A platform with twelve building blocks is only as valuable as its integration. Slack notifications on mail quarantine hits, ERPNext tickets from Wazuh alerts, automatic onboarding mails when Keycloak creates a new user – without that workflow glue layer, every platform stays a tool salad. SecTepe.Comm solves it with two building blocks: n8n and a custom bus gateway.
n8n: Workflow Automation That Can Compete with Code
n8n is a self-hosted workflow engine, comparable to Zapier or Make – with one decisive difference: all data stays on-premise. Properties that count in an enterprise context:
- 200+ pre-loaded nodes: AWS, Azure, GCP, Slack, Teams, GitHub, GitLab, Jira, Mailcow, Keycloak, ERPNext, Nextcloud – all included.
- Function node: JavaScript code for logic that standard nodes don't cover. Including vault integration for secrets instead of hardcode.
- Self-hosted workflow storage: workflows as JSON in Postgres, versionable via Git.
- Triggers: webhook, cron, mail, database polling, MQTT, Kafka.
- Execution history: every run is auditable, with input, output, errors – important for compliance evidence.
The Bus Gateway: The Missing Piece for True Event-Driven
n8n alone is pull-oriented: a workflow polls the source, or a webhook is fired. For a platform with twenty services this quickly creates hundreds of individual webhook configurations – a maintenance nightmare. SecTepe.Comm puts an event bus in between:
- Central event topology: every service publishes events to the bus gateway (mail verdict, user created, Wazuh alert, ERPNext invoice paid).
- Topic-based routing: workflows subscribe to topic patterns instead of webhooks – new workflows need no new service configurations.
- Schema validation: every event has a defined schema; bad events are rejected instead of breaking workflows.
- Idempotency keys: duplicate events (e.g. on service restarts) are deduplicated.
- Audit sink: every event also lands in the audit log – complete system traceability.
Three Concrete Workflows We See Every Day
1. Mail Quarantine → Slack Notification → ERPNext Ticket
Mail security gateway fires event mail.verdict.malicious. The bus routes to n8n workflow "quarantine triage": Slack message in #sec-ops, ERPNext ticket creation with mail metadata, automatic assignment to the on-shift responsible operator.
2. Keycloak User Created → Mailcow Mailbox + Nextcloud Account + Element Account
HR creates a user in Keycloak. Event identity.user.created triggers n8n workflow "onboarding": provision mailbox in Mailcow, assign Nextcloud quota, create Matrix account, send welcome mail. Turns "2 hours of onboarding clicking per user" into "60 seconds fully automatic".
3. Wazuh Alert → CTI Lookup → Automatic Block List Extension
Wazuh detects a suspicious IP. Event siem.alert.suspicious_ip triggers a workflow: CTI stack lookup, on MISP match automatic entry into Mailcow blacklist + AdGuard blocklist + Coraza deny list. Three seconds to block, instead of 30 minutes manual reaction.
What's Not Trivial About a Bus Gateway
Three points learned from two years of operation:
- Schema discipline is not optional. Anyone "deciding event schemas later" has a workflow graveyard six months down the road.
- Backpressure must be designed in early. A Wazuh alert storm can topple all downstream workflows without rate limiting.
- Replay is mandatory. When a workflow has been down for an hour, the bus must be able to redeliver missed events.
Conclusion
Platform building blocks are only as useful as their integration. n8n as a mature workflow engine + a bus gateway as an event routing layer turn a tool set into an integrated operations framework. Instead of Zapier (with US cloud, per-action pricing, no audit trail), the company gets a self-hosted, EU-sovereign, fully auditable automation layer – with the added bonus that every workflow is readable and modifiable in an emergency.