Turn Zendesk alerts into clear, action ready tickets. The flow finds tactics and techniques, adds helpful notes, and suggests next steps. It is built for IT and security teams that work from a ticket queue.

A manual run loads a JSON file from Google Drive. The data is split, labeled with useful fields, and embedded with OpenAI into a Qdrant vector store. A chat trigger lets you ask questions about the knowledge using GPT 4o with short memory. Another path pulls Zendesk tickets, loops over each one, and sends the subject and description to an AI agent. The agent searches the vector store and returns structured JSON with MITRE tags and remediation. The ticket is then updated in Zendesk with this context.

You will need an OpenAI key, a Qdrant cluster URL and API key, a Google Drive file with the MITRE data, and Zendesk access. After setup, run the embed step once, then run the ticket loop when needed. Use the chat path to explore the knowledge base and confirm results. Teams should see faster triage, fewer mistakes, and better notes for audits. This is useful for SOC work, SIEM queues, and IT service desks that track security issues.

• Pulls a JSON file from Google Drive and extracts the data for use
• Splits large text into clean chunks and adds metadata for better search
• Creates embeddings with OpenAI text embedding 3 large at 1536 dimensions
• Stores and searches knowledge in a Qdrant vector store
• Chat trigger lets users ask questions with GPT 4o and short term memory
• Fetches all Zendesk tickets and loops through them safely
• AI agent produces structured JSON with MITRE mapping and remediation
• Updates Zendesk tickets with context, tags, and next steps

• Reduce triage time from 30 minutes to 5 minutes per ticket
• Automate 80 percent of enrichment steps for SIEM alerts
• Improve tagging accuracy by 90 percent with structured output
• Connect Google Drive, Qdrant, Zendesk and OpenAI in one flow
• Scale to handle 5 times more tickets with the batch loop
• Give analysts a chat tool to query the knowledge base on demand

1. Import the template into n8n: Create a new workflow in n8n > Click the three dots menu > Select 'Import from File' > Choose the downloaded JSON file.
2. You'll need accounts with Google Drive, Qdrant, Zendesk and OpenAI. See the Tools Required section above for links to create accounts with these services.
3. OpenAI credentials: Double click any OpenAI node, choose the credential dropdown, click Create new credential, paste your OpenAI API key from the OpenAI website, then save. Select this credential on both Chat Model and Embeddings nodes.
4. Google Drive credentials: Double click the Google Drive node, click Create new credential, choose OAuth2, sign in to your Google account, approve access, then save. Pick this credential on the Google Drive node.
5. Set the Google Drive file: In the Google Drive node, set the file ID of your MITRE JSON file. Ensure the Extract from File node uses the fromJson operation and returns valid items.
6. Qdrant credentials: Double click each Qdrant node, click Create new credential, enter your Qdrant URL and API key from your Qdrant dashboard, then save. Set the collection name used for embeddings.
7. Zendesk credentials: Double click the Zendesk nodes, click Create new credential, choose API token or OAuth, enter your subdomain, email, and token, then save. Apply this to Get all Zendesk Tickets and Update Zendesk with Mitre Data.
8. Review the Structured Output Parser: Open the parser node and confirm the JSON fields match how you plan to store notes or comments in Zendesk.
9. Confirm the AI agent links: In the agent for tickets, verify it uses the Qdrant Vector Store query tool and the system message matches your policy.
10. Build the knowledge base: Run the manual trigger path to pull Google Drive data, split it, embed it, and write to Qdrant. Check the node logs for inserted vectors.
11. Test chat: Send a question to the chat trigger and confirm the reply references your MITRE content. Adjust embeddings or data if answers are off topic.
12. Run ticket enrichment: Execute the ticket loop and confirm Zendesk tickets receive comments or fields with MITRE tags and remediation steps.
13. Troubleshoot: If embeddings fail, check OpenAI keys and limits. If Qdrant errors, verify URL, key, and collection. If Google Drive returns empty, confirm file format and access. If Zendesk updates fail, check subdomain, token, and ticket permissions.