What this workflow does
This workflow reads new security advisories from Palo Alto Networks every day at 1 AM.
It checks if advisories relate to specific products used by a company.
If yes, it creates issues in Jira and sends email notifications to customers automatically.
This saves time and reduces missed alerts in security operations.
Who should use this workflow
Security analysts who handle many cyber threat advisories.
Teams using Palo Alto Networks products like GlobalProtect or Traps.
Users wanting to automate issuing Jira tickets and emailing customers about relevant threats.
Tools and services used
- n8n workflow automation platform: To build and run the workflow.
- Gmail (OAuth2): For sending emails to customers.
- Jira Software Cloud API: To create issues automatically.
- Palo Alto Networks RSS Feed: Source for security advisories (
https://security.paloaltonetworks.com/rss.xml). - Customer email directory node: Either n8nTrainingCustomerDatastore or Google Sheets with name and email columns.
How this workflow works (Input → Process → Output)
Input
The workflow triggers automatically every 24 hours at 1 AM.
It fetches the latest Palo Alto Networks security advisories from the RSS feed URL.
Processing steps
First, the workflow extracts key details like advisory type, subject, severity, date, and link from the RSS feed data.
Next, it filters advisories to keep only those for specific products like GlobalProtect or Traps.
It then removes advisories that are not published within the last 24 hours to avoid duplicates.
For filtered advisories, it creates detailed Jira issues summarizing severity and links.
Then it retrieves the current customer list dynamically from a configured data source.
Lastly, it sends personalized emails to each customer notifying them about relevant advisories.
Output
Created Jira issues inside the configured Jira Cloud project.
Sent email notifications to customers via Gmail with advisory details.
Beginner step-by-step: How to use this workflow in n8n
1. Import the workflow
Inside the n8n editor, click the Download button on this page to get the workflow file.
Click “Import from File” in n8n and select the downloaded workflow.
2. Add credentials and update settings
Configure Gmail credentials using OAuth2 in the Gmail node.
Set Jira API credentials and ensure correct project ID and issue type in the Jira node.
Check or update the customer email source in the n8nTrainingCustomerDatastore or replace with your Google Sheets node.
3. Test the workflow
Run the workflow manually once using the Manual Trigger node to ensure it executes without errors.
4. Activate for production
Replace the manual trigger with the Schedule Trigger node configured to run daily at 1 AM.
Activate the workflow by turning on the toggle in n8n.
Monitor logs and executions to confirm it runs properly.
For users running self-host n8n, ensure server uptime and API access.
Edge cases and failure points
If no new advisories are processed, check the feed URL and date filtering logic carefully.
Emails not sending usually indicate Gmail OAuth2 is not set or email fields are incorrect.
Jira errors come from missing project or issue type info or API permission problems.
Customer data format mismatches stop email sending steps.
Customization ideas
- Duplicate product filter Filter nodes to add more product keywords like “Cortex”.
- Replace Gmail node with Slack or Teams node to send chat messages instead of emails.
- Change Schedule Trigger timing to run weekly or several times daily.
- Use Google Sheets or other database nodes for the customer directory instead of default datastore.
- Modify Jira issue description to add more advisory metadata or custom fields.
Summary of results
✓ Saves about two hours daily of manual advisory review and issue creation.
✓ Reduces risk of missing critical Palo Alto Networks advisories.
✓ Creates Jira issues for fast incident tracking.
✓ Sends timely personalized emails to customers to improve response.
→ Improves security operations efficiency and communication.