I have an idea, but I don’t know how to execute it.
I want to build an automation in n8n that does the following:
Receive a log from my SIEM,
analyze this log in a database I have,
use AI to compare this log with my database to check if something similar already exists,
if it is something dangerous, the workflow will have the autonomy to access FortiGate or Palo Alto and create security policies or add to an existing policy.
Is it possible? Sounds pretty possible. As to your next question “How do I do that then?” - it depends, there are too many pieces which most people here wouldn’t know.
How can you get your SIEM to send the log to n8n?
What is the database you have?
How big is that database?
Is there an API you can call to access FG or PA FWs?
Are you and your company ok with automation system using AI to create firewall security policies? Did you think of all the corner cases? What if somebody spoofs a packet to generate an event for 0.0.0.0 or something? Would that make anyone unhappy?
