Monthly Wazuh SIEM Reports β 2 PDFs ( Technical + Management ) + Setup Guide
Stop hand-writing client security reports. This n8n workflow pulls a full month of data straight from your Wazuh SIEM, builds two polished PDF reports, one technical, one executive and emails both automatically on the 1st of every month.
100% data-driven. Nothing is hardcoded every number comes live from Wazuh.
What it delivers
- π Technical report: executive summary, Top 10 rules, MITRE ATT&CK (ID β name), critical vulnerabilities, FIM activity, external attack attempts, confirmed incidents.
- π Management report: risk level, KPIs, key threats, and Short/Medium/Long-term recommendations (with MITRE-driven advice).
- π Real charts (severity donut, daily activity, top rules, monthly trend).
- πΊπ» Month-over-month deltas on events, alerts and incidents.
- π§ One email, both PDFs attached (Gmail node included).
What's inside
- Import-ready n8n workflow (15 nodes)
- Full step-by-step setup guide
- 3 Bonus: 2 extra report themes (dark + minimal) and an HTML email template
Requirements:
- n8n 1.x
- Wazuh (Indexer + Manager)
- free PDF-render API key
- Gmail
- internet access from your n8n server.
Setup in minutes: install one community node, import, add credentials, edit a single config block done. One-time purchase, deploy on unlimited instances you operate, rebrand for your own clients.
30-Day Guarantee
If it doesn't work for your setup, reach out and I'll help you troubleshoot. If we can't get it running, you get a full refund. No questions.