Data Processing & Analysis
Suspicious_login_detection
Suspicious_login_detection
Manual
High
43
Nodes
Manual
Trigger
High
Complexity
7/22/2025
Added
Workflow Overview
Total Nodes
43
Node Types
14
Node Types
gmail
Inform user
1 node
if
noise?, Unknown threat?, New location?, New Device/Browser?, User has email?, riot?
6 nodes
set
Extract relevant data, π΄ Priority: HIGH, π‘ Priority: MEDIUM, π’ Priority: LOW
4 nodes
webhook
New /login event
1 node
postgres
Get last 10 logins from the same user, Query user by ID
2 nodes
http Request
Query IP API1, Parse User Agent, GreyNoise, IP API, UserParser
5 nodes
merge
Merge, Complete login info
2 nodes
no Op
New Location, New Device/Browser, Known, Do Nothing, Known Location, Old Device/Browser, Not Riot
6 nodes
html
HTML
1 node
slack
Slack
1 node
switch
Check trust level, Check classification
2 nodes
sticky Note
Sticky Note2, Sticky Note3, Sticky Note4, Sticky Note5, Sticky Note9, Sticky Note10, Sticky Note7, Sticky Note11, Sticky Note12, Sticky Note13
10 nodes
manual Trigger
When clicking "Execute Workflow"
1 node
code
Example event
1 node
Workflow JSON
44.94 KB
{
"id": "xQHiKDTkezDY5lFu",
"meta": {
"instanceId": "03e9d14e9196363fe7191ce21dc0bb17387a6e755dcc9acc4f5904752919dca8"
},
"name": "Suspicious_login_detection",
"tags": [
{
"id": "GCHVocImoXoEVnzP",
"name": "π οΈ In progress",
"createdAt": "2023-10-31T02:17:21.618Z",
"updatedAt": "2023-10-31T02:17:21.618Z"
},
{
"id": "QPJKatvLSxxtrE8U",
"name": "Secops",
"createdAt": "2023-10-31T02:15:11.396Z",
"updatedAt": "2023-10-31T02:15:11.396Z"
},
{
"id": "hF4M6DtfFqOn2HK2",
"name": "createdBy:Milorad",
"createdAt": "2023-10-31T02:20:20.366Z",
"updatedAt": "2023-10-31T02:20:20.366Z"
}
],
"nodes": [
{
"id": "a95e464a-7451-4737-9db8-993a6568595b",
"name": "Extract relevant data",
"type": "n8n-nodes-base.set",
"position": [
-260,
700
],
"parameters": {
"values": {
"string": [
{
"name": "ip",...Showing first 1000 characters. Click "Expand" to view the full JSON.