Stop checking vendor sites by hand. This automation pulls new Palo Alto security advisories, filters for products you use, opens a Jira ticket, and emails your team. It suits IT and security teams that need fast alerts and clear follow up.

On a schedule or by clicking run, it reads the Palo Alto RSS feed. A data step extracts the type, subject, severity, link, and publish date from each post. A date check keeps only items from the last 24 hours, then keyword filters look for GlobalProtect and Traps. For matches, it creates a Jira issue with severity and the link, loads your contact list, and sends a Gmail message to each person. Old or unrelated items are ignored.

You only need a Jira site and a Gmail account. Update the keywords to match your products, add more filters if needed, and plug in your email directory or a sheet. Teams often cut daily monitoring from one hour to a few minutes and reduce missed advisories at night. It works well for incident triage, vendor risk alerts, and change control reviews.

• Scheduled run every day at 1 am plus a manual run option for quick tests
• RSS reader pulls Palo Alto advisories from the official feed URL
• Data extraction step parses type, subject, severity, link, and publish date
• Date filter keeps only advisories posted in the last 24 hours
• Keyword filters detect product specific advisories like GlobalProtect and Traps
• Jira ticket creation with mapped summary, severity, link, and publish date
• Contact directory lookup to get names and emails for outreach
• Gmail sends tailored messages with dynamic subject and content
• Stale advisories are discarded to avoid noise and duplicates

• Reduce daily vendor checks from 60 minutes to 5 minutes
• Automate up to 90% of advisory triage work
• Improve notification accuracy by 80% by removing copy and paste errors
• Connect Palo Alto, Jira, and Gmail in one flow
• Handle high alert volume without extra effort
• Cut time to open incidents by 50% with instant tickets

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Palo Alto Networks, Jira Software Cloud and Gmail. See the Tools Required section above for links to create accounts with these services.
3. Open the RSS Feed node and confirm the feed URL points to the Palo Alto security advisories feed. Leave it as is or change it if your team uses a different source.
4. Open the Schedule Trigger and set your time zone and a daily time for the run. Keep 1 am if it matches your operations window.
5. Open the Extract info step and confirm fields map to title, subject, severity, link, and pubDate. Keep the defaults unless the feed format changes.
6. Open the date check node and verify it filters items newer than the last 1 day. If you prefer weekly runs, change the expression to the last 7 days.
7. Edit the product filter nodes. Replace GlobalProtect and Traps with the product names or keywords your team cares about. Duplicate a filter node to add more products.
8. Double click the Jira node. In the credential dropdown, click Create new credential and follow the prompts. For Jira Software Cloud, use your site URL, email, and an API token from your Atlassian account. Select the correct project and issue type.
9. Open the contact source node. Replace the sample datastore with your directory or a Google Sheet if you prefer. Ensure the output has name and email fields for each person.
10. Double click the Gmail node. In the credential dropdown, click Create new credential and complete the OAuth flow. Review the subject and message fields and send a test email to yourself.
11. Click Execute Workflow to test. Confirm a Jira issue is created with the right severity and link, and that emails reach the intended inboxes.
12. Troubleshooting: If no items flow through, check the date filter and feed URL. If Jira fails, verify credentials and project permissions. If emails do not send, check Gmail scopes and sending limits.