Project Description

n8n DevRel build · security automation

When a security alert fires, every second counts. SOC analysts burn precious minutes — sometimes hours — manually researching threat context, cross-referencing MITRE ATT&CK techniques, and writing it all up. I built a system that compresses that into seconds.

It embeds the entire MITRE ATT&CK framework — tactics, techniques, sub-techniques, mitigations — into a Qdrant vector database. Incoming SIEM alerts are matched against that knowledge base by an AI agent, which enriches the Zendesk ticket with the relevant threat intel and hands the analyst instant, contextual guidance.

The impact is the kind of force multiplier that lets a lean security team punch well above its weight: analysts get context instead of a blank page, ticket quality jumps, and response times shrink from hours to minutes.

What it does

Vector-embedded ATT&CK

The complete MITRE ATT&CK knowledge base stored as searchable vector embeddings.

AI-powered alert triage

Incoming SIEM alerts are analyzed and matched to known attack patterns automatically.

Zendesk ticket enrichment

Tickets are enriched with threat context and recommended mitigations, in place.

Instant SOC context

Analysts get relevant intelligence in seconds instead of hours of manual research.

Built with

n8nQdrantOpenAI EmbeddingsMITRE ATT&CKZendesk APISIEM

Want something like this in your stack?

I build production security automation on a layer you own — wired into the SIEM and ticketing tools your team already runs. Let’s look at where it fits.

Book a free consultation →