I built a small SOC-style automation to show how security alerts move through an n8n pipeline. An alert is created, enriched with basic threat context, and sent to Slack for review.
How it works:
- A security alert is triggered
- The alert is normalized into clean fields
- Threat context is added (IP reputation and geolocation)
- The alert is sent to Slack
The alert is enriched with basic threat intelligence to support triage and then automatically delivered to Slack for analyst review.
What This Shows:
- Basic SOC alert flow
- Alert enrichment
- Simple automation with n8n