workflows.fit
Back to n8n workflows
n8n templateFreeBy Rajneesh Gupta

Malicious file detection & response: Wazuh to VirusTotal with Slack alerts

Malicious File Detection & Threat Summary Automation using Wazuh + VirusTotal + n8n This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash...

DevelopmentCore NodesCommunicationHITLProductivityHtmlGmailWebhook
Loading interactive preview...

Template notes

Malicious File Detection & Threat Summary Automation using Wazuh + VirusTotal + n8n

This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash validation, and integrated summary/report generation. It's ideal for analysts who want instant context and communication for file-based threats — without writing a single line of code.

---

What It Does

When Wazuh detects a suspicious file:

- Ingests Wazuh Alert A webhook node captures incoming alerts containing file hashes (SHA256/MD5).

- Parses IOCs Extracts relevant indicators (file hash, filename, etc.).

- Validates with VirusTotal Automatically checks the file hash reputation using VirusTotal's threat intelligence API.