n8n-nodes-litesoc

This is an n8n community node for LiteSOC - Security Observability for Startups.

Track security events and manage alerts directly from your n8n workflows.

n8n is a fair-code licensed workflow automation platform.

Installation

Follow the installation guide in the n8n community nodes documentation.

npm

npm install n8n-nodes-litesoc

n8n Desktop

1. Go to Settings → Community Nodes
2. Click Install a community node
3. Enter n8n-nodes-litesoc
4. Click Install

Operations

Event

Track security events in your application:

| Operation | Description | |-----------|-------------| | Create | Track a security event (login, logout, role change, etc.) | | Get | Retrieve a specific event by ID | | Get Many | List events with optional filters |

Supported Event Types:

• Authentication: auth.login_success, auth.login_failed, auth.logout, auth.mfa_enabled, auth.mfa_disabled
• Authorization: authz.access_denied, authz.role_changed, authz.permission_granted
• Admin: admin.user_created, admin.user_deleted, admin.privilege_escalation
• Data: data.export, data.bulk_delete, data.sensitive_access
• Security: security.suspicious_activity, security.brute_force_detected
• Custom: Define your own event types

Alert

Manage security alerts generated by LiteSOC:

| Operation | Description | |-----------|-------------| | Get | Retrieve a specific alert by ID | | Get Many | List alerts with filters (severity, status, type) | | Resolve | Mark an alert as resolved | | Mark Safe | Mark an alert as a false positive |

Alert Types:

• Brute Force Attack
• Impossible Travel
• Geo Anomaly
• New Device
• Privilege Escalation
• Data Exfiltration
• Rate Limit Exceeded

Credentials

To use this node, you need a LiteSOC API key:

1. Sign up at litesoc.io
2. Go to Settings → API Keys
3. Click Generate API Key
4. Copy the key and add it to your n8n credentials

Usage Examples

Track Failed Login Attempts

1. Trigger: Webhook (receives login failure from your app)
2. LiteSOC Node: Create Event
   - Event Type: auth.login_failed
   - Actor ID: {{ $json.user_id }}
   - Actor Email: {{ $json.email }}
   - User IP: {{ $json.ip_address }}
   - Metadata: { "reason": "invalid_password" }

Auto-respond to Critical Alerts

1. Trigger: Schedule (every 5 minutes)
2. LiteSOC Node: Get Many Alerts
   - Filters: severity=critical, status=open
3. IF Node: Check if alerts exist
4. Slack Node: Send notification to #security channel
5. LiteSOC Node: Resolve Alert

Route Alerts by Severity

1. Trigger: Webhook (alert webhook from LiteSOC)
2. Switch Node: Route by {{ $json.severity }}
   - critical → PagerDuty
   - high → Slack #security
   - medium → Email security team
   - low → Log for review

Severity

Important: Severity is automatically assigned by LiteSOC based on the event type and threat detection rules. You cannot manually set severity when creating events.

Event Severity Levels:

• critical - Immediate action required (privilege_escalation, brute_force)
• warning - Requires attention (login_failed, mfa_disabled)
• info - Normal activity (login_success, logout)

Alert Severity Levels:

• critical - Active attack or breach
• high - Significant threat detected
• medium - Suspicious activity
• low - Minor anomaly

Plan Restrictions

Some features require a Pro or Enterprise plan:

| Feature | Free | Pro | Enterprise | |---------|------|-----|------------| | Track Events | ✅ | ✅ | ✅ | | Get Events (last 7 days) | ✅ | ✅ | ✅ | | Get Events (30+ days) | ❌ | ✅ | ✅ | | Get Alerts | ❌ | ✅ | ✅ | | Resolve Alerts | ❌ | ✅ | ✅ | | Mark Alerts Safe | ❌ | ✅ | ✅ | | IP Enrichment (VPN/Proxy) | ❌ | ✅ | ✅ | | Geo Location Maps | ❌ | ✅ | ✅ |

If you attempt a restricted operation on the Free plan, you'll receive a clear error message with upgrade instructions.

Resources

• LiteSOC Documentation
• n8n Community Nodes Documentation
• LiteSOC Pricing

Development

Setup

npm install

Build

npm run build

Testing

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm run test:coverage

Linting

# Check for lint errors
npm run lint

# Fix lint errors automatically
npm run lintfix

CI/CD

This package uses GitHub Actions for continuous integration and publishing with npm provenance.

Continuous Integration

The CI workflow (.github/workflows/ci.yml) runs on every push and pull request:

• Tests run on Node.js 18 and 20
• ESLint checks code quality
• Test coverage is collected

Publishing with Provenance

This package is published with npm provenance, which provides a verifiable link between the published package and its source code.

To publish a new version:

1. Update the version in package.json
2. Commit and push the changes
3. Create a new GitHub Release with a tag matching the version (e.g., v1.0.0)
4. The publish workflow will automatically build, test, and publish to npm with provenance

n8n Requirement: Starting May 1st, 2026, all n8n community nodes must be published using GitHub Actions with provenance. This package already meets this requirement.

License

MIT