HumationHuman + Automation
Back to Catalog

Monitor security logs for failed login attempts with Slack alerts

MarthMarth
289 views
2/3/2026
AIFormattingAssistantOpenAIMessages
Official Page

How It Works: The 5-Node Anomaly Detection Flow

This workflow efficiently processes logs to detect anomalies.

  1. Scheduled Check (Cron Node): This is the primary trigger. It schedules the workflow to run at a defined interval (e.g., every 15 minutes), ensuring logs are routinely scanned for suspicious activity.

  2. Fetch Logs (HTTP Request Node): This node is responsible for retrieving logs from an external source. It sends a request to your log API endpoint to get a batch of the most recent logs.

  3. Count Failed Logins (Code Node): This is the core of the detection logic. The JavaScript code filters the logs for a specific event ("login_failure"), counts the total, and identifies unique IPs involved. This information is then passed to the next node.

  4. Failed Logins > Threshold? (If Node): This node serves as the final filter. It checks if the number of failed logins exceeds a threshold you set (e.g., more than 5 attempts). If it does, the workflow is routed to the notification node; if not, the workflow ends safely.

  5. Send Anomaly Alert (Slack Node): This node sends an alert to your team if an anomaly is detected. The Slack message includes a summary of the anomaly, such as the number of failed attempts and the IPs involved, enabling a swift response.

How to Set Up

Implementing this essential log anomaly detector in your n8n instance is quick and straightforward.

  1. Prepare Your Credentials & API:

    • Log API: Make sure you have an API endpoint or a way to get logs from your system (e.g., a server, CMS, or application). The logs should be in JSON format, and you'll need any necessary API keys or tokens.
    • Slack Credential: Set up a Slack credential in n8n and get the Channel ID of your security alert channel (e.g., #security-alerts).

  2. Import the Workflow JSON:

    • Create a new workflow in n8n and choose "Import from JSON."
    • Paste the JSON code (which was provided in a previous response).

  3. Configure the Nodes:

    • Scheduled Check (Cron): Set the schedule according to your preference (e.g., every 15 minutes).
    • Fetch Logs (HTTP Request): Update the URL and header/authentication to match your specific log API endpoint.
    • Count Failed Logins (Code): Verify that the JavaScript code matches your log's JSON format. You may need to adjust log.event === 'login_failure' if your log events use a different name.
    • Failed Logins > Threshold? (If): Adjust the threshold value (e.g., 5) based on your risk tolerance.
    • Send Anomaly Alert (Slack): Select your Slack credential and enter the correct Channel ID.

  4. Test and Activate:

    • Manual Test: Run the workflow manually to confirm it fetches logs and processes them correctly. You can temporarily lower the threshold to 0 to ensure the alert is triggered.
    • Verify Output: Check your Slack channel to confirm that alerts are formatted and sent correctly.
    • Activate: Once you're confident in its function, activate the workflow. n8n will now automatically monitor your logs on the schedule you set.

Monitor Security Logs for Failed Login Attempts with Slack Alerts

This n8n workflow automates the process of monitoring security logs for failed login attempts and sending immediate alerts to a Slack channel when a predefined threshold is met. This helps security teams or administrators quickly identify and respond to potential brute-force attacks or unauthorized access attempts.

What it does

This workflow performs the following actions:

  1. Schedules Execution: Runs at a regular, configurable interval (e.g., every 5 minutes).
  2. Fetches Security Logs: Makes an HTTP request to an external API endpoint to retrieve recent security logs.
  3. Processes Logs: Uses a Code node to parse the fetched logs, identify failed login attempts, and count them.
  4. Checks Threshold: Evaluates if the number of failed login attempts exceeds a specified threshold.
  5. Sends Slack Alert: If the threshold is met, a formatted alert message is sent to a designated Slack channel, notifying the team of the suspicious activity.

Prerequisites/Requirements

To use this workflow, you will need:

  • An API Endpoint for Security Logs: A URL that, when queried, returns your system's security logs, preferably in a machine-readable format (e.g., JSON).
  • Slack Account: A Slack workspace and a channel where you want to receive the alerts.
  • n8n Slack Credential: An n8n credential configured for your Slack workspace with appropriate permissions to post messages.

