio: Codecanyon SpaGreen

RapiwaBy Rapiwa
110