N8n not looping through items automatically

Hello. I am trying to use the n8n tool for the following.

  1. Filter occurrences of the same data in TheHive alerts. Example of outputs:
    8 items with the alertid field
  2. If the data is found more than 5 times then it goes to the next node
  3. A case is created in TheHive to investigate manually, for which I have activated “execute once” because if not, they will create n cases depending on the number of items I have found:
    1 item with caseid
  4. A merge should be made of all the alerts found in the case, but when you want to do that it only takes the alertid of the first case and does not iterate over the other items. It is also necessary to put the caseid on it

I would like it to be able to iterate the merge node for n alertid in the same caseid

Glossary:
-Web platform that centralizes incident management and collaboration of security teams.

Information on your n8n setup

  • n8n version: 1.61.0
  • *Database: default
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via: Docker
  • Operating system: Linux Ubuntu

It looks like your topic is missing some important information. Could you provide the following if applicable.

  • n8n version:
  • Database (default: SQLite):
  • n8n EXECUTIONS_PROCESS setting (default: own, main):
  • Running n8n via (Docker, npm, n8n cloud, desktop app):
  • Operating system:

n8n EXECUTIONS_PROCESS setting: own

Welcome to the community @Julian_Chan !

Tip for sharing information

Pasting your n8n workflow


Ensure to copy your n8n workflow and paste it in the code block, that is in between the pairs of triple backticks, which also could be achieved by clicking </> (preformatted text) in the editor and pasting in your workflow.

```
<your workflow>
```

That implies to any JSON output you would like to share with us.

Make sure that you have removed any sensitive information from your workflow and include dummy or pinned data with it!


Judging by the screenshot you are using the older version of TheHive node, which does not seem to have an option to merge (?). Have you tried TheHive 5 node instead?

Do note that it appears you can merge only one alert at a time. That means you need to iterate over all the alerts you want to merge into the case. For that to happen automatically the alerts should be in the set of items, for example,

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.