# LiteSOC — n8n Integration

> Build powerful no-code security automation workflows with the official LiteSOC n8n community node.

- **Docs:** https://litesoc.io/docs/integrations/n8n
- **Package:** `n8n-nodes-litesoc`
- **Install:** In n8n → Settings → Community Nodes → Install → `n8n-nodes-litesoc`

## Overview

The LiteSOC n8n community node exposes two components:

| Component | Type | Description |
|---|---|---|
| LiteSOC Trigger | Trigger | Fires when a security event or alert matches your filter |
| LiteSOC Action | Action | Query events, list alerts, and update alert status |

## LiteSOC Trigger

React to security events in real-time and chain them to 100+ n8n integrations (Slack, Jira, PagerDuty, email, etc.).

**Supported trigger events:**
- Any security event ingested via the Collect API
- New alert created (brute force, impossible travel, geo anomaly, etc.)
- Alert status changed (resolved, dismissed)
- High/critical severity threshold exceeded

## LiteSOC Action

Query and manage your LiteSOC data from within any workflow.

**Available actions:**
- `Get Events` — list recent security events with filters (event name, actor, severity)
- `Get Alerts` — list open/acknowledged alerts
- `Get Alert` — full forensic detail for a single alert
- `Resolve Alert` — mark an alert as resolved with audit notes
- `Mark Alert Safe` — dismiss a false positive

## Authentication

The node authenticates with a **LiteSOC API Key** stored as an n8n credential.

1. In n8n, go to **Credentials** → **New** → search **LiteSOC API**
2. Paste your key from https://litesoc.io/dashboard/settings
3. Click **Save** — all LiteSOC nodes in your workspace share this credential

## Example Workflow: Slack Alert on Brute Force

```
LiteSOC Trigger (brute_force_attack) → Format message → Slack: Post to #security-alerts
```

## Requirements

- n8n v1.0+ (self-hosted or n8n Cloud)
- LiteSOC Pro or Enterprise plan for alert access
- Node.js ≥18 on your n8n instance