LiteSOC | Security Observability for Startups

Installation

Get started in minutes

n8n Cloud

Coming Soon

The native LiteSOC node is pre-installed on n8n Cloud

# No installation needed!
# Search for "LiteSOC" in the n8n nodes library
# The native node is pre-installed on n8n Cloud

Simply search for "LiteSOC" in the nodes library when building your workflow.

Self-Hosted

Install the community node for self-hosted n8n instances

npm install n8n-nodes-litesoc

Run this in your n8n installation directory, then restart n8n.

Configure Credentials

Add your LiteSOC API key to connect the node

1Open Credentials in your n8n workspace
2Click Add Credential and search for "LiteSOC"
3Paste your API key from the LiteSOC Dashboard

{
  "apiKey": "lsoc_your_api_key_here"
}

Available Actions

What you can do with the LiteSOC node

Action	Description	Plan
Track Event	Send security events to LiteSOC for analysis	All Plans
Get Event	Retrieve a specific event by ID (retention & redaction apply)	All Plans
Get Many Events	Fetch all events within your retention window (100/req max)	All Plans

Retention-Based Access for Events

Get Event by ID:

Retention: Events older than your retention period return 403
Free Tier Redaction: Network intelligence (VPN/Tor/proxy) and precise geolocation are removed

Get Many Events:

All Plans: Full access to events within your retention window (Free: 7 days, Pro: 30 days, Enterprise: 90 days)
Max 100 per request: Use pagination (limit/offset) for larger datasets
Free Tier: Forensics fields are redacted (NULLified)

Get Events Example

curl -X GET "https://api.litesoc.io/v1/events?limit=50&event_name=auth.login_failed" \
  -H "x-api-key: lsoc_your_api_key_here"

Workflow Examples

Real-world automation scenarios

Critical Alert NotificationsPro+

4 nodes

LiteSOC TriggerOn New Alert

IFseverity = critical

SetFormat Message

TelegramSend Message

Get instant alerts on Telegram when critical security events occur. Triggers on new alerts, filters by severity, and sends formatted messages.

Auto-Block Malicious IPsEnterprise

5 nodes

LiteSOC Triggerbrute_force_attack

SetExtract IP

CloudflareCreate WAF Rule

LiteSOCLog Action

SlackNotify Team

Automatically block IPs in Cloudflare WAF when brute force attacks are detected, then notify your team via Slack.

Weekly Security ReportsPro+

5 nodes

ScheduleMon 9:00 AM

LiteSOCEvents (30-day)

AggregateGroup by Type

Google SheetsAppend Rows

GmailSend Summary

Every Monday at 9 AM, fetch last week's events, aggregate by type, and sync to Google Sheets with an email summary.

Response Headers

Custom headers in every API response

Header	Description	Example
X-LiteSOC-Plan	Your current subscription tier	pro
X-LiteSOC-Retention	Data retention window for your plan	30 days
X-RateLimit-Limit	Maximum requests per minute	100
Retry-After	Seconds to wait if rate limited (429)	60

Rate Limits

Management API limits by plan

Plan	Rate Limit	Data Retention	Events Access	Alerts Access
Free	60 req/min	7 days	100/req (redacted)	Blocked
Pro	100 req/min	30 days	100/req (full)	Full Access
Enterprise	500 req/min	90 days	100/req (full)	Full Access

Troubleshooting

Common errors and solutions

Ready to Automate?

Connect LiteSOC to 400+ apps and build powerful security workflows without writing code.

Turn Alerts into Actions

Installation

Available Actions

Retention-Based Access for Events

Get Events Example

Workflow Examples

Response Headers

Rate Limits

Troubleshooting

NodeApiError: "Upgrade to Pro to access Alerts API"

NodeApiError: "Rate limit exceeded"

Events/Alerts not showing (retention period)

"This event has expired" (403 RETENTION_EXPIRED)

Event data shows "_redacted: true"

NodeApiError: "Unauthorized" or "Invalid API key"

"Forensics data is redacted" or "Event expired"

Ready to Automate?