Has anyone of you experience with the open source workflow tool n8n? And was also able to fetch incidents via the Director API and has built a n8n workflow which is also considering some error handling (token refresh, HTTP errors during polling etc.)?
I have built a PoC workflow which seem to work to fetch incidents, but it is in a very early stage. Maybe we (the community) can try to build a nice workflow which can be used by everyone here?
The workflow looks like this:
You have to replace “<LP-API-URL>”, "<YOUR SECRET>" and "<YOUR TOKEN>" befor importing it to n8n:
{
"name": "LP_RequestIncidents",
"nodes": [
{
"parameters": {},
"name": "Start",
"type": "n8n-nodes-base.start",
"typeVersion": 1,
"position": [
110,
-140
]
},
{
"parameters": {
"authentication": "headerAuth",
"url": "https://<LP-API-URL>/monitorapi/v1/director/poolinfo",
"allowUnauthorizedCerts": true,
"options": {
"fullResponse": true
}
},
"name": "LP_DirectorAPI_GetPoolInfo",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 1,
"position": [
560,
90
],
"credentials": {
"httpHeaderAuth": "LogPoint Director API"
}
},
{
"parameters": {
"authentication": "headerAuth",
"requestMethod": "POST",
"url": "=https://<LP-API-URL>/configapi/{{$node[\"ForEach Machine ID\"].json[\"pool_uuid\"]}}/{{$node[\"ForEach Machine ID\"].json[\"machine_uuid\"]}}/Incidents/fetch",
"allowUnauthorizedCerts": true,
"jsonParameters": true,
"options": {
"bodyContentType": "json"
},
"bodyParametersJson": "={\n \"data\": {\n \"status\": [\n \"unresolved\"\n ],\n \"type\": [\n \"alert\"\n ],\n \"start_date\": {{parseInt(new Date().getTime() / 1000) - 30 * 24 * 60 * 60}},\n \"end_date\": {{parseInt(new Date().getTime() / 1000)}}\n }\n}"
},
"name": "LP_DirectorAPI_FetchIncidents",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 1,
"position": [
1080,
340
],
"credentials": {
"httpHeaderAuth": "LogPoint Director API"
}
},
{
"parameters": {
"interval": 30
},
"name": "30s Interval",
"type": "n8n-nodes-base.interval",
"typeVersion": 1,
"position": [
110,
360
]
},
{
"parameters": {
"functionCode": "incidentMachines = [];\nitems.forEach(function(item) {\n pool = item.json;\n if (pool['active'] == true) {\n poolMachines = pool['machines'];\n // if pool only has one machine, this is the search head and backend:\n if (poolMachines.length == 1) {\n machine = poolMachines[0];\n incidentMachines.push({'pool_name': pool['name'], 'pool_uuid': pool['pool_uuid'], 'machine_name': machine['name'], 'machine_uuid': machine['identifier']});\n } else { // go through all machines and check some naming conventions to differ DLP and collectors:\n poolMachines.forEach(function(machine) {\n if ((!machine['name'].includes('col')) && (machine['name'].includes('backend') || machine['name'].includes('be') || machine['name'].includes('siem') || machine['name'].includes('search') || machine['name'].includes('sh'))) {\n incidentMachines.push({'pool_name': pool['name'], 'pool_uuid': pool['pool_uuid'], 'machine_name': machine['name'], 'machine_uuid': machine['identifier']});\n }\n });\n }\n }\n});\n\n// this is important to return single items!!\nreturn incidentMachines.map((item) => {\n return { json: item};\n});\n\n"
},
"name": "Evaluate PoolInfo",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
640,
340
]
},
{
"parameters": {
"functionCode": "return item;"
},
"name": "ForEach Machine ID",
"type": "n8n-nodes-base.functionItem",
"typeVersion": 1,
"position": [
860,
340
]
},
{
"parameters": {
"triggerTimes": {
"item": [
{
"mode": "everyHour"
}
]
}
},
"name": "Cron",
"type": "n8n-nodes-base.cron",
"typeVersion": 1,
"position": [
110,
90
]
},
{
"parameters": {
"mode": "passThrough"
},
"name": "Cache Pools and Machines",
"type": "n8n-nodes-base.merge",
"typeVersion": 1,
"position": [
430,
340
]
},
{
"parameters": {
"authentication": "headerAuth",
"url": "=https://<LP-API-URL>/{{$node[\"LP_DirectorAPI_FetchIncidents\"].json[\"message\"]}}",
"allowUnauthorizedCerts": true,
"options": {}
},
"name": "LP_DirectorAPI_FetchIncidentsMonitoring",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 1,
"position": [
1310,
340
],
"credentials": {
"httpHeaderAuth": "LogPoint Director API"
}
},
{
"parameters": {
"value1": "={{$json[\"statusCode\"]}}",
"rules": {
"rules": [
{
"operation": "equal",
"value2": 200,
"output": 3
}
]
},
"fallbackOutput": 0
},
