Back to Nodes

LiteSOC

v1.4.1
Last updated Apr 14, 2026

n8n community node for LiteSOC - Security Observability for Startups. Track security events and manage alerts.

25 Weekly Downloads
497 Monthly Downloads

Included Nodes

LiteSOC

Description

n8n-nodes-litesoc

LiteSOC Logo

![npm version](https://www.npmjs.com/package/n8n-nodes-litesoc)
![CI](https://github.com/LiteSOC/n8n-nodes-litesoc/actions/workflows/ci.yml)
![Tests](https://github.com/LiteSOC/n8n-nodes-litesoc/actions)
![Coverage](https://github.com/LiteSOC/n8n-nodes-litesoc/actions)
![License: MIT](https://opensource.org/licenses/MIT)
![npm provenance](https://docs.npmjs.com/generating-provenance-statements)

This is an n8n community node for LiteSOC – Security Observability for Startups.

Track security events and manage alerts directly from your n8n workflows.

n8n is a fair-code licensed workflow automation platform.

Installation

Follow the installation guide in the n8n community nodes documentation.

npm

npm install n8n-nodes-litesoc

n8n Desktop

1. Go to SettingsCommunity Nodes
2. Click Install a community node
3. Enter n8n-nodes-litesoc
4. Click Install

Operations

Event

Track security events in your application:

| Operation | Description |
|———–|————-|
| Create | Track a security event (login, logout, role change, etc.) |
| Get | Retrieve a specific event by ID |
| Get Many | List events with optional filters |

Supported Event Types:

  • Authentication: auth.loginsuccess, auth.loginfailed, auth.logout, auth.mfaenabled, auth.mfadisabled
  • Authorization: authz.accessdenied, authz.rolechanged, authz.permission_granted
  • Admin: admin.usercreated, admin.userdeleted, admin.privilege_escalation
  • Data: data.export, data.bulkdelete, data.sensitiveaccess
  • Security: security.suspiciousactivity, security.bruteforce_detected
  • Custom: Define your own event types
  • Alert

    Manage security alerts generated by LiteSOC:

    | Operation | Description |
    |———–|————-|
    | Get | Retrieve a specific alert by ID |
    | Get Many | List alerts with filters (severity, status, type) |
    | Resolve | Mark an alert as resolved |
    | Mark Safe | Mark an alert as a false positive |

    Alert Types:

  • Brute Force Attack
  • Impossible Travel
  • Geo Anomaly
  • New Device
  • Privilege Escalation
  • Data Exfiltration
  • Rate Limit Exceeded
  • Credentials

    To use this node, you need a LiteSOC API key:

    1. Sign up at litesoc.io
    2. Go to SettingsAPI Keys
    3. Click Generate API Key
    4. Copy the key and add it to your n8n credentials

    Usage Examples

    Track Failed Login Attempts

    1. Trigger: Webhook (receives login failure from your app)
    2. LiteSOC Node: Create Event
       - Event Type: auth.login_failed
       - Actor ID: {{ $json.user_id }}
       - Actor Email: {{ $json.email }}
       - User IP: {{ $json.ip_address }}
       - Metadata: { "reason": "invalid_password" }
    

    Auto-respond to Critical Alerts

    1. Trigger: Schedule (every 5 minutes)
    2. LiteSOC Node: Get Many Alerts
       - Filters: severity=critical, status=open
    3. IF Node: Check if alerts exist
    4. Slack Node: Send notification to #security channel
    5. LiteSOC Node: Resolve Alert
    

    Route Alerts by Severity

    1. Trigger: Webhook (alert webhook from LiteSOC)
    2. Switch Node: Route by {{ $json.severity }}
       - critical → PagerDuty
       - high → Slack #security
       - medium → Email security team
       - low → Log for review
    

    Severity

    Important: Severity is automatically assigned by LiteSOC based on the event type and threat detection rules. You cannot manually set severity when creating events.

    Event Severity Levels:

  • critical – Immediate action required (privilegeescalation, bruteforce)
  • warning – Requires attention (loginfailed, mfadisabled)
  • info – Normal activity (login_success, logout)
  • Alert Severity Levels:

  • critical – Active attack or breach
  • high – Significant threat detected
  • medium – Suspicious activity
  • low – Minor anomaly
  • Plan Restrictions

    Some features require a Pro or Enterprise plan:

    | Feature | Free | Pro | Enterprise |
    |———|——|—–|————|
    | Track Events | ✅ | ✅ | ✅ |
    | Get Events (last 7 days) | ✅ | ✅ | ✅ |
    | Get Events (30+ days) | ❌ | ✅ | ✅ |
    | Get Alerts | ❌ | ✅ | ✅ |
    | Resolve Alerts | ❌ | ✅ | ✅ |
    | Mark Alerts Safe | ❌ | ✅ | ✅ |
    | IP Enrichment (VPN/Proxy) | ❌ | ✅ | ✅ |
    | Geo Location Maps | ❌ | ✅ | ✅ |

    If you attempt a restricted operation on the Free plan, you’ll receive a clear error message with upgrade instructions.

    Resources

  • LiteSOC Documentation
  • n8n Community Nodes Documentation
  • LiteSOC Pricing
  • Development

    Setup

    npm install
    

    Build

    npm run build
    

    Testing

    Run all tests

    npm test

    Run tests in watch mode

    npm run test:watch

    Run tests with coverage

    npm run test:coverage

    Linting

    Check for lint errors

    npm run lint

    Fix lint errors automatically

    npm run lintfix

    CI/CD

    This package uses GitHub Actions for continuous integration and publishing with npm provenance.

    Continuous Integration

    The CI workflow (.github/workflows/ci.yml) runs on every push and pull request:

  • Tests run on Node.js 18 and 20
  • ESLint checks code quality
  • Test coverage is collected

Publishing with Provenance

This package is published with npm provenance, which provides a verifiable link between the published package and its source code.

To publish a new version:

1. Update the version in package.json
2. Commit and push the changes
3. Create a new GitHub Release with a tag matching the version (e.g., v1.0.0)
4. The publish workflow will automatically build, test, and publish to npm with provenance

> n8n Requirement: Starting May 1st, 2026, all n8n community nodes must be published using GitHub Actions with provenance. This package already meets this requirement.

License

MIT