Automação de Alertas do Defender com o Catálogo KEV da CISA usando n8n

1. Overview

Recently, I decided to explore how automation could help simplify daily security operations, especially in vulnerability management. While studying n8n, an open-source automation platform, I saw the opportunity to connect it with Microsoft Defender for Endpoint and the CISA Known Exploited Vulnerabilities (KEV) Catalog.

The goal was simple: build an automated workflow that identifies which vulnerabilities detected in Defender are actively exploited in the wild, and then create actionable tickets in Jira for remediation teams — automatically and with full context.

1. Why I Built This

Most security teams deal with thousands of vulnerabilities every week, but only a small portion are actually being exploited.
I wanted to find a way to prioritize what truly matters without adding more manual work.

Defender for Endpoint already provides strong vulnerability data, but by combining it with the CISA KEV catalog, we can instantly highlight high-risk CVEs that need urgent attention.

This project was also a great opportunity to test n8n’s flexibility and API-handling capabilities in a real-world cybersecurity scenario.