Description
n8n-nodes-litesoc






This is an n8n community node for LiteSOC – Security Observability for Startups.
Track security events and manage alerts directly from your n8n workflows.
n8n is a fair-code licensed workflow automation platform.
Installation
Follow the installation guide in the n8n community nodes documentation.
npm
npm install n8n-nodes-litesoc
n8n Desktop
1. Go to Settings → Community Nodes
2. Click Install a community node
3. Enter n8n-nodes-litesoc
4. Click Install
Operations
Event
Track security events in your application:
| Operation | Description |
|———–|————-|
| Create | Track a security event (login, logout, role change, etc.) |
| Get | Retrieve a specific event by ID |
| Get Many | List events with optional filters |
Supported Event Types:
- Authentication:
auth.loginsuccess,auth.loginfailed,auth.logout,auth.mfaenabled,auth.mfadisabled - Authorization:
authz.accessdenied,authz.rolechanged,authz.permission_granted - Admin:
admin.usercreated,admin.userdeleted,admin.privilege_escalation - Data:
data.export,data.bulkdelete,data.sensitiveaccess - Security:
security.suspiciousactivity,security.bruteforce_detected - Custom: Define your own event types
- Brute Force Attack
- Impossible Travel
- Geo Anomaly
- New Device
- Privilege Escalation
- Data Exfiltration
- Rate Limit Exceeded
Alert
Manage security alerts generated by LiteSOC:
| Operation | Description |
|———–|————-|
| Get | Retrieve a specific alert by ID |
| Get Many | List alerts with filters (severity, status, type) |
| Resolve | Mark an alert as resolved |
| Mark Safe | Mark an alert as a false positive |
Alert Types:
Credentials
To use this node, you need a LiteSOC API key:
1. Sign up at litesoc.io
2. Go to Settings → API Keys
3. Click Generate API Key
4. Copy the key and add it to your n8n credentials
Usage Examples
Track Failed Login Attempts
1. Trigger: Webhook (receives login failure from your app)
2. LiteSOC Node: Create Event
- Event Type: auth.login_failed
- Actor ID: {{ $json.user_id }}
- Actor Email: {{ $json.email }}
- User IP: {{ $json.ip_address }}
- Metadata: { "reason": "invalid_password" }
Auto-respond to Critical Alerts
1. Trigger: Schedule (every 5 minutes)
2. LiteSOC Node: Get Many Alerts
- Filters: severity=critical, status=open
3. IF Node: Check if alerts exist
4. Slack Node: Send notification to #security channel
5. LiteSOC Node: Resolve Alert
Route Alerts by Severity
1. Trigger: Webhook (alert webhook from LiteSOC)
2. Switch Node: Route by {{ $json.severity }}
- critical → PagerDuty
- high → Slack #security
- medium → Email security team
- low → Log for review
Severity
Important: Severity is automatically assigned by LiteSOC based on the event type and threat detection rules. You cannot manually set severity when creating events.
Event Severity Levels:
critical – Immediate action required (privilegeescalation, bruteforce)warning – Requires attention (loginfailed, mfadisabled)info – Normal activity (login_success, logout)Alert Severity Levels:
critical – Active attack or breachhigh – Significant threat detectedmedium – Suspicious activitylow – Minor anomalyPlan Restrictions
Some features require a Pro or Enterprise plan:
| Feature | Free | Pro | Enterprise |
|———|——|—–|————|
| Track Events | ✅ | ✅ | ✅ |
| Get Events (last 7 days) | ✅ | ✅ | ✅ |
| Get Events (30+ days) | ❌ | ✅ | ✅ |
| Get Alerts | ❌ | ✅ | ✅ |
| Resolve Alerts | ❌ | ✅ | ✅ |
| Mark Alerts Safe | ❌ | ✅ | ✅ |
| IP Enrichment (VPN/Proxy) | ❌ | ✅ | ✅ |
| Geo Location Maps | ❌ | ✅ | ✅ |
If you attempt a restricted operation on the Free plan, you’ll receive a clear error message with upgrade instructions.
Resources
Development
Setup
npm install
Build
npm run build
Testing
Run all tests
npm testRun tests in watch mode
npm run test:watchRun tests with coverage
npm run test:coverage
Linting
Check for lint errors
npm run lintFix lint errors automatically
npm run lintfix
CI/CD
This package uses GitHub Actions for continuous integration and publishing with npm provenance.
Continuous Integration
The CI workflow (.github/workflows/ci.yml) runs on every push and pull request:
Publishing with Provenance
This package is published with npm provenance, which provides a verifiable link between the published package and its source code.
To publish a new version:
1. Update the version in package.json
2. Commit and push the changes
3. Create a new GitHub Release with a tag matching the version (e.g., v1.0.0)
4. The publish workflow will automatically build, test, and publish to npm with provenance
> n8n Requirement: Starting May 1st, 2026, all n8n community nodes must be published using GitHub Actions with provenance. This package already meets this requirement.