Connecting LiteSOC to n8n
n8n is a powerful workflow automation tool that integrates seamlessly with LiteSOC. This guide shows you how to connect your LiteSOC account to n8n and create automated security workflows.
What You Can Do
With the LiteSOC + n8n integration, you can:
- 🚨 Get real-time alerts for high-severity events
- 📊 Send security metrics to Slack, Discord, or email
- 🔄 Trigger automated responses to security threats
- 📝 Create tickets in Jira, Linear, or GitHub Issues
- 📧 Send daily/weekly security digests
Prerequisites
Before starting, ensure you have:
- A LiteSOC account with events flowing
- An n8n instance (cloud or self-hosted)
- Your LiteSOC API key
Step 1: Install the LiteSOC Node
For n8n Cloud
- Log in to your n8n Cloud workspace
- The LiteSOC node should be available in the node library
- Search for "LiteSOC" when adding a new node
For Self-Hosted n8n
Install the community node:
# Navigate to your n8n installation directory
cd ~/.n8n
# Install the LiteSOC node
npm install n8n-nodes-litesoc
Then restart your n8n instance.
Step 2: Create LiteSOC Credentials
- In n8n, go to Settings → Credentials
- Click Add Credential
- Search for and select LiteSOC API
- Enter your credentials:
| Field | Value |
|---|---|
| API Key | Your LiteSOC API key (lsk_live_...) |
| Base URL | https://api.litesoc.io (default) |
- Click Save
Step 3: Create Your First Workflow
Example: Alert on High Severity Events
This workflow sends a Slack message whenever LiteSOC detects a high-severity event.
Step-by-Step Setup
1. Add the LiteSOC Trigger Node
- Add a new node and search for "LiteSOC"
- Select LiteSOC Trigger
- Configure:
- Credential: Select your LiteSOC credentials
- Events: Select "All Events" or specific event types
- Copy the Webhook URL displayed
2. Configure the Webhook in LiteSOC
- Go to your LiteSOC Dashboard
- Navigate to Settings → Webhooks
- Click Add Webhook
- Paste the n8n Webhook URL
- Select the events you want to receive
- Click Save
3. Add a Filter Node
- Add an IF node after the LiteSOC Trigger
- Set the condition:
- Field:
{{ $json.severity }} - Operator: equals
- Value:
criticalorhigh
- Field:
4. Add a Slack Node
- Add a Slack node to the "true" branch
- Configure:
- Resource: Message
- Channel: #security-alerts
- Message:
🚨 *Security Alert*
*Event:* {{ $json.event_type }}
*Severity:* {{ $json.severity }}
*Actor:* {{ $json.actor.email || $json.actor.id }}
*IP:* {{ $json.ip_address }}
*Location:* {{ $json.geolocation.city }}, {{ $json.geolocation.country }}
<{{ $json.dashboard_url }}|View in LiteSOC>
5. Activate the Workflow
Click the Activate toggle to enable real-time processing.
Common Workflow Examples
Daily Security Digest
Send a daily summary of security events to email:
Schedule ──► LiteSOC (Get Events, last 24h) ──► Summary ──► Email
Auto-Block Suspicious IPs
Automatically add IPs to a blocklist when brute force is detected:
LiteSOC Trigger ──► Filter (brute_force) ──► HTTP Request (Firewall API)
Create Jira Ticket for Incidents
Create a ticket for manual review on critical events:
LiteSOC Trigger ──► Filter (critical) ──► Jira (Create Issue)
Available LiteSOC Node Operations
Trigger Node
- On Event: Triggered when LiteSOC sends a webhook
Regular Node
- Get Events: Retrieve events with filters
- Get Event: Get a specific event by ID
- Get Alerts: Retrieve detection alerts
- Get Actor: Get events for a specific actor
Webhook Payload Structure
When LiteSOC sends an event to n8n, it includes:
{
"id": "evt_abc123",
"event_type": "auth.login.failure",
"severity": "high",
"actor": {
"id": "user-123",
"email": "user@example.com"
},
"ip_address": "203.0.113.42",
"geolocation": {
"country": "Unknown",
"city": "Unknown",
"is_vpn": true
},
"created_at": "2026-03-01T12:00:00Z",
"dashboard_url": "https://litesoc.io/dashboard/events/evt_abc123"
}
Troubleshooting
Webhook Not Receiving Events
- Verify the webhook URL is correct in LiteSOC
- Check if the workflow is activated
- Ensure n8n is accessible from the internet (for self-hosted)
- Review n8n execution logs for errors
Authentication Errors
- Verify your API key is valid
- Check if the API key has the required permissions
- Regenerate the API key if issues persist
Need help? Check our n8n documentation or contact support.