Malicious File Detection & Response: Wazuh to VirusTotal with Slack Alerts
Malicious File Detection & Threat Summary Automation using Wazuh + VirusTotal + n8n
This workflow helps SOC teams automate the detection and reporting of potentially malicious files using Wazuh alerts, VirusTotal hash validation, and integrated summary/report generation. It's ideal for analysts who want instant context and communication for file-based threats — without writing a single line of code.
What It Does
When Wazuh detects a suspicious file:
Ingests Wazuh Alert**
A webhook node captures incoming alerts containing file hashes (SHA256/MD5).
Parses IOCs**
Extracts relevant indicators (file hash, filename, etc.).
Validates with VirusTotal**
Automatically checks the file hash reputation using VirusTotal's threat intelligence API.
Generates Human-Readable Summary**
Outputs a structured file report.
Routes Alerts Based on Threat Level**
Sends a formatted email with the file summary using Gmail.
If the file is deemed malicious/suspicious:
Creates a file-related incident ticket.
Sends an instant Slack alert to notify the team.
Tech Stack Used
Wazuh** – For endpoint alerting
VirusTotal API** – For real-time hash validation
n8n** – To orchestrate, parse, enrich, and communicate
Slack, Gmail, Incident Tool** – To notify and take action
Ideal Use Case
This template is designed for security teams looking to automate file threat triage, IOC validation, and alert-to-ticket escalation, with zero human delay.
Included Nodes
Webhook** (Wazuh) Function** (IOC extraction and summary) HTTP Request** (VirusTotal) If / Switch** (threat level check) Gmail, **Slack, Incident Creation
Tips
Make sure to add your VirusTotal API key in the HTTP node.
Customize the incident creation node to fit your ticketing platform (Jira, ServiceNow, etc.).
Add logic to enrich the file alert further using WHOIS or sandbox reports if needed.
Related Templates
AI Email Classifier & Auto-Delete for Gmail (SPAM/OFFER Cleaner)
This workflow is designed for freelancers, solopreneurs, and business owners who receive a high volume of irrelevant mes...
Generate Food Recipes from Gmail & Form Requests with Ollama & Llama 3.2
This n8n template demonstrates how to create an intelligent food recipe assistant that accepts requests via Gmail and we...
Automatic News Summarization & Email Digest with GPT-4, NewsAPI and Gmail
📰 AI News Digest Agent: Auto News Summarizer & Email Newsletter Create an intelligent news curation system that automat...
🔒 Please log in to import templates to n8n and favorite templates
Workflow Visualization
Loading...
Preparing workflow renderer
Comments (0)
Login to post comments