Automating Defender Alerts with CISA KEV and n8n – Has anyone tried similar workflows?
Hi everyone, I’ve been experimenting with n8n automation to improve vulnerability management. I created a workflow that cross-references Microsoft Defender for Endpoint vulnerabilities with the CISA Known Exploited Vulnerabilities (KEV) catalog, and then automatically creates Jira tickets for remediation. The flow takes about 16 seconds to run and prioritizes only the CVEs that are both present in the environment and listed in KEV. Has anyone here built similar automation (maybe with Logic Apps, Power Automate, or Sentinel playbooks)? Would love to hear how others handle vulnerability prioritization or ticket creation!Automação de Alertas do Defender com o Catálogo KEV da CISA usando n8n
Overview Recently, I decided to explore how automation could help simplify daily security operations, especially in vulnerability management. While studying n8n, an open-source automation platform, I saw the opportunity to connect it with Microsoft Defender for Endpoint and the CISA Known Exploited Vulnerabilities (KEV) Catalog. The goal was simple: build an automated workflow that identifies which vulnerabilities detected in Defender are actively exploited in the wild, and then create actionable tickets in Jira for remediation teams — automatically and with full context. Why I Built This Most security teams deal with thousands of vulnerabilities every week, but only a small portion are actually being exploited. I wanted to find a way to prioritize what truly matters without adding more manual work. Defender for Endpoint already provides strong vulnerability data, but by combining it with the CISA KEV catalog, we can instantly highlight high-risk CVEs that need urgent attention. This project was also a great opportunity to test n8n’s flexibility and API-handling capabilities in a real-world cybersecurity scenario.
EDR logs explanation
Hello, would it be possible for an expert from this forum to analyze the EDR logs? Could you also explain to me in detail what happened? Furthermore, can you tell me if it is clearly established that the deleted files were deleted by someone physically present on the machine, or if there are other possible explanations? Thanks in advance.
My laptop has been blocked by BitLocker.
However, there is no BitLocker recovery keys on my Microsoft account. I have tried to call Microsoft support, but I only get bot messages that take me to sites that asks me to go and check my Microsoft account. Is there any way I can chat with a human that can actually help me how to get around this BitLocker? thanks
Security Experts... Please advise the necessary people
I'm exploring this forum as a last resort, having exhausted all other options. My story involves a serious flaw in Microsoft's security framework, which has devastatingly impacted my once-thriving business. As a small yet vital enterprise of 15 employees, functioning as an MSP and Microsoft Silver Partner, I faced an unforeseen betrayal. During my absence for spinal surgery, a rogue Microsoft CSP Direct Partner, who was only supposed to manage my business temporarily, exploited their Microsoft affiliation. Utilizing social engineering and their insider status, they illegitimately transferred my company's goodwill and assets to themselves. This included the theft of two decades' worth of private data. The gravity of their deception extends beyond my business; they now control my client base, mainly consisting of solicitors and accountants. Despite clear evidence of their phishing and scamming activities, Microsoft has remained passive, allowing the situation to deteriorate. The suppliers, duped by fraudulent documents, are now realizing their mistake but continue to deny my rights to my own business. This inaction, shared by both Microsoft and the suppliers, leaves me entangled in debt and potential litigation. Interestingly, I am still aware of the physical whereabouts of these scammers. Moreover, I possess pages and pages of IOCs that further substantiate their illicit activities. If Microsoft genuinely engaged with this issue and worked collaboratively towards a resolution, perhaps we could transform this into a tale of rectification and justice. But, having pursued every possible channel without success, I am compelled to raise awareness on public forums. With nothing left to lose, I am calling for attention to this matter. Should you be able to assist, or know someone who can, please reach out. My contact details are linked to my forum ID, and Microsoft can easily access my tenant and phone information. Regards, bozzaman
