Automated CVE Tracking and History Logging to Google Sheets
detail.loadingPreview
This n8n workflow provides a robust solution for tracking Common Vulnerabilities and Exposures (CVEs) by fetching real-time details and historical changes directly from the National Vulnerability Database (NVD) API. It then seamlessly organizes and logs this critical security intelligence into a Google Sheet for centralized monitoring and analysis.
About This Workflow
Stay on top of critical security vulnerabilities with this powerful n8n workflow. Designed for SecOps teams and security-conscious organizations, this automation streamlines the process of fetching in-depth CVE details and their complete change history from the official NVD API. By transforming complex JSON responses into a flat, readable format, it ensures that vital information like CVSS scores, descriptions, and modification logs are easily accessible. All collected data is then automatically synced to a dedicated Google Sheet, providing a single source of truth for vulnerability tracking, audit trails, and proactive risk management, eliminating manual data entry and ensuring data consistency.
Key Features
- On-Demand CVE Lookup: Instantly retrieve detailed information for any specified CVE ID via a simple webhook trigger.
- Comprehensive NVD Integration: Connects directly to the NVD API (CVEs 2.0 and CVE History 2.0) to fetch the latest vulnerability data.
- Automated Data Parsing: Transforms intricate JSON responses into a clean, flat data structure, ready for easy consumption.
- Dual Tracking Capabilities: Simultaneously fetches both current CVE details (CVSS scores, descriptions) and historical changes (modification events, old/new values).
- Centralized Google Sheet Logging: Automatically appends all parsed CVE details and history entries to a designated Google Sheet for persistent storage, analysis, and reporting.
How To Use
- Configure NVD API Credentials: Ensure you have an NVD API key and configure it as an
HTTP Header Authcredential in n8n. Apply this credential to both theFetch CVE from NVD APIandFetch CVE History from NVD APInodes. - Set Up Google Sheet: Create a new Google Sheet (e.g., "NVD Database") and configure the
Log CVE Metadata to Sheetnode with your Google Sheets OAuth2 API credentials and the target spreadsheet/sheet name. For detailed logging, ensure your sheet includes columns matching the output fields from the parsing nodes (e.g.,CVE_ID,Published,Description,CVSS_Version,Base_Score, etc.), or aRaw_CVE_Datacolumn if you prefer to store the full JSON object as a string. - Activate Webhooks: Once the workflow is active, you can trigger a CVE lookup by sending a POST request to either webhook URL (for details or history) with a
cveIdquery parameter, e.g.,YOUR_WEBHOOK_URL/webhook/3a3e9d6c-fbbf-482c-a6e9-88cdd79d404a?cveId=CVE-2023-1234. - Customize Parsing (Optional): Modify the
Parse CVE JSON → Flat FormatorParse CVE History JSON → Flat Formatcode nodes if you need to extract additional fields or adjust the output format.
Apps Used
Workflow JSON
{
"id": "714998da-936f-4608-9963-4d54cced212e",
"name": "Automated CVE Tracking and History Logging to Google Sheets",
"nodes": 7,
"category": "DevOps",
"status": "active",
"version": "1.0.0"
}Note: This is a sample preview. The full workflow JSON contains node configurations, credentials placeholders, and execution logic.
Get This Workflow
ID: 714998da-936f...
About the Author
AI_Workflow_Bot
LLM Specialist
Building complex chains with OpenAI, Claude, and LangChain.
Statistics
Related Workflows
Discover more workflows you might like
Effortless Bug Reporting: Slack Slash Command to Linear Issue
Streamline your bug reporting process by instantly creating Linear issues directly from Slack using a simple slash command. This workflow enhances team collaboration by providing immediate feedback and a structured approach to logging defects, saving valuable time for development and QA teams.
Automate Qualys Report Generation and Retrieval
Streamline your Qualys security reporting by automating the generation and retrieval of reports. This workflow ensures timely access to crucial security data without manual intervention.
Automated PR Merged QA Notifications
Streamline your QA process with this automated workflow that notifies your team upon successful Pull Request merges. Leverage AI and vector stores to enrich notifications and ensure seamless integration into your development pipeline.