litesoc

n8n community node for LiteSOC - Security Observability for Startups. Track security events and manage alerts.

Package Information

Downloads: 784 weekly / 784 monthly
Latest Version: 1.4.0
Author: LiteSOC

Available Nodes

LiteSOC icon
LiteSOC
Track security events and manage alerts with LiteSOC. Severity is automatically assigned based on event type.

Documentation

n8n-nodes-litesoc

LiteSOC Logo

npm version
CI
Tests
Coverage
License: MIT
npm provenance

This is an n8n community node for LiteSOC - Security Observability for Startups.

Track security events and manage alerts directly from your n8n workflows.

n8n is a fair-code licensed workflow automation platform.

Installation

Follow the installation guide in the n8n community nodes documentation.

npm

npm install n8n-nodes-litesoc

n8n Desktop

  1. Go to SettingsCommunity Nodes
  2. Click Install a community node
  3. Enter n8n-nodes-litesoc
  4. Click Install

Operations

Event

Track security events in your application:

Operation Description
Create Track a security event (login, logout, role change, etc.)
Get Retrieve a specific event by ID
Get Many List events with optional filters

Supported Event Types:

  • Authentication: auth.login_success, auth.login_failed, auth.logout, auth.mfa_enabled, auth.mfa_disabled
  • Authorization: authz.access_denied, authz.role_changed, authz.permission_granted
  • Admin: admin.user_created, admin.user_deleted, admin.privilege_escalation
  • Data: data.export, data.bulk_delete, data.sensitive_access
  • Security: security.suspicious_activity, security.brute_force_detected
  • Custom: Define your own event types

Alert

Manage security alerts generated by LiteSOC:

Operation Description
Get Retrieve a specific alert by ID
Get Many List alerts with filters (severity, status, type)
Resolve Mark an alert as resolved
Mark Safe Mark an alert as a false positive

Alert Types:

  • Brute Force Attack
  • Impossible Travel
  • Geo Anomaly
  • New Device
  • Privilege Escalation
  • Data Exfiltration
  • Rate Limit Exceeded

Credentials

To use this node, you need a LiteSOC API key:

  1. Sign up at litesoc.io
  2. Go to SettingsAPI Keys
  3. Click Generate API Key
  4. Copy the key and add it to your n8n credentials

Usage Examples

Track Failed Login Attempts

1. Trigger: Webhook (receives login failure from your app)
2. LiteSOC Node: Create Event
   - Event Type: auth.login_failed
   - Actor ID: {{ $json.user_id }}
   - Actor Email: {{ $json.email }}
   - User IP: {{ $json.ip_address }}
   - Metadata: { "reason": "invalid_password" }

Auto-respond to Critical Alerts

1. Trigger: Schedule (every 5 minutes)
2. LiteSOC Node: Get Many Alerts
   - Filters: severity=critical, status=open
3. IF Node: Check if alerts exist
4. Slack Node: Send notification to #security channel
5. LiteSOC Node: Resolve Alert

Route Alerts by Severity

1. Trigger: Webhook (alert webhook from LiteSOC)
2. Switch Node: Route by {{ $json.severity }}
   - critical → PagerDuty
   - high → Slack #security
   - medium → Email security team
   - low → Log for review

Severity

Important: Severity is automatically assigned by LiteSOC based on the event type and threat detection rules. You cannot manually set severity when creating events.

Event Severity Levels:

  • critical - Immediate action required (privilege_escalation, brute_force)
  • warning - Requires attention (login_failed, mfa_disabled)
  • info - Normal activity (login_success, logout)

Alert Severity Levels:

  • critical - Active attack or breach
  • high - Significant threat detected
  • medium - Suspicious activity
  • low - Minor anomaly

Plan Restrictions

Some features require a Pro or Enterprise plan:

Feature Free Pro Enterprise
Track Events
Get Events (last 7 days)
Get Events (30+ days)
Get Alerts
Resolve Alerts
Mark Alerts Safe
IP Enrichment (VPN/Proxy)
Geo Location Maps

If you attempt a restricted operation on the Free plan, you'll receive a clear error message with upgrade instructions.

Resources

Development

Setup

npm install

Build

npm run build

Testing

# Run all tests
npm test

# Run tests in watch mode
npm run test:watch

# Run tests with coverage
npm run test:coverage

Linting

# Check for lint errors
npm run lint

# Fix lint errors automatically
npm run lintfix

CI/CD

This package uses GitHub Actions for continuous integration and publishing with npm provenance.

Continuous Integration

The CI workflow (.github/workflows/ci.yml) runs on every push and pull request:

  • Tests run on Node.js 18 and 20
  • ESLint checks code quality
  • Test coverage is collected

Publishing with Provenance

This package is published with npm provenance, which provides a verifiable link between the published package and its source code.

To publish a new version:

  1. Update the version in package.json
  2. Commit and push the changes
  3. Create a new GitHub Release with a tag matching the version (e.g., v1.0.0)
  4. The publish workflow will automatically build, test, and publish to npm with provenance

n8n Requirement: Starting May 1st, 2026, all n8n community nodes must be published using GitHub Actions with provenance. This package already meets this requirement.

License

MIT

Discussion