Important Disclaimer: This integration sends data from the Axur Platform to an external platform (n8n), which may be hosted on third-party infrastructure. It is your responsibility to:
Verify that sending data to external platforms complies with your organization’s policies, regulations, and data protection requirements
Ensure that the n8n instance and any downstream services meet your security and compliance standards
Review data handling, storage, and processing practices of all external platforms used in your workflows
Obtain necessary approvals and authorizations before implementing this integration
Axur is not responsible for data handling, security, or compliance practices of external platforms. Use this integration at your own risk and ensure it aligns with your legal and regulatory obligations.
Axur Platform continuously monitors and detects threats to your digital assets. With Push Feeds, you can automatically send these detections to n8n, enabling you to take immediate action on every threat detected by Axur.
By connecting Axur detections to n8n, you can maximize the value of Axur’s intelligence by integrating it with your existing tools and workflows.
The Core Concept
The fundamental idea is simple: Every detection from Axur can automatically trigger actions in n8n. Once you configure a Push Feed to deliver Axur’s detections to n8n, you can build workflows that respond to threats, enrich the data, route it to the right systems, and keep your teams informed.
By connecting Axur to n8n, you unlock the ability to:
Route Axur detections to your existing tools and systems
Enrich Axur’s threat data with additional context from your systems
Keep your teams informed through your preferred communication channels
This tutorial first shows you how to connect Axur Feed to n8n, then demonstrates a concrete workflow that processes Axur detections.
Part 1: Connecting Axur Feed to n8n
This section explains how to configure Axur Platform to automatically send detections to n8n. Once configured, every new threat detected by Axur will be automatically delivered to n8n, allowing you to build automated responses tailored to your operations.
Prerequisites
An n8n instance (cloud or self-hosted)
Axur Platform account with API Key access
Axur Platform Feed configured (or ready to create)
Step 1: Create the n8n Webhook Trigger
First, create a webhook endpoint in n8n that will receive data from the Axur Feed.
1.1 Add Webhook Trigger node
Add a Webhook Trigger node to your n8n workflow. This will be your entry point that receives POST requests from Axur.
Configure:
HTTP Method: POST
Path: Choose a path (e.g.,
webhook-data)Authentication: Header Auth (recommended for security)
Respond: Immediately
Creating Webhook Trigger in n8n
1.2 Create Header Auth credential
To secure your webhook, create a Header Auth credential in n8n:
Name:
AuthorizationValue: Choose a secret token (save this value - you’ll use it in the Axur Feed configuration)
Allowed Domains: Optionally restrict to specific domains
Creating Header Auth credential
Important: Copy the credential value you just created. You’ll need to use the exact same value when configuring the Axur Push Feed in the next step.
Step 2: Configure Axur Push Feed
Now configure the Axur Platform to send data to your n8n webhook endpoint.
In the Axur Platform:
Go to your Feed configuration
Create or edit a Push Feed
Configure the following:
Endpoint URL: Paste your n8n webhook URL (from Step 1.1)
API Key: Your Axur API Key (required for authentication)
Secret Key: Your Axur Secret Key (for HMAC signature)
Custom Headers: This is the critical part — add a custom header:
Header Name:
AuthorizationHeader Value: Use the exact same value from the Header Auth credential you created in n8n (Step 1.2)
Important: The Authorization header value must match exactly what you configured in the n8n Header Auth credential. This ensures the Axur Platform can authenticate with your n8n webhook.
Creating Push Feed in Axur Platform
Once saved, Axur will send a test connection with payload {} including all headers and signature. If successful, your trigger is now active: every new detection from the Axur Feed will automatically POST to your n8n webhook and start your workflow.
Part 2: Example Workflow — AI-Powered Slack Summary
Now that you have the trigger mechanism set up, here’s a concrete example of what you can build: automatically summarizing Axur detections and posting formatted messages to Slack.
What this example does
This workflow demonstrates how to:
Receive Axur Feed data via webhook (already configured in Part 1)
Process it with an AI Agent to create a human-readable summary
Post the formatted result to Slack
Remember: This is just one example. You can replace any step with different actions — route Axur detections to Jira, email, databases, or any other tool that helps you respond to the threats Axur identifies.
n8n workflow overview
Prerequisites for this example
Slack workspace with permission to add an Incoming Webhook
Optional: OpenAI API key (or use n8n’s free credits, as shown in the screenshots)
Example Step 1: Create a Slack Incoming Webhook
You’ll post the summary to Slack using a simple webhook URL.
Steps (Slack):
1. Add the Incoming Webhooks app in Slack and create a new webhook URL for your target channel.
2. Copy the Webhook URL (https://hooks.slack.com/services/…).
Creating Slack Incoming Webhook
Example Step 2: Add processing nodes to your n8n workflow
After the Webhook Trigger (already configured in Part 1), add the following nodes for this example:
2.1 OpenAI Chat Model node
Add an OpenAI Chat Model node which provides the LLM capability for summarization.
Configure:
Credential to connect with: your OpenAI credential (or n8n free credits)
Model:
gpt-4o-mini(or any supported chat model)
Selecting OpenAI Chat Model
2.2 AI Agent node
Add an AI Agent node and connect the OpenAI Chat Model as its Chat Model. This will process the incoming Axur Feed data and generate a Slack-formatted summary.
