This n8n workflow automates CVE tracking by retrieving vulnerability details from the NVD API π‘οΈ, organizing and updating the data in Google Sheets π, and optionally alerting teams via Slack or Email π©π¬.
Who is this for?
This workflow is ideal for:
- Security operations (SecOps) teams π§βπ»
- DevSecOps engineers π οΈ
- IT compliance officers π§Ύ
- Vulnerability management analysts π΅οΈ
- Sysadmins or cloud engineers in regulated industries π’
What problem does this workflow solve?
Manually checking for the latest CVE information is inefficient and error-prone. This automation:
- Monitors NVD for CVE entries based on product or keyword filters π
- Tracks new vulnerabilities and changes to existing ones β±οΈ
- Logs all CVE data in a structured Google Sheet for ongoing review and audit π§Ύ
- Can trigger alerts or actions for high-severity CVEs π¨
What this workflow does
This workflow builds an automated CVE monitoring system that:
- Queries the NVD API for vulnerability data matching keywords (e.g. “Apache”, “Log4j”) π‘
- Extracts relevant fields: CVE ID, description, severity (CVSS scores), published/modified dates, and affected products ποΈ
- Saves or updates the information in Google Sheets π
- Optionally filters for critical severity (e.g., CVSS > 8.0) and sends Slack alerts or emails π¬
- Supports historical tracking and change detection over time π
Includes a Google Sheets template for tracking:
- CVE IDs and metadata
- Severity levels and scores
- Product/component tags
- Resolution/patch status tracking
Setup
Prerequisites
You’ll need:
- An n8n instance (cloud or self-hosted) βοΈ
- A Google account + Google Sheets API credentials π
- (Optional) Slack webhook URL or email setup for notifications π¬
Step 1: Configure API Inputs
Open the π§ Configuration node and provide:
- NVD API parameters (keyword filters, date ranges, etc.)
- Google Sheet ID and tab name for output
- Slack webhook URL (optional)
Step 2: Set Filters & Preferences
Define:
- Target keywords or CPE filters (e.g. βCisco ASAβ, βWindows 10β) π§©
- CVSS threshold for high/critical alerts ποΈ
- Update frequency (manual trigger, scheduled cron, webhook, etc.) π
Step 3: Connect to Google Sheets
- Update Sheet node with your destination Sheet ID
- Ensure columns like
CVE ID,Description,Severity,Last Updatedexist
Step 4: Enable Alerts (Optional)
- Set up Slack node with your webhook URL or connect SMTP/Email node
- Format alert message with key CVE data
Step 5: Activate and Run
- Save and activate the workflow π
- Run manually or schedule it to run periodically (e.g., every 6 hours) β±οΈ
Customization Tips
- Add deduplication logic to avoid reprocessing the same CVEs β»οΈ
- Use filters to monitor only critical CVEs or specific vendors/vendors π
- Extend with GitHub Security Advisories or Exploit DB integration π§©
- Track remediation status and link to patch notes or fixes π©Ή
Troubleshooting
Common Issues
- Empty results from NVD: Check if your keywords are too narrow or if NVD API rate limits apply π
- Google Sheets error: Ensure the Sheet ID and tab names are correct and accessible π
- Alerts not sending: Check Slack webhook or email configurations π§
Getting Help
- Read inline comments in n8n π
- Visit the n8n Docs π
- Contact template creator: dimejicole21@gmailcom
This template was created by David Olusola. π‘οΈ