"name": "Switch",
"type": "n8n-nodes-base.switch",
"typeVersion": 1,
"position": [
760,
90
]
},
{
"parameters": {
"conditions": {
"string": [
{
"value1": "={{$json[\"statusMessage\"]}}",
"operation": "contains",
"value2": "Expired token"
}
]
}
},
"name": "IF",
"type": "n8n-nodes-base.if",
"typeVersion": 1,
"position": [
1220,
-110
]
},
{
"parameters": {
"functionCode": "console.log(items);\n\n// this is important to return single items!!\nreturn items[0].json['body'].map((item) => {\n return { json: item};\n});\n"
},
"name": "Return HTTP Body",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
980,
120
]
},
{
"parameters": {
"authentication": "headerAuth",
"requestMethod": "POST",
"url": "=https://<LP-API-URL>/configapi/RefreshToken",
"allowUnauthorizedCerts": true,
"jsonParameters": true,
"options": {},
"bodyParametersJson": "={\"secretKey\": \"{{$node[\"Set API Creds\"].parameter[\"values\"][\"string\"][0][\"value\"]}}\"}"
},
"name": "LP_DirectorAPI_RefreshToken",
"type": "n8n-nodes-base.httpRequest",
"typeVersion": 1,
"position": [
1510,
-130
],
"credentials": {
"httpHeaderAuth": "LogPoint Director API"
}
},
{
"parameters": {
"values": {
"string": [
{
"name": "api.secretKey",
"value": "<YOUR SECRET>"
},
{
"name": "api.token",
"value": "<YOUR TOKEN>"
}
]
},
"options": {
"dotNotation": true
}
},
"name": "Set API Creds",
"type": "n8n-nodes-base.set",
"typeVersion": 1,
"position": [
310,
90
]
},
{
"parameters": {
"functionCode": "console.log(items);\n\nreturn items;"
},
"name": "Update API Token",
"type": "n8n-nodes-base.function",
"typeVersion": 1,
"position": [
1750,
-130
]
},
{
"parameters": {},
"name": "NoOp",
"type": "n8n-nodes-base.noOp",
"typeVersion": 1,
"position": [
1550,
80
]
},
{
"parameters": {
"functionCode": "return item;\n"
},
"name": "ForEach Monitoring URL",
"type": "n8n-nodes-base.functionItem",
"typeVersion": 1,
"position": [
1510,
340
]
},
{
"parameters": {
"dataType": "boolean",
"value1": "={{$json[\"request\"][\"in_progress\"]}}",
"rules": {
"rules": [
{
"value2": true
}
]
},
"fallbackOutput": 3
},
"name": "Switch1",
"type": "n8n-nodes-base.switch",
"typeVersion": 1,
"position": [
1680,
200
]
},
{
"parameters": {
"functionCode": "\nconsole.log(item);\n\nreturn item;"
},
"name": "FunctionItem",
"type": "n8n-nodes-base.functionItem",
"typeVersion": 1,
"position": [
1930,
230
]
}
],
"connections": {
"LP_DirectorAPI_GetPoolInfo": {
"main": [
[
{
"node": "Switch",
"type": "main",
"index": 0
}
]
]
},
"30s Interval": {
"main": [
[
{
"node": "Cache Pools and Machines",
"type": "main",
"index": 1
},
{
"node": "Set API Creds",
"type": "main",
"index": 0
}
]
]
},
"Evaluate PoolInfo": {
"main": [
[
{
"node": "ForEach Machine ID",
"type": "main",
"index": 0
}
]
]
},
"ForEach Machine ID": {
"main": [
[
{
"node": "LP_DirectorAPI_FetchIncidents",
"type": "main",
"index": 0
}
]
]
},
"Cache Pools and Machines": {
"main": [
[
{
"node": "Evaluate PoolInfo",
"type": "main",
"index": 0
}
]
]
},
"LP_DirectorAPI_FetchIncidents": {
"main": [
[
{
"node": "LP_DirectorAPI_FetchIncidentsMonitoring",
"type": "main",
"index": 0
}
]
]
},
"LP_DirectorAPI_FetchIncidentsMonitoring": {
"main": [
[
{
"node": "ForEach Monitoring URL",
"type": "main",
"index": 0
}
]
]
},
"Switch": {
"main": [
[
{
"node": "IF",
"type": "main",
"index": 0
}
],
[],
[],
[
{
"node": "Return HTTP Body",
"type": "main",
"index": 0
}
]
]
},
"Return HTTP Body": {
"main": [
[
{
"node": "Cache Pools and Machines",
"type": "main",
"index": 0
}
]
]
},
"IF": {
"main": [
[
{
"node": "LP_DirectorAPI_RefreshToken",
"type": "main",
"index": 0
}
],
[
{
"node": "NoOp",
"type": "main",
"index": 0
}
]
]
},
"Set API Creds": {
"main": [
[
{
"node": "LP_DirectorAPI_GetPoolInfo",
"type": "main",
"index": 0
}
]
]
},
"LP_DirectorAPI_RefreshToken": {
"main": [
[
{
"node": "Update API Token",
"type": "main",
"index": 0
}
]
]
},
"Update API Token": {
"main": [
[
{
"node": "LP_DirectorAPI_GetPoolInfo",
"type": "main",
"index": 0
}
]
]
},
"ForEach Monitoring URL": {
"main": [
[
{
"node": "Switch1",
"type": "main",
"index": 0
}
]
]
},
"Switch1": {
"main": [
[
{
"node": "LP_DirectorAPI_FetchIncidentsMonitoring",
"type": "main",
"index": 0
}
],
[],
[],
[
{
"node": "FunctionItem",
"type": "main",
"index": 0
}
]
]
}
},
"active": true,
"settings": {},
"id": "1"
}
Best answer by markus.nebel@8com.de
View original