Intermediate Pro

Wazuh + n8n: Automated File Hash Enrichment

Enrich Wazuh file-integrity alerts with VirusTotal file-hash lookups, generate a human-friendly report, and escalate suspicious files to ServiceNow + Slack.

Self-Paced by Rajneesh Gupta

Overview

Wazuh → n8n File Hash Enrichment

Receive Wazuh syscheck (file-integrity) alerts → extract hash (sha256/md5/sha1) → query VirusTotal → build summary with detection stats and metadata → render HTML report → if Suspicious → create ServiceNow incident + post to Slack; else archive/email.

Primary nodes:

  • Webhook (Wazuh → n8n)
  • Code (Extract IOCs)
  • HTTP Request (VirusTotal lookup)
  • Code (Generate summary / scoring)
  • HTML (Report)
  • Switch (route)
  • ServiceNow, Slack, Gmail (outputs)

What You'll Learn

  • Receive Wazuh syscheck alerts in n8n via a secure webhook

    Learn to trigger workflows whenever Wazuh detects a new or modified file.

  • Extract file-hash IOCs (MD5/SHA1/SHA256) and metadata

    Parse Wazuh alerts to capture file hashes and related context for enrichment.

  • Query VirusTotal for file-hash reputation

    Use n8n to call VirusTotal APIs and gracefully handle missing or failed lookups.

  • Normalize VirusTotal results into a compact summary

    Convert raw API responses into a structured summary and render a clean HTML report.

  • Route suspicious files to ServiceNow, Slack, and SOC email

    Automate incident creation and alerting to your SOC team when a file looks malicious.

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Apache Server Log Analysis using Splunk
Pro Intermediate

Apache Server Log Analysis using Splunk

Detecting Brute Force, SQL Injection, XSS, and Suspicious Web Activity from Apache Access Logs with Splunk SIEM

Practical AWS Cloud Security Posture Assessment Using Scout Suite
Free Beginner

Practical AWS Cloud Security Posture Assessment Using Scout Suite

Identify real-world AWS attack surfaces through visual security posture analysis.

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.