5 pre-built workflows created and shared by Tines users

Celina MurphyContent Manager
Michael TolanSecurity Researcher

Published on April 25, 2024

At Tines, we're super proud of our library. Featuring hundreds of pre-built workflows, it's an incredibly useful source of inspiration for Tines users, from newbies right up to advanced builders.

This week, the library reached two major milestones - it now contains 750 pre-built workflows, 75 of which were submitted by Tines users. And to celebrate, we asked the team at Tines Labs to choose five user-submitted workflows that left them feeling particularly excited about the potential of workflow automation.

Like what you see? You can get started with any of these workflows by importing them to your tenant and configuring them to meet your exact needs. Don't have a tenant yet? It only takes a few minutes to sign up for our always-free Community Edition. Happy building!

Got a workflow of your own to share? Submit your pre-built workflow (also known as a story), or an idea for one using this form.

5 pre-built workflows created and shared by Tines users 

Workflow #1

Streamline macOS software updates with self-service patch management

Our macOS Patch Management automation streamlines the entire lifecycle of managing software updates for macOS operating systems. It includes a self-service implementation of opting in and out of the patch management pilot group via Tines pages and a ring 0/ring1 approach to distributing macOS operating system updates. Updates are initially pushed to the pilot group for testing, and after a week, they are rolled out to the production group. This automation neatly balances user empowerment, system security and stability, and overall reduction of our company's attack surface.

Tools

Jamf

Community author

Tyler Talaga at MyFitnessPal

Streamline macOS software updates with self-service patch management 

Built by: Tyler Talaga at MyFitnessPal

Last year's Grand Prize Winner in our "You Did What With Tines" competition showcased the incredible ingenuity of our users. We regularly host this competition to explore the diverse and high-quality projects our users create, and we're consistently impressed by the submissions.

This Story exemplifies the capabilities of Tines in automating critical, yet often neglected, processes within organizations.

It focuses on automated patch management, significantly reducing vulnerabilities and ensuring adherence to security standards.

Using Tines Pages, the project effectively creates and maintains a pilot user group for the patch management service. This strategy not only empowers users but also promotes a collaborative atmosphere between them and the IT department, ultimately enhancing the organization's security posture.

Workflow #2

Download PCAP from Endace Probe triggered by intrusion detection

Receive intrusion alerts from Elastic when unusual activity is detected. Collect information from an Endace Probe on the affected firewall and format a PCAP file containing the network traffic for the time period. Send the information to a user via email allowing them to investigate efficiently.

Community author

Roberto Cordeiro at Endace

Download PCAP from Endace Probe triggered by intrusion detection 

Built by: Roberto Cordeiro at Endace

This workflow excellently demonstrates how integrating multiple platforms (Elastic and Endace) within Tines can enhance the capabilities of each tool. By using Tines, you're not confined to the functionalities of a single platform; instead, you can instantly share data across systems, allowing for more effective alert enrichment.

This pre-built workflow showcases the utilization of Tines Tunnels and self-hosted features.

With Tines' ability to operate in a self-hosted environment, you can enjoy all the automation advantages without the need to expose your endpoints to the public internet.

This feature is particularly beneficial for organizations operating in restricted environments who wish to leverage Tines' automation capabilities without compromising security.

The workflow has several actions where emails are sent at the end of a detection. This is done natively through Tines and is a great way to keep stakeholders and analysts informed of alerts as they occur. 

Workflow #3

Monitor Azure AD MFA fraud alerts and track in Jira

Monitor the Microsoft Azure Directory Audits log with Graph API for fraud reports. Fraud reports occur when a user receives a Microsoft Authenticator MFA push, declines, and reports the push.

Community author

Nate Adams at Sophos

Monitor Azure AD MFA fraud alerts and track in Jira 

Built by: Nate Adams at Sophos

This is a great example of using scheduled actions to automatically monitor audit logs, a task that no analyst wishes to spend their valuable time on!

Especially for larger organisations, being able to scan large volumes of data quickly becomes an insurmountable task for human resources, and requires an automated solution.

The ability to efficiently read and interpret security logs is crucial for identifying incidents early before they escalate and impact business operations. It also helps in detecting unusual behavior that might suggest an account has been compromised.

Linking Jira issue creation to the alert mechanism ensures immediate reporting of any potential fraud incidents, complete with a pre-formatted description for easy understanding. This feature is extremely valuable for analysts, as it guarantees they have access to all necessary information whenever the workflow is activated.

Workflow #4

Lock a device in JumpCloud

Use Tines Pages or a Slack command to lock down a user's device. The device will be scheduled to lockdown at a specific time.

Community author

Nicolas Oropel at Eron International

Lock a device in JumpCloud 

Built by: Nicolas Oropel at Eron International

This is a great example of using Slack slash commands to trigger workflows in Tines. The job of an analyst or admin involves jumping between several programs and tabs during their shift, which can be a drain of time and a frequent source of frustration.

Being able to trigger a device lock within Slack means that the admin can execute complex workflows with a single command, without the need to open a new window and deviate from their previous work.

Having the results also posted back to Slack helps with auditing and tracking actions from the past.

The workflow leverages Tines' Delay feature, which offers the ability to temporarily halt workflows before their completion. This feature enables administrators to plan device locks for later execution, ensuring through Tines that these actions will be carried out as scheduled. This capability is particularly beneficial for tasks such as offboarding, allowing the IT department to manage assets and enhance security proactively.

Workflow #5

Advanced Live Response tool for Microsoft Defender powered by Tines pages

This story leverages the Live Response capabilities of Microsoft Defender, together with Tines pages, to create a robust, easy-to-use Live Response tool. Run any Windows native command, PowerShell one-liners, and even custom commands.

Community author

Horia Todoran at Holland & Barrett

Advanced Live Response tool for Microsoft Defender powered by Tines pages 

Built by: Horia Todoran at Holland & Barrett

This pre-built workflow stands out with the highest action count of 112 in our library, showcasing an extraordinary example of how users can develop complex workflows on the platform. Remarkably, the creator embarked on creating this extensive workflow just a few months after being introduced to Tines, highlighting the platform's intuitiveness for newcomers.

The user-friendly interface of Tines Pages simplifies the process of running commands on machines, reducing the time needed to action for incident response.

This also allows for switching between multiple machines in seconds, helping with larger scale tasks and initiatives.

The inspiration for this workflow came from another project developed by Tines Labs - a testament to how customers can draw on existing workflows for inspiration and tailor them to fit their unique requirements!

Explore our library of 750+ pre-built workflows.

Built by you,
powered by Tines

Already have an account? Log in.