Aggregate Endpoint Security Risk Scores with EDR, Vulnerability Data & Google Sheets
Last edited 58 days ago
👤 Who it’s for
Security teams, SOC analysts, and small-to-mid IT teams looking to automatically assess endpoint risk by combining known vulnerabilities with internal asset value and dynamic threat indicators.
Perfect for teams using Google Sheets or CSV asset inventories who want to prioritize incidents based on true business risk — not just raw CVE scores.
⚙️ How it works / What it does
Fetches endpoint-specific CVE data from prior modules or external feeds
Loads enriched internal asset inventory (IP, department, criticality, etc.)
Calculates risk score using a weighted formula:
(CVE severity × Asset risk rating × Exposure coefficient)
Applies custom playbook rules to determine action level (Notify / Investigate / Isolate)
Outputs filtered, triaged list of high-risk endpoints
Logs results to active and historical threat sheets
Sends summary email alerts based on final triaged list
🛠️ How to set up
Google Sheets:
Connect your enriched asset inventory and endpoint vulnerability input sheets
using your OAuth2 credentials
Edit Thresholds:
Adjust scoring logic or thresholds in the “🔎 Risk Score Calculator” node
Email Alerts:
Add your sender credentials and customize recipient address list
Automation Trigger:
Optional: Add a Cron node or Webhook to run this aggregator hourly/daily
Review sticky notes:
All logic is labeled clearly with setup instructions
📋 Requirements
Google account + access to n8n Google Sheets integration
Vulnerability scan output (from CyberScan or external CVE feed)
Enriched asset inventory with basic scoring fields (asset value, criticality)
SMTP or email alert service (optional)
🧩 How to customize the workflow
Replace Google Sheets with Supabase, Airtable, or internal DB
Add columns for department ownership, system type, or live agent signals
Integrate with EDR/XDR system or incident tracking tool
Expand the playbook to include automatic isolation triggers
📦 This is a clean, production-ready version with no sensitive data.
Placeholders are clearly marked.
🔐 This module is part of the CYBERPULSEBlueOps Pro Pack.
Get access to advanced automation, isolation triggers, full asset triage logic, and instant download at
👉 cyberpulsesolutions.com/blueops
You may also like
AI-Powered Vulnerability Scanner with Nessus, Risk Triage & Google Sheets Reporting
Automate Security Incident Response with Google Sheets, Email Alerts and EDR Isolation
Real-Time Security Threat Dashboard with Google Sheets, AI Risk Analysis & Email Alerts
New to n8n?
Need help building new n8n workflows? Process automation for you or your company will save you time and money, and it's completely free!
