Enrich IP addresses with country attribution using IPinfo and Slack alerts

Description

🧩 Template Description

IP Enrichment & Country Attribution is a lightweight cybersecurity automation that enriches IP addresses with geographic and network intelligence. It validates incoming IPs, filters out private or invalid addresses, and enriches public IPs using an open-source IP enrichment service.

🔄 How It Works
Receives an IP address via webhook (API or Slack).
Validates the IP format and rejects invalid input.
Checks for private or internal IP ranges.
Ignores private IPs with a clear response.
Enriches public IPs using an open-source IP intelligence service.
Normalizes country, ISP, and ASN data and applies a severity label.
Slack notifications are sent for enriched public IPs.
Returns a structured JSON response.

⚙️ Setup Steps
Import & Activate Workflow
Import the JSON template into n8n
Actvate the workflow
Set Up Webhook
Copy the webhook URL
Send a POST request with the IP in the body, e.g.:
{ "text" : "8.8.8.8" }
Using curl:
`curl -X POST https://YOUR_N8N_WEBHOOK_URL \
-H "Content-Type: application/json" \
-d '{"text":"8.8.8.8"}'`
Configure Slack (Slack Alert)
Create or select Slack credentials in n8n
Make sure the bot is in your target channel
Update the Slack node with correct channel.

Slack Slash Command Setup (Optional)
Enable Slash Commands and create new command (for example /ip-enrich).
Set the Request URL to your n8n webhook endpoint.
Choose POST as the request method.
Install the app to your workspace.
Usage example:
/ip-enrich 8.8.8.8

🎛️ Customization Options
Enrichment source: Replace or extend the IP intelligence API with additional providers (for example reputation or abuse scoring).
Slack formatting: Customize the Slack message text, emojis, or use threads for better alert grouping.
Input sources: Reuse the webhook for other integrations such as SIEM alerts or security tools.