Workflow overview
Why this workflow matters
Useful for software delivery and engineering operations. Helpful for business development and pipeline building.
This workflow continuously monitors CVE databases, threat intelligence feeds, and public security advisories to surface emerging zero-day threats, correlates them against your registered infrastructure assets and software inventory, and uses Claude AI to score exploitability, assess business impact, and generate actionable remediation playbooks — all before attackers can operationalise the vulnerability. How it works Trigger — Hourly schedule or on-demand webhook for immediate threat scans Load Asset Inventory — Fetches registered infrastructure (IPs, hostnames, software, versions) from Airtable Scrape CVE Sources — Queries NVD API, CISA KEV, and GitHub Security Advisories in parallel Fetch Threat Feeds — Pulls OSINT feeds (AlienVault OTX, abuse.ch, Shodan) for active exploitation signals Normalise & Deduplicate — Merges all findings, deduplicates by CVE ID, enriches with CVSS scores Correlate with Assets — Matches CVEs to your specific software/version inventory AI Threat Assessment — Claude AI scores exploitability, blast radius, and urgency per matched threat Filter Critical Findings — Keeps only threats scoring above configurable risk threshold Route by Severity — Branches CRITICAL / HIGH / MEDIUM for different response paths Alert SOC via Slack — Immediate notification with threat summary and patch status Create Incident Tickets — Auto-opens Jira/ServiceNow issues for CRITICAL and HIGH threats Email Security Team — Detailed HTML threat brief with CVE details and remediation steps Update Threat Register — Appends findings to Google Sheets threat intelligence log Trigger Patch Workflow — Webhooks downstream patch management system for auto-remediation Return API Response — Structured JSON result for SIEM/SOAR integration Setup Steps Import workflow into AlekSystem Configure credentials: Anthropic API — Claude AI for threat assessment NVD API Key — NIST National Vulnerability Database CISA KEV — Known Exploited Vulnerabilities catalogue (public) AlienVault OTX API — Open Threat Exchange pulses Shodan API — Internet exposure checks Airtable — Asset/software inventory Google Sheets OAuth — Threat intelligence log Slack OAuth — SOC alerts Jira API — Incident ticket creation SendGrid / SMTP — Security team email digests Register your asset inventory in Airtable (hostnames, IPs, software, versions) Set your risk score threshold (default: 65) in the filter node Set your Slack SOC channel IDs Configure downstream patch webhook URL Activate the workflow Sample Webhook Payload (On-Demand Scan) { "scanType": "targeted", "software": "Apache HTTP Server", "version": "2.4.51", "urgency": "high", "requestedBy": "soc-analyst@company.com" } Threat Sources Monitored NVD (NIST)** — Full CVE database with CVSS v3.1 scores CISA KEV** — Actively exploited vulnerabilities catalogue GitHub Security Advisories** — Open source dependency vulnerabilities AlienVault OTX** — Community threat intelligence pulses abuse.ch URLhaus** — Malware distribution and C2 URLs Shodan** — Internet-exposed asset enumeration EPSS** — Exploit Prediction Scoring System probabilities AI Assessment Dimensions CVSS Score** — Base, temporal, and environmental scoring EPSS Probability** — Likelihood of exploitation in the wild Asset Exposure** — Internal vs external facing, attack surface Patch Availability** — Vendor patch, workaround, or no fix status Active Exploitation** — CISA KEV / OTX confirmation Business Impact** — Confidentiality, integrity, availability impact Blast Radius** — Number of affected assets and systems Urgency Score** — Composite prioritisation score (0–100) Features Multi-source CVE aggregation with deduplication Asset correlation against software/version inventory EPSS-weighted AI exploitability scoring Automated CRITICAL/HIGH/MEDIUM severity routing Jira ticket creation with full CVE context Patch management webhook integration Full threat intelligence audit log SIEM/SOAR-ready JSON output Explore More Automation: Contact us to design AI-powered lead nurturing, content engagement, and multi-platform reply workflows tailored to your growth strategy.
Best fit
Categories
Services
Use cases
Need another direction?