Setup/Usage

  1. Import the Workflow:

    • Download the provided JSON file.
    • In your n8n instance, click "Workflows" in the left sidebar.
    • Click "New" and then "Import from JSON".
    • Paste the JSON content or upload the file.

  2. Configure the Schedule Trigger (Node 839 - "Schedule Trigger"):

    • Double-click the "Schedule Trigger" node.
    • Set the desired interval for the workflow to run (e.g., "Every 5 minutes").

  3. Configure the HTTP Request Node (Node 19 - "HTTP Request"):

    • Double-click the "HTTP Request" node.
    • In the "URL" field, enter the API endpoint for your security logs.
    • Configure any necessary authentication (e.g., API Key, Basic Auth) under the "Authentication" section, if your API requires it.

  4. Configure the Code Node (Node 834 - "Code"):

    • Double-click the "Code" node.
    • Review the JavaScript code. You might need to adjust it based on the exact structure of your security logs to correctly identify and count failed login attempts.
    • The failedLoginThreshold variable within the code defines how many failed attempts trigger an alert. Adjust this value as needed.

  5. Configure the If Node (Node 20 - "If"):

    • This node checks if the failedLoginAttempts count (output from the Code node) is greater than or equal to the failedLoginThreshold.
    • No direct configuration is typically needed here unless you want to change the comparison logic.

  6. Configure the Slack Node (Node 40 - "Slack"):

    • Double-click the "Slack" node.
    • Select your Slack credential. If you don't have one, click "Create New" and follow the instructions to set up a Slack API token.
    • In the "Channel" field, enter the name of the Slack channel where you want to receive alerts (e.g., #security-alerts).
    • Review the "Text" field to customize the alert message if desired. It currently uses expressions to include the number of failed attempts.

  7. Activate the Workflow:

    • Once all nodes are configured, click the "Active" toggle in the top right corner of the workflow editor to enable the workflow.

The workflow will now run on its schedule, monitoring your security logs and alerting your team via Slack when suspicious activity is detected.

Related Templates

AI multi-agent executive team for entrepreneurs with Gemini, Perplexity and WhatsApp

This workflow is an AI-powered multi-agent system built for startup founders and small business owners who want to automate decision-making, accountability, research, and communication, all through WhatsApp. The β€œvirtual executive team,” is designed to help small teams to work smarter. This workflow sends you market analysis, market and sales tips, It can also monitor what your competitors are doing using perplexity (Research agent) and help you stay a head, or make better decisions. And when you feeling stuck with your start-up accountability director is creative enough to break the barrier 🎯 Core Features πŸ§‘β€πŸ’Ό 1. President (Super Agent) Acts as the main controller that coordinates all sub-agents. Routes messages, assigns tasks, and ensures workflow synchronization between the AI Directors. πŸ“Š 2. Sales & Marketing Director Uses SerpAPI to search for market opportunities, leads, and trends. Suggests marketing campaigns, keywords, or outreach ideas. Can analyze current engagement metrics to adjust content strategy. πŸ•΅οΈβ€β™€οΈ 3. Business Research Director Powered by Perplexity AI for competitive and market analysis. Monitors competitor moves, social media engagement, and product changes. Provides concise insights to help the founder adapt and stay ahead. ⏰ 4. Accountability Director Keeps the founder and executive team on track. Sends motivational nudges, task reminders, and progress reports. Promotes consistency and discipline β€” key traits for early-stage success. πŸ—“οΈ 5. Executive Secretary Handles scheduling, email drafting, and reminders. Connects with Google Calendar, Gmail, and Sheets through OAuth. Automates follow-ups, meeting summaries, and notifications directly via WhatsApp. πŸ’¬ WhatsApp as the Main Interface Interact naturally with your AI team through WhatsApp Business API. All responses, updates, and summaries are delivered to your chat. Ideal for founders who want to manage operations on the go. βš™οΈ How It Works Trigger: The workflow starts from a WhatsApp Trigger node (via Meta Developer Account). Routing: The President agent analyzes the incoming message and determines which Director should handle it. Processing: Marketing or sales queries go to the Sales & Marketing Director. Research questions are handled by the Business Research Director. Accountability tasks are assigned to the Accountability Director. Scheduling or communication requests are managed by the Secretary. Collaboration: Each sub-agent returns results to the President, who summarizes and sends the reply back via WhatsApp. Memory: Context is maintained between sessions, ensuring personalized and coherent communication. 🧩 Integrations Required Gemini API – for general intelligence and task reasoning Supabase- for RAG and postgres persistent memory Perplexity API – for business and competitor analysis SerpAPI – for market research and opportunity scouting Google OAuth – to connect Sheets, Calendar, and Gmail WhatsApp Business API – for message triggers and responses πŸš€ Benefits Acts like a team of tireless employees available 24/7. Saves time by automating research, reminders, and communication. Enhances accountability and strategy consistency for founders. Keeps operations centralized in a simple WhatsApp interface. 🧰 Setup Steps Create API credentials for: WhatsApp (via Meta Developer Account) Gemini, Perplexity, and SerpAPI Google OAuth (Sheets, Calendar, Gmail) Create a supabase account at supabase Add the credentials in the corresponding n8n nodes. Customize the system prompts for each Director based on your startup’s needs. Activate and start interacting with your virtual executive team on WhatsApp. Use Case You are a small organisation or start-up that can not afford hiring; marketing department, research department and secretar office, then this workflow is for you πŸ’‘ Need Customization? Want to tailor it for your startup or integrate with CRM tools like Notion or HubSpot? You can easily extend the workflow or contact the creator for personalized support. Consider adjusting the system prompt to suite your business

