Monitor email data breaches with HIBP API and send Slack alerts
--- How It Works: The 5-Node Security Flow This workflow efficiently performs a scheduled data breach scan. 1. Scheduled Check (Cron Node) This is the workflow's trigger. It schedules the workflow to run at a specific...
Template notes
---
How It Works: The 5-Node Security Flow
This workflow efficiently performs a scheduled data breach scan.
1. Scheduled Check (Cron Node) This is the workflow's trigger. It schedules the workflow to run at a specific, regular interval. Function: Continuously runs on a set schedule, for example, every Monday morning. Process: The Cron node automatically initiates the workflow, ensuring routine data breach scans are performed without manual intervention.
2. List Emails to Check (Code Node) This node acts as your static database, defining which email addresses to monitor for breaches. Function: Stores a list of email addresses from your team or customers in a single, easy-to-update array. Process: It configures the list of emails that are then processed by the subsequent nodes. This makes it simple to add or remove addresses as needed.
3. Query HIBP API (HTTP Request Node) This node connects to the HaveIBeenPwned (HIBP) API to check for breaches. Function: Queries the HIBP API for each email address on your list. Process: It sends a request to the HIBP API. The API responds with a list of data breaches that the email was found in, if any.
4. Is Breached? (If Node) This is the core detection logic. It checks the API response to see if any breach data was returned. Function: Compares the API's response to an empty array. Process: If the API response is not empty, it indicates a breach has been found, and the workflow is routed to the notification node. If the response is empty, the workflow ends safely.
5. Send High-Priority Alert (Slack Node) / End Workflow (No-Op Node) These nodes represent the final action of the workflow. Function: Responds to a detected breach. Process: If a breach is found, the Slack node sends an urgent alert to your team's security channel, notifying them of the compromised email. If no breaches are found, the No-Op node ends the workflow without any notification.