Looping Through API Data Without Duplicate Alerts in n8n

Questions
,
1

Hello everyone! I’m new to n8n and currently working on a notification system to monitor and alert me when a DDoS attack is detected on my Server. I’m pulling data from an API and i want to send a Telegram notification only if an attack’s “status” is marked as “start” or “ongoing.” The workflow currently runs every minute, but I want to avoid spamming Telegram with repeated alerts if the attack is still active. I am having trouble to iterate/loop over the json.

Ideally, I’d like the system to notify me when an attack starts, update me only if it changes state (e.g., when it ends), and avoid repeating alerts for ongoing attacks that already have been send over Telegram. Is there a way to manage this data within n8n to track already-notified attacks, or would I need to set up a MySQL database to keep track of them and prevent duplicate messages?

Here’s an example of the JSON data I’m working with:

{
	"data": {
		"attacks": [
			{
				"attack_id": "c4b625692e64bc3e40cfc941407914d9bc2a50d8",
				"description": "UDP Flood to service dsm-scm-target(9987/UDP)",
				"duration": 240,
				"volume": 10761,
				"event_time": "2024-10-26 09:47:00",
				"mbps": 616,
				"pps": 511535,
				"start_time": "2024-10-26 09:43:00",
				"status": "ongoing",
				"dest": "45.140.188.71/32"
			},
			{
				"attack_id": "3c2f643bf26c9cd3fa21de8d9a866ba131efe12d",
				"description": "IP Flood; UDP Flood",
				"duration": 60,
				"volume": 10912,
				"event_time": "2024-10-26 06:46:00",
				"mbps": 1455,
				"pps": 177000,
				"start_time": "2024-10-26 06:45:00",
				"status": "end",
				"dest": "45.140.188.71/32"
			},
			{
				"attack_id": "de7fbed2da2e68d4ac8740bd5d31ef1de5f52a9e",
				"description": "All Flood; TCP Flood; TCP Flood to service (30033/TCP); UDP Flood to service dsm-scm-target(9987/UDP); Fragmented UDP Flood",
				"duration": 240,
				"volume": 27471,
				"event_time": "2024-10-26 05:11:00",
				"mbps": 2323,
				"pps": 271489,
				"start_time": "2024-10-26 05:07:00",
				"status": "end",
				"dest": "45.140.188.71/32"
			},
			{
				"attack_id": "259e4d67c212805b9383efa8f47767e025159e8d",
				"description": "Fragmented UDP Reflection from DNS(53/UDP) to service DNS(53/UDP); UDP Flood to service dsm-scm-target(9987/UDP)",
				"duration": 180,
				"volume": 22275,
				"event_time": "2024-10-26 05:00:00",
				"mbps": 2474,
				"pps": 236769,
				"start_time": "2024-10-26 04:57:00",
				"status": "end",
				"dest": "45.140.188.71/32"
			}
		]
	},
	"success": true
}
2

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:
3

Hey @3rKaN_BRATTE , using an external data storage is an option too be it MySQL or a simple Google Spreadsheet, for example. However, if the data to store is small, you can utilize static data instead keeping it within n8n workspace itself. In you case, the data would likely consist of the alert id as the static variable name and its status as the value.