ShadrackBy Shadrack
331

πŸŽ“ How to transform unstructured email data into structured format with AI agent

This workflow automates the process of extracting structured, usable information from unstructured email messages across multiple platforms. It connects directly to Gmail, Outlook, and IMAP accounts, retrieves incoming emails, and sends their content to an AI-powered parsing agent built on OpenAI GPT models. The AI agent analyzes each email, identifies relevant details, and returns a clean JSON structure containing key fields: From – sender’s email address To – recipient’s email address Subject – email subject line Summary – short AI-generated summary of the email body The extracted information is then automatically inserted into an n8n Data Table, creating a structured database of email metadata and summaries ready for indexing, reporting, or integration with other tools. --- Key Benefits βœ… Full Automation: Eliminates manual reading and data entry from incoming emails. βœ… Multi-Source Integration: Handles data from different email providers seamlessly. βœ… AI-Driven Accuracy: Uses advanced language models to interpret complex or unformatted content. βœ… Structured Storage: Creates a standardized, query-ready dataset from previously unstructured text. βœ… Time Efficiency: Processes emails in real time, improving productivity and response speed. *βœ… Scalability: Easily extendable to handle additional sources or extract more data fields. --- How it works This workflow automates the transformation of unstructured email data into a structured, queryable format. It operates through a series of connected steps: Email Triggering: The workflow is initiated by one of three different email triggers (Gmail, Microsoft Outlook, or a generic IMAP account), which constantly monitor for new incoming emails. AI-Powered Parsing & Structuring: When a new email is detected, its raw, unstructured content is passed to a central "Parsing Agent." This agent uses a specified OpenAI language model to intelligently analyze the email text. Data Extraction & Standardization: Following a predefined system prompt, the AI agent extracts key information from the email, such as the sender, recipient, subject, and a generated summary. It then forces the output into a strict JSON structure using a "Structured Output Parser" node, ensuring data consistency. Data Storage: Finally, the clean, structured data (the from, to, subject, and summarize fields) is inserted as a new row into a specified n8n Data Table, creating a searchable and reportable database of email information. --- Set up steps To implement this workflow, follow these configuration steps: Prepare the Data Table: Create a new Data Table within n8n. Define the columns with the following names and string type: From, To, Subject, and Summary. Configure Email Credentials: Set up the credential connections for the email services you wish to use (Gmail OAuth2, Microsoft Outlook OAuth2, and/or IMAP). Ensure the accounts have the necessary permissions to read emails. Configure AI Model Credentials: Set up the OpenAI API credential with a valid API key. The workflow is configured to use the model, but this can be changed in the respective nodes if needed. Connect the Nodes: The workflow canvas is already correctly wired. Visually confirm that the email triggers are connected to the "Parsing Agent," which is connected to the "Insert row" (Data Table) node. Also, ensure the "OpenAI Chat Model" and "Structured Output Parser" are connected to the "Parsing Agent" as its AI model and output parser, respectively. Activate the Workflow: Save the workflow and toggle the "Active" switch to ON. The triggers will begin polling for new emails according to their schedule (e.g., every minute), and the automation will start processing incoming messages. --- Need help customizing? Contact me for consulting and support or add me on Linkedin.

