TheHive
工作流概述
这是一个包含7个节点的中等工作流,主要用于自动化处理各种任务。
工作流源代码
{
"id": 3,
"name": "TheHive",
"nodes": [
{
"name": "TheHive Create Alert",
"type": "n8n-nodes-base.theHive",
"position": [
500,
360
],
"parameters": {
"date": "2022-04-25T08:53:18.000Z",
"tags": "tlp:pwhite",
"type": "misp",
"title": "TheHive Alert",
"source": "1311",
"sourceRef": "1330",
"description": "Security issue detected on server A2. Please check and take care.",
"additionalFields": {}
},
"credentials": {
"theHiveApi": {
"id": "1",
"name": "The Hive account"
}
},
"typeVersion": 1
},
{
"name": "TheHive Read Alerts",
"type": "n8n-nodes-base.theHive",
"position": [
500,
200
],
"parameters": {
"filters": {},
"options": {},
"operation": "getAll"
},
"credentials": {
"theHiveApi": {
"id": "1",
"name": "The Hive account"
}
},
"typeVersion": 1
},
{
"name": "IF",
"type": "n8n-nodes-base.if",
"position": [
280,
540
],
"parameters": {
"conditions": {
"boolean": [
{
"value1": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"object\"][\"stage\"]}}",
"value2": "=Closed",
"operation": "notEqual"
}
]
}
},
"typeVersion": 1
},
{
"name": "SIGNL4 Send Alert",
"type": "n8n-nodes-base.signl4",
"position": [
500,
520
],
"parameters": {
"message": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"details\"][\"description\"]}}",
"additionalFields": {
"title": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"details\"][\"title\"]}}",
"externalId": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"objectId\"]}}"
}
},
"credentials": {
"signl4Api": {
"id": "2",
"name": "SIGNL4 Webhook account"
}
},
"typeVersion": 1
},
{
"name": "TheHive Webhook Request",
"type": "n8n-nodes-base.webhook",
"position": [
80,
540
],
"webhookId": "22c76955-3f52-469e-a8ae-3f62e8e87ebe",
"parameters": {
"path": "22c76955-3f52-469e-a8ae-3f62e8e87ebe",
"options": {},
"httpMethod": "POST"
},
"typeVersion": 1
},
{
"name": "Start (Testing)",
"type": "n8n-nodes-base.manualTrigger",
"position": [
80,
200
],
"parameters": {},
"typeVersion": 1
},
{
"name": "SIGNL4 Resolve Alert",
"type": "n8n-nodes-base.signl4",
"position": [
500,
720
],
"parameters": {
"operation": "resolve",
"externalId": "={{$node[\"TheHive Webhook Request\"].json[\"body\"][\"objectId\"]}}"
},
"credentials": {
"signl4Api": {
"id": "2",
"name": "SIGNL4 Webhook account"
}
},
"typeVersion": 1
}
],
"active": false,
"settings": {},
"connections": {
"IF": {
"main": [
[
{
"node": "SIGNL4 Send Alert",
"type": "main",
"index": 0
}
],
[
{
"node": "SIGNL4 Resolve Alert",
"type": "main",
"index": 0
}
]
]
},
"Start (Testing)": {
"main": [
[
{
"node": "TheHive Create Alert",
"type": "main",
"index": 0
}
]
]
},
"TheHive Webhook Request": {
"main": [
[
{
"node": "IF",
"type": "main",
"index": 0
}
]
]
}
}
}功能特点
- 自动检测新邮件
- AI智能内容分析
- 自定义分类规则
- 批量处理能力
- 详细的处理日志
技术分析
节点类型及作用
- Thehive
- If
- Signl4
- Webhook
- Manualtrigger
复杂度评估
配置难度:
维护难度:
扩展性:
实施指南
前置条件
- 有效的Gmail账户
- n8n平台访问权限
- Google API凭证
- AI分类服务订阅
配置步骤
- 在n8n中导入工作流JSON文件
- 配置Gmail节点的认证信息
- 设置AI分类器的API密钥
- 自定义分类规则和标签映射
- 测试工作流执行
- 配置定时触发器(可选)
关键参数
| 参数名称 | 默认值 | 说明 |
|---|---|---|
| maxEmails | 50 | 单次处理的最大邮件数量 |
| confidenceThreshold | 0.8 | 分类置信度阈值 |
| autoLabel | true | 是否自动添加标签 |
最佳实践
优化建议
- 定期更新AI分类模型以提高准确性
- 根据邮件量调整处理批次大小
- 设置合理的分类置信度阈值
- 定期清理过期的分类规则
安全注意事项
- 妥善保管API密钥和认证信息
- 限制工作流的访问权限
- 定期审查处理日志
- 启用双因素认证保护Gmail账户
性能优化
- 使用增量处理减少重复工作
- 缓存频繁访问的数据
- 并行处理多个邮件分类任务
- 监控系统资源使用情况
故障排除
常见问题
邮件未被正确分类
检查AI分类器的置信度阈值设置,适当降低阈值或更新训练数据。
Gmail认证失败
确认Google API凭证有效且具有正确的权限范围,重新进行OAuth授权。
调试技巧
- 启用详细日志记录查看每个步骤的执行情况
- 使用测试邮件验证分类逻辑
- 检查网络连接和API服务状态
- 逐步执行工作流定位问题节点
错误处理
工作流包含以下错误处理机制:
- 网络超时自动重试(最多3次)
- API错误记录和告警
- 处理失败邮件的隔离机制
- 异常情况下的回滚操作