Automating Defender Alerts with CISA KEV and n8n – Has anyone tried similar workflows?

Hi everyone,

I’ve been experimenting with n8n automation to improve vulnerability management. I created a workflow that cross-references Microsoft Defender for Endpoint vulnerabilities with the CISA Known Exploited Vulnerabilities (KEV) catalog, and then automatically creates Jira tickets for remediation.

The flow takes about 16 seconds to run and prioritizes only the CVEs that are both present in the environment and listed in KEV.

Has anyone here built similar automation (maybe with Logic Apps, Power Automate, or Sentinel playbooks)?
Would love to hear how others handle vulnerability prioritization or ticket creation!