Hire Me

Building an AI-Driven Vulnerability Management & Automated Remediation Pipeline with Nessus, n8n, Ansible, Semaphore, and AI

Modern security teams face one major problem:

Vulnerabilities are discovered faster than they can be remediated.

Scanning tools continuously generate findings, but manually analyzing, prioritizing, assigning, remediating, validating, and documenting vulnerabilities takes significant time. In many organizations, this delay increases exposure and creates operational bottlenecks.

To solve this problem and strengthen my practical cybersecurity skills, I built a complete AI-powered Vulnerability Management Pipeline in my homelab environment.

This project simulates how enterprise security teams automate the entire vulnerability lifecycle:

  • Vulnerability Discovery
  • Data Processing
  • Risk Prioritization
  • Human Approval
  • Automated Remediation
  • Validation
  • Reporting

The entire system was built using real-world tools commonly used in enterprise environments, including:

  • Nessus Essentials
  • PostgreSQL
  • Python
  • n8n
  • Ansible
  • Semaphore
  • GitHub
  • Telegram
  • Proxmox
  • OPNsense Firewall
  • Ollama / AI Models

Project Objective

The goal of this project was to design a system capable of:

  1. Automatically discovering vulnerabilities
  2. Processing and storing findings
  3. Generating AI-based remediation recommendations
  4. Creating dynamic Ansible playbooks
  5. Requiring human approval before remediation
  6. Automatically executing remediation using Semaphore
  7. Maintaining auditability and visibility throughout the process

This project focuses heavily on:

  • Security automation
  • Vulnerability management
  • Infrastructure orchestration
  • AI integration
  • Enterprise workflow simulation

Homelab Architecture

I used a Proxmox-based homelab environment for this project.

To isolate the lab from my home network, I configured an OPNsense firewall and segmented the lab environment into its own internal network.

Infrastructure Components

Component Purpose
Proxmox Virtualization platform
OPNsense Network segmentation & firewall
Ubuntu 20.04 VM Vulnerable target machine
Ubuntu 24 VM PostgreSQL database server
Nessus Essentials Vulnerability scanning
n8n Workflow automation
Semaphore Ansible execution platform
GitHub Playbook version control
Telegram Human approval workflow
Ollama / AI Model AI-generated remediation

Phase 1 — Infrastructure Setup

The first step was building the lab environment.

Virtual Machines & Containers

I created:

  • Ubuntu 20.04 vulnerable target VM
  • Ubuntu 24 database VM
  • Kali Linux VM
  • n8n LXC container
  • Semaphore LXC container

The OPNsense firewall separated the lab environment from the rest of my network to avoid accidental exposure.

Phase 2 — Database Setup

I installed PostgreSQL to store vulnerability findings.

Creating the Database

CREATE DATABASE vuln_mgmt;

CREATEUSER vuln_user
WITH PASSWORD'StrongPassword';

GRANTALLPRIVILEGES
ON DATABASE vuln_mgmt
TO vuln_user;

Creating the Vulnerability Table

CREATETABLE vulnerabilities (
    id SERIALPRIMARYKEY,
    cve TEXT,
    host TEXTNOTNULL,
    port TEXT,
    cvssFLOAT,
    severity TEXT,
    status TEXTDEFAULT'OPEN',
    first_seenTIMESTAMP,
    last_seenTIMESTAMP
);

This database became the central source of truth for vulnerability tracking.

Phase 3 — Vulnerability Scanning with Nessus

I used Nessus Essentials to scan the Ubuntu target VM.

The goal was to identify:

  • Missing patches
  • Outdated services
  • Configuration weaknesses
  • Common CVEs

Once the scan completed, I needed a way to process the results automatically.

Phase 4 — Python-Based Vulnerability Processing Engine

I created a custom Python parser that:

  • Connects to Nessus using API keys
  • Pulls vulnerability scan results
  • Extracts:
    • CVE
    • Plugin name
    • Severity
    • CVSS score
    • Affected host
  • Cleans the data
  • Inserts findings into PostgreSQL

Nessus API Integration

The script authenticates using Nessus API keys:

HEADERS= {
"X-ApiKeys":f"accessKey={ACCESS_KEY}; secretKey={SECRET_KEY}",
"Content-Type":"application/json"
}

Fetching Vulnerabilities

response=requests.get(url,headers=HEADERS,verify=False)
data=response.json()

Storing Vulnerabilities in PostgreSQL

INSERTINTOvulnerabilities
(cve,host,port,cvss,severity,status,first_seen,last_seen)
VALUES (%s, %s, %s, %s, %s, %s, %s, %s);

This created a continuously updated vulnerability database.

Phase 5 — Workflow Automation with n8n

Once the database pipeline was working, I started building the automation workflow using n8n.

The workflow was designed to simulate an enterprise vulnerability management process.

Workflow Overview

The workflow operates as follows:

  1. Nessus scan completes
  2. Python parser updates PostgreSQL
  3. PostgreSQL trigger activates n8n workflow
  4. Two AI nodes execute simultaneously:
    • Human-readable report generation
    • Dynamic Ansible playbook generation
  5. Telegram sends approval request
  6. AI-generated playbook is saved to GitHub
  7. Analyst approves remediation
  8. Semaphore API triggers Ansible execution
  9. Playbook executes on target machine
  10. Vulnerability is remediated

Why I Used AI

I integrated AI to simulate how future enterprise security operations may operate.

