Automate cybersecurity threat analysis with GPT-4o, CVSS scoring and risk routing

Go to Workflow
0 views
Built by Cheng Siong Chin Cheng Siong Chin
Created on June 05, 2026

Description

How It Works
This workflow automates end-to-end cybersecurity threat analysis using a multi-agent AI architecture, targeting Security Operations Centre (SOC) analysts, security engineers, and IT risk teams responsible for continuous threat monitoring and incident response. The core problem it solves is the slow, fragmented process of manually correlating threat intelligence, scoring vulnerabilities, and producing actionable reports, tasks that demand both speed and consistency under pressure. A manual trigger initiates the Cybersecurity Orchestrator Agent, which coordinates two specialist sub-agents: a Threat Intelligence Agent (backed by security log fetching and risk scoring tools) and an Attack Surface Mapping Agent (leveraging STRIDE analysis and CVSS scoring tools). Each agent operates with its own chat model and memory. Outputs are parsed by a Structured Threat Report Parser, then routed by a Rules-based Risk Severity router into three report formats such as SOC Alert, Executive Report, or Standard Report, ensuring every threat is communicated at the right level of urgency to the right audience.
Setup Steps
Connect your LLM API credentials to all Chat Model nodes (Orchestrator, Threat Intelligence, Attack Surface).
Configure the Fetch Security Logs Tool with your SIEM or log source API credentials.
Set risk threshold rules in the Risk Score Calculator node.
Define STRIDE and CVSS parameters in their respective tool nodes.
Set routing thresholds (e.g., CVSS ≥9 → SOC Alert, ≥6 → Executive, <6 → Standard) in Route by Risk Severity.

Prerequisites
LLM API key (OpenAI or compatible)
SIEM or security log source with API access
CVSS and STRIDE configuration parameters
Report template definitions for each severity tier
Use Cases
Auto-triage incoming vulnerability disclosures into severity-ranked reports.
Customisation
Add more routing branches (e.g., Critical, Zero-Day).
Benefits
Accelerates threat triage from hours to minutes.

Nodes Used (6)

AI Agent
@n8n/n8n-nodes-langchain.agent
AI Agent Tool
@n8n/n8n-nodes-langchain.agentTool
Calculator
@n8n/n8n-nodes-langchain.toolCalculator
Code Tool
@n8n/n8n-nodes-langchain.toolCode
OpenAI Chat Model
@n8n/n8n-nodes-langchain.lmChatOpenAi
Structured Output Parser
@n8n/n8n-nodes-langchain.outputParserStructured