I’m trying to set up an automated daily security report workflow using N8N, Wazuh, and QuickChart, and I’d love some guidance on the best way to design this.
My goal:
-
Every day at 9AM, generate a report with multiple visualizations (charts) from Wazuh security data.
-
The charts are based on past data, not real-time alerts.
-
Example visualizations include:
-
Top 10 failed logins by source IP
-
Syscheck modifications by agent
-
Firewall events by rule/action
-
(etc., I can provide the DQL queries or dashboard definitions)
-
What I have so far:
-
Wazuh + Elasticsearch data (DQL queries available).
-
A working Python script that can take JSON data and generate charts via QuickChart API.
-
N8N up and running with webhook + email/PDF nodes.
What I want help with:
-
Best way to schedule this job in N8N so it runs daily at 9AM.
-
How to structure the workflow:
-
Should I run the queries inside N8N (via HTTP requests to Wazuh/Elasticsearch API)?
-
Or should I keep the Python script external (fetch data + build charts + push results into N8N webhook)?
-
-
Once the charts are generated, what’s the recommended way to:
-
Collect multiple charts + captions,
-
Insert them into a single PDF/Email report,
-
And send it to my team.
-
Basically, I’m torn between doing most of the logic inside N8N (HTTP requests + QuickChart node) vs. keeping it in Python and only using N8N to orchestrate and send the report.
Any examples, best practices, or suggested workflow structures would be greatly appreciated! 