DavideBy Davide
1616

Send WooCommerce discount coupons to customers via WhatsApp using Rapiwa API

Who is this for? This workflow is ideal for WooCommerce store owners who want to automatically send promotional WhatsApp messages to their customers when new coupons are created. It’s designed for marketers and eCommerce managers looking to boost engagement, streamline coupon sharing, and track campaign performance effortlessly through Google Sheets. Overview This workflow listens for WooCommerce coupon creation events (coupon.created) and uses customer billing data to send promotional WhatsApp messages via the Rapiwa API. The flow formats the coupon data, cleans phone numbers, verifies WhatsApp registration with Rapiwa, sends the promotional message when verified, and logs each attempt to Google Sheets (separate sheets for verified/sent and unverified/not sent). What this Workflow Does Listens for new coupon creation events in WooCommerce via the WooCommerce Trigger node Retrieves all customer data from the WooCommerce store Processes customers in batches to control throughput Cleans and formats customer phone numbers for WhatsApp Verifies if phone numbers are valid WhatsApp accounts using Rapiwa API Sends personalized WhatsApp messages with coupon details to verified numbers Logs all activities to Google Sheets for tracking and analysis Handles both verified and unverified numbers appropriately Key Features Automated coupon distribution: Triggers when new coupons are created in WooCommerce Customer data retrieval: Fetches all customer information from WooCommerce Phone number validation: Verifies WhatsApp numbers before sending messages Personalized messaging: Includes customer name and coupon details in messages Dual logging system: Tracks both successful and failed message attempts Rate limiting: Uses batching and wait nodes to prevent API overload Data formatting: Structures coupon information for consistent messaging Google Sheet Column Structure A Google Sheet formatted like this ➀ sample The workflow uses a Google Sheet with the following columns to track coupon distribution: | name | number | email | address1 | couponCode | couponTitle | couponType | couponAmount | createDate | expireDate | validity | status | | ----------- | ------------- | --------------------------------------------------- | --------- | ---------- | -------------- | ---------- | ------------ | ------------------- | ------------------- | ---------- | -------- | | Abdul Mannan | 8801322827799 | contact@spagreen.net | mirpur-DOHS | 62dhryst | eid offer 2025 | percent | 20.00 | 2025-09-11 06:08:02 | 2025-09-15 00:00:00 | unverified | not sent | | Abdul Mannan | 8801322827799 | contact@spagreen.net | mirpur-DOHS | 62dhryst | eid offer 2025 | percent | 20.00 | 2025-09-11 06:08:02 | 2025-09-15 00:00:00 | verified | sent | Requirements n8n instance with the following nodes: WooCommerce Trigger, Code, SplitInBatches, HTTP Request, IF, Google Sheets, Wait WooCommerce store with API access Rapiwa account with API access for WhatsApp verification and messaging Google account with Sheets access Customer phone numbers in WooCommerce (stored in billing.phone field) Important Notes Phone Number Format: The workflow cleans phone numbers by removing all non-digit characters. Ensure your WooCommerce phone numbers are in a compatible format. API Rate Limits: Rapiwa and WooCommerce APIs have rate limits. Adjust batch sizes and wait times accordingly. Data Privacy: Ensure compliance with data protection regulations when sending marketing messages. Error Handling: The workflow logs unverified numbers but doesn't have extensive error handling. Consider adding error notifications for failed API calls. Message Content: The current message template references the first coupon only (coupons[0]). Adjust if you need to handle multiple coupons. Useful Links Dashboard: https://app.rapiwa.com Official Website: https://rapiwa.com Documentation: https://docs.rapiwa.com Support & Help WhatsApp: Chat on WhatsApp Discord: SpaGreen Community Facebook Group: SpaGreen Support Website: https://spagreen.net Developer Portfolio: Codecanyon SpaGreen

RapiwaBy Rapiwa
110