The AI layer performs two major tasks:

1. Human Report Generation

The AI converts raw vulnerability data into a concise analyst-friendly report.

Example:

Vulnerability: Apache HTTP Server Outdated Version
Severity: High
CVSS: 8.1

Risk:
The server is vulnerable to remote code execution attacks.

Recommended Action:
Update Apache to the latest supported version immediately.

2. Dynamic Ansible Playbook Generation

The second AI node generates remediation playbooks dynamically.

Example:

---
- name: Update Apache Server
  hosts: webservers
  become: yes

  tasks:
    - name: Update Apache package
      apt:
        name: apache2
        state: latest
        update_cache: yes

    - name: Restart Apache
      service:
        name: apache2
        state: restarted

This playbook is automatically committed to GitHub.

GitHub Integration

The playbook generator node pushes remediation playbooks into a GitHub repository.

Benefits:

  • Version control
  • Auditability
  • Change tracking
  • Rollback capability
  • Enterprise-style workflow

Each vulnerability can generate its own remediation playbook.

Human Approval Workflow

One major design principle of this project was:

Never allow blind remediation.

Before any remediation occurs, the AI-generated report is sent to Telegram for human approval.

The analyst can:

  • Approve remediation
  • Reject remediation
  • Review findings before execution

This introduces governance and prevents unsafe automation.

Semaphore Integration

Once approval is granted, n8n triggers Semaphore using its API.

Semaphore then:

  1. Pulls the latest GitHub repository
  2. Retrieves the newly generated playbook
  3. Executes the playbook using Ansible
  4. Logs all execution details

This simulates enterprise patch orchestration pipelines.

Dynamic Playbook Execution

One challenge I solved was dynamically selecting which playbook Semaphore should execute.

I passed the playbook filename directly through the Semaphore API request.

Example logic:

{
  "template_id":2,
  "environment": {
    "Playbook":"Playbooks/apache_update.yml"
  }
}

This allowed Semaphore to execute only the newly generated remediation playbook.

Challenges Faced

This project involved significant troubleshooting and integration work.

Major Challenges

AI Model Issues

I initially used Ollama locally for privacy reasons, but encountered timeout and performance issues when integrating with n8n.

Semaphore API Integration

I faced several issues with:

  • API authentication
  • Dynamic playbook execution
  • GitHub repository synchronization

GitHub Authentication

Semaphore initially failed to clone private repositories due to authentication issues.

This was resolved using SSH key authentication.

Dynamic JSON Handling in n8n

Passing dynamic playbook names into HTTP requests required careful JSON formatting and expression handling.

Key Security Design Principles

This project was intentionally designed using enterprise security concepts.

Controlled Automation

No remediation occurs without approval.

Auditability

Every action is logged:

  • Scan results
  • AI outputs
  • GitHub commits
  • Approval actions
  • Playbook execution

Risk-Based Remediation

Severity and CVSS scores determine prioritization.

Modularity

Every component can be replaced independently.

Skills Demonstrated

This project helped me strengthen hands-on experience in:

  • Vulnerability Management
  • Security Automation
  • AI Integration
  • Python Development
  • PostgreSQL
  • Infrastructure Orchestration
  • Ansible
  • API Integration
  • Workflow Automation
  • GitHub CI-style workflows
  • Security Engineering Concepts

Future Improvements

Planned enhancements include:

  • CVE enrichment APIs
  • Grafana dashboards
  • Automated rescanning validation
  • MTTR tracking
  • SIEM integration
  • RBAC for approvals
  • Multi-host remediation
  • Windows remediation support
  • AI risk scoring
  • Slack/Microsoft Teams integration

Final Thoughts

This project gave me practical exposure to how modern security operations can combine:

  • Vulnerability management
  • AI
  • Infrastructure automation
  • Approval workflows
  • DevSecOps principles

Rather than building isolated scripts, the goal was to create a complete operational pipeline similar to what enterprise security teams use in real environments.

The most valuable part of this project was understanding how all the systems connect together:

  • Scanning
  • Data engineering
  • AI processing
  • Automation
  • Orchestration
  • Human governance

This project significantly improved my understanding of real-world security engineering and automation workflows.

Tech Stack Summary

Category Tools
Virtualization Proxmox
Firewall OPNsense
Vulnerability Scanner Nessus Essentials
Automation n8n
Remediation Ansible
Execution Platform Semaphore
Database PostgreSQL
AI Ollama / LLM
Version Control GitHub
Approval System Telegram
Language Python

Conclusion

This AI-driven vulnerability management pipeline demonstrates how modern cybersecurity operations can move beyond manual processes and toward intelligent, controlled automation.

The project combines:

  • Offensive understanding
  • Defensive remediation
  • Infrastructure engineering
  • Automation
  • AI integration
  • Security governance

And most importantly:

It demonstrates how security can scale through automation without sacrificing human oversight.

Leave a comment

Your email address will not be published. Required fields are marked *