AI & Machine Learning 244 AI Assistants 443 AI Image 114 AI Video 61 AI Voice 97 Analytics 141 automation 1145 Cloud & Infrastructure 152 Communication 531 CRM 308 Database 188 Developer Tools 636 E-commerce 174 Email Marketing 152 File Storage 179 Finance 218 HR & Recruiting 32 IoT & Hardware 53 Media 140 Project Management 163 SaaS 396 Security 161 SEO 113 Social Media 165 Utilities 583 VoIP & Telephony 223
Back to Nodes

Threatdown (Malwarebytes)

Security
v0.1.1
Last updated May 27, 2026

n8n community node for the ThreatDown Nebula API by Malwarebytes

402 Weekly Downloads
402 Monthly Downloads
View on NPM GitHub Repository

Included Nodes

Threatdown (Malwarebytes)

Description

n8n-nodes-threatdown

An n8n community node for the ThreatDown Nebula API by Malwarebytes.

The node appears in n8n as Threatdown (Malwarebytes) and uses OAuth2 client
credentials to call ThreatDown endpoints for detections, endpoints, exclusions,
jobs, policies, reports, webhooks, usage, users, and related Nebula resources.

Installation

Install this package as an n8n community node:

npm install n8n-nodes-threatdown

For self-hosted n8n, you can also install it from Settings > Community Nodes
using the package name n8n-nodes-threatdown.

Credentials

Create a Threatdown (Malwarebytes) OAuth2 API credential in n8n.

Required values:

  • Client ID
  • Client Secret
  • ThreatDown Nebula Account ID

    • Optional values:

  • Base URL, defaulting to https://api.malwarebytes.com
  • Scope, defaulting to read write execute

    • The credential requests tokens from https://api.malwarebytes.com/oauth2/token
    using the OAuth2 client credentials grant. The Account ID is sent as the
    accountid header on API calls that require it.

    Operations

    This package exposes 181 ThreatDown Nebula API operations. The OAuth token route
    is intentionally handled by the credential and is not exposed as a normal node
    operation.

    Each operation includes:

  • Resource and operation dropdowns
  • Path and query parameter fields
  • JSON body fields for endpoints that accept a body
  • n8n item linking and continue-on-fail handling

    • OpenAPI Source

    The operation catalog was generated from the ThreatDown OpenAPI document used
    during development. The OpenAPI document itself is intentionally not committed
    to this repository.

    If you need to regenerate the operation catalog, place the OpenAPI file at
    openapi/MalwareBytes.json locally, then run:

    npm run generate:operations

    The openapi/ folder is ignored by git.

    Development

    Install dependencies:

    npm install

    Run checks:

    npm run lint
npm run build

    Run a local n8n instance with this node loaded:

    npm run dev

    Publishing

    This repository includes GitHub Actions workflows for CI and npm publishing with
    provenance, following n8n’s community-node guidance for Creator Portal
    verification.

    Before the first publish, configure one of these npm authentication paths:

  • Recommended: add a trusted publisher on npmjs.com for

    • kboykov/n8n-nodes-threatdown with workflow filename publish.yml.

  • Fallback: add a GitHub Actions secret named NPM_TOKEN containing an npm

    • automation token with publish access.

    To release:

    npm run release

    The release command bumps the package version, commits, tags, and pushes. A
    version tag triggers the publish workflow.

    Resources

  • n8n community nodes documentation
  • n8n node CLI documentation
  • ThreatDown API base URL

More in Security

SSH V2

v1.2.0 390

GitLab

v1.0.37 743

RelayShield

v0.1.14 1,613

WhatsApp Media Decrypt

v0.1.5 27

SEO UOPIX

v1.2.43 121

Websocket Reconnect - Trigger

v1.0.2 14

Physalis

v0.3.2 39

VirtualSMS

v0.1.5 68