Automate security incident triage with GPT-4o-mini and Gmail notifications
What this workflow does ----------------------- Automatically triages inbound security findings (e.g., from AWS Security Hub via EventBridge → SNS → Webhook), classifies them with an LLM, generates a 3-step remediatio...
Template notes
What this workflow does -----------------------
Automatically triages inbound security findings (e.g., from AWS Security Hub via EventBridge → SNS → Webhook), classifies them with an LLM, generates a 3-step remediation plan, and emails a compact incident brief.
Pipeline: Webhook → CleanFinding (normalize) → Classify (LLM) → Plan (LLM) → Gmail (email). You can substitute Microsoft Teams, Slack, etc.
- Normalizes the incoming finding JSON (title, description, account, resource id/type, updatedat).
- Uses an LLM to assign incidenttype, severity (P0--P3), urgency, shorttitle, and why (concise rationale).
- Produces a 3-step remediation plan with ownerhint and successcriteria---kept atomic and practical.
- Sends a clean HTML email with all details (subject line includes short title, resource, and account).
Category: Security / Cloud / Incident Management\ Time to set up: ~10--15 minutes\ Difficulty: Beginner--Intermediate\ Cost: Mostly free (n8n CE; OpenAI usage + Gmail/SMTP as used)