In the prompt field, use (just an example, you can change for you actual needs):
Make a summary of tickets in this data ( {{ $json.body.collectionData.toJsonString() }}).
Apply breaklines and use correct Slack message format.
Divide tickets by type and status, showing quantity in each group and show most recent ticket key. Make a summary description of the threats received.
The output must be this json with the response {"text": {{ $json.output }}}. Show ONLY the JSON (WITHOUT markdown).
Important: Make a summary of tickets in this data ( {{ $json.body.collectionData.toJsonString() }}). is what passes to the model the actual feed data, so it uses this information to generate the output.
AI Agent configuration with OpenAI Chat Model
2.3 Send to Slack Webhook node
Add an HTTP Request node (or use the Slack Webhook node) after the AI Agent to send the formatted message to Slack.
Configure:
- Method: POST
- URL: your Slack webhook URL (from Example Step 1)
- Send Body: enabled
- Body Content Type: JSON
- Specify Body: Using JSON
- JSON: {{ $json.output }} (this forwards the {"text":"…"} object generated by the AI Agent)
Send to Slack Webhook configuration
Example Step 3: Test the complete flow
Ensure your workflow is active in n8n
When a new detection arrives in your Axur Feed, it will automatically:
POST to your n8n webhook (trigger configured in Part 1)
Flow through the AI Agent for summarization
Post the formatted message to Slack
You can also test manually by sending a sample payload to your webhook:
curl -X POST \
-H 'Content-Type: application/json' \
-H 'Authorization: YOUR_CREDENTIAL_VALUE' \
'https://YOUR-N8N-URL/webhook/webhook-data' \
-d '{
"feedData": {
},
"collectionData": {
"tickets": [
{
"ticket": {
"reference": "https://www.facebook.com/profile.php?id=someprofile",
"ticketKey": "abcdef",
"customerKey": "TEST",
"creation.collector": "facebook",
"last-update.date": "2025-09-08T17:41:57Z",
"creation.collection": "11403731",
"creation.originator": "collector",
"creation.date": "2023-08-18T13:25:46Z"
},
"detection": {
"creation.user": "1",
"resolution.reason": "",
"open.date": "2025-09-08T17:41:57Z",
"assets": [
"TESTA"
],
"type": "fake-social-media-profile",
"resolution": "",
"status": "open"
},
"texts": [],
"attachments": []
},
{
"ticket": {
"reference": "https://www.facebook.com/profile.php?id=otherprofile",
"ticketKey": "hijlkm",
"customerKey": "TEST",
"creation.collector": "facebook",
"last-update.date": "2025-09-08T17:41:57Z",
"creation.collection": "11403731",
"creation.originator": "collector",
"creation.date": "2023-08-18T13:25:46Z"
},
"detection": {
"creation.user": "1",
"resolution.reason": "",
"open.date": "2025-09-08T17:41:57Z",
"assets": [
"TESTB"
],
"type": "fake-social-media-profile",
"resolution": "",
"status": "open"
},
"texts": [],
"attachments": []
}
],
"pageable": {
"pageNumber": 1,
"pageSize": 50,
"total": 2
}
}
}
'
3. Execute the workflow and confirm the formatted message appears in your Slack channel.
Result: formatted message in Slack
Why this matters (and how to go further)
Axur Platform continuously monitors and detects threats to your digital assets. By connecting these detections to n8n, you can act without manual intervention.
What you build depends entirely on:
Your security needs: How do you want to respond to the threats Axur detects?
Your existing tools: What systems are already in place that need to receive Axur’s detections?
Your operational requirements: What processes need to be triggered when Axur identifies a threat?
From every Axur detection, you can build automated responses such as:
Route and notify: Send critical threats to Slack, Teams, Email, SMS, PagerDuty, or any notification service your team uses
Open and update tickets: Automatically create tickets in Jira, Zendesk, ClickUp, Linear, or your ticketing system when Axur detects specific threat types
Enrich data: Combine Axur’s threat intelligence with additional context from your internal systems
Persist information: Store Axur detections in databases, data lakes, warehouses, or spreadsheets for analysis and reporting
Automate decisions: Use intelligent tools to prioritize and route Axur detections based on severity, type, or business impact
Orchestrate complex responses: Build multi-step processes that automatically investigate, enrich, and respond to threats detected by Axur
Axur is the source of intelligence — n8n helps you act on that intelligence based on your operational needs.
Appendix: Tips and best practices
Security: Always protect your webhook with authentication (Header Auth or similar). The Authorization header setup ensures only Axur can trigger your workflow.
Data handling: The AI prompt can reference specific fields your Axur Feed delivers (e.g., severity, type, timestamps). Provide a short schema description in the prompt to improve quality.
Output validation: If you need a strict output schema, enable structured output in the AI Agent or add a JSON schema validation step.
Error handling: Add error handling nodes in your workflow to catch and handle failures gracefully.
Testing: Use n8n’s “Listen for test event” feature to test your webhook before connecting it to production feeds.
Recap
The important takeaway: Axur Platform continuously detects threats to your digital assets. By connecting Axur Feeds to n8n, you can automatically respond to every threat Axur identifies — whether that means notifying teams, creating tickets, enriching data, or triggering complex response workflows. The Slack summary example demonstrates one way to process Axur detections in n8n, but the real value comes from building automated responses that align with how your organization handles security threats.
If you have any questions, feel free to reach out at [email protected] 😊