Hello. I am trying to use the n8n tool for the following.
Filter occurrences of the same data in TheHive alerts. Example of outputs:
8 items with the alertid field
If the data is found more than 5 times then it goes to the next node
A case is created in TheHive to investigate manually, for which I have activated “execute once” because if not, they will create n cases depending on the number of items I have found:
1 item with caseid
A merge should be made of all the alerts found in the case, but when you want to do that it only takes the alertid of the first case and does not iterate over the other items. It is also necessary to put the caseid on it
I would like it to be able to iterate the merge node for n alertid in the same caseid
Glossary:
-Web platform that centralizes incident management and collaboration of security teams.
Ensure to copy your n8n workflow and paste it in the code block, that is in between the pairs of triple backticks, which also could be achieved by clicking </> (preformatted text) in the editor and pasting in your workflow.
```
<your workflow>
```
That implies to any JSON output you would like to share with us.
Make sure that you have removed any sensitive information from your workflow and include dummy or pinned data with it!
Judging by the screenshot you are using the older version of TheHive node, which does not seem to have an option to merge (?). Have you tried TheHive 5 node instead?
Do note that it appears you can merge only one alert at a time. That means you need to iterate over all the alerts you want to merge into the case. For that to happen automatically the alerts should be in the set of items, for example,