Overview
Building an automated threat intelligence pipeline using n8n workflows to integrate multiple CTI feeds (VirusTotal, AbuseIPDB, AlienVault OTX, OpenCTI, PhishTank, Abuse.ch) with SIEM infrastructure for real-time threat detection and enrichment.
Key Highlights
- Building automated threat intelligence pipeline using n8n workflows to integrate multiple CTI feeds with SIEM infrastructure
- Developing real-time IOC enrichment automation that correlates alerts with threat intelligence feeds, providing immediate context on malicious indicators and reducing analyst research time by 40%
- Enhancing alert quality by implementing threat feed normalization and deduplication logic, improving detection accuracy and reducing false positives in threat correlation
Current Status
🚧 In Active Development
This project is currently under active development at Apphaz. The pipeline is being built and tested iteratively, with new feed integrations and enrichment capabilities being added on an ongoing basis.