Overview
Tines exists to empower people to automate work without needing coding knowledge. With our completely private and secure AI model built into Tines, it is easier than ever to build, run, and monitor your most important workflows. Today you will learn a bit about how and why we built our native AI and how you can use it to build faster and build better than you ever have before.
In this training, you will:
Get a list of assets
Use AI to:
Filter them to find any that have active vulernabilities
Use AI to calculate the associated risks
Build an HTML table from the results
Use AI to construct an email about the results
Send the email to appropriate stakeholders
The Tines touch on AI
We love AI at Tines. Large Language Models are among the biggest innovations in the past several decades. We know AI will enable our customers to reach new heights in their building, and enable more builders than ever before. However, we also know that any AI features must be private and secure to meet the high standards that our customers have learned to expect from us.
Therefore, AI in Tines runs entirely within our infrastructure, scoped only to your individual tenant. Data never touches the Internet, is never logged, and is never used for training. Our customers get all of the power of top tier LLMs, without any exposure of their critical data. You can read more at Tines Explained.
Let the building begin
With the overview out of the way, it's time to see how you can leverage the power of AI to maximize your workflows by building an example vulnerability management story.
Safety first
The first step in your vulnerability management workflow is to get a list of your assets. From there, you will need to identify which assets have vulnerabilities. To simulate this, you will use the "Get Assets" action that is already on the storyboard. Before we can run the action, you will need to set up a credential.
If you have already configured a bootcamp_api credential, you can skip to “Get a set of assets”, otherwise follow these steps to build your credential.
💡Note
Create a new credential by clicking anywhere on the storyboard to bring up the story menu on the right pane. Find the “Credentials” section.
Note that your story will alert you of a missing credential. Hover over bootcamp_api and click on "Connect" that is shown to the right.
Click “+ Create New” at the bottom of the modal that pops up, and then select “Text”.
Leave the name as bootcamp_api and for the value, type “secret_api_key”.
Scroll down in the credential builder and find "Domains" under the "Additional Configurations". Type in toolkit.tines.com .
💡Note
Click "Save".
Get a set of assets
Now that you have set up your credential, you can run the Get Assets action by clicking on the action and clicking “Run”. Note the number that appears in the top right corner to notify you that an event has been emitted.
To view the event, click on that small number, or click on “Events” in the panel below the action.
Click the {...} to expand the values in the event. Note that some assets have vulnerabilities and some do not. Also note the amount of data in the vulnerabilities. This is structured CVE data which has been pulled from CISA (Cybersecurity and Infrastructure Security Agency).
Close the event pane by clicking the X in the top right corner.
Filtering the data
The next step in the process is to filter the assets so that we are only processing assets that currently have open vulnerabilities.
With Formulas
Connect the “Get Assets” action to the other action on the story board: “Filter assets”. Do this by hovering over the action, then clicking and dragging the arrow that appears into the top of next action.
Click on “Filter assets” to see the configuration pane on the right side of the screen. Click on the pill in the Builder to see how you could filter the asset data by using our built in Formulas language.
Observe the "Result" preview in the bottom right of the pill builder, you can hover over this to see an example of what the event will be.
Run this set of actions by clicking "Get Assets" and clicking Run again. Note that an event gets passed to the "Filter assets" action, triggering it to run as well. You can click on investigate the events from "Filter assets" to see what the Formula did.
While the transformation is easily possible with Formulas, a builder needs to know how to use them. Or at least they did... Now AI can do the work for you.
Delete this action by clicking on it and hitting "delete" or "backspace" on your keyboard.
With Automatic Mode
One key AI feature in Tines is Automatic mode in the Event Transform Action. This was created to make it easier for anyone to build. You can use this to manipulate data using nothing more than common language.
Drag an Event Transform Action onto your storyboard by clicking and dragging the action from the left pane. Rename the action by clicking on “Name” on the right side. Name this action “Automatic Filter”. Now click on the dropdown underneath “Mode” and select “Automatic”.
Connect “Get Assets” to the new “Automatic Filter” action as you did before, by dragging the arrow from first action to the second.
Now click on the pill that is currently “Blank” under Input to bring up the configuration pane for the Automatic transform.
Ensure the input section is set to get_assets.
Click in the guidance window, which currently says “What output do you want”. Type in the following “Return assets that have vulnerabilities” and click “Generate”, and sit back.
Now, you can see a preview of an event that this action would output. Scroll through to confirm, but now you should see only asset objects that have associated vulnerabilities.
Click on the “Code” tab at the top of the output preview to see what happened in the background. Underlying AI analyzed the incoming data, and generated python code to achieve the output that you described. Then, Tines quickly executed that python code to get the output.
Click on “Save” in the bottom right to lock in the behavior.
Note that the guidance is still visible on the right side, so all of your builders can see exactly what this action is doing.
AI enrichment
Tap directly into the power of LLMs as an action in your story. Here, you can use AI to summarize bulky alerts, enrich incoming information, make logical decisions based on your instructions, and much more. We also give you the power to use the model that best fits your use case.
You will use the public templates in the left sidebar for your next action. Click "Templates".
💡Note
Click in the search bar and search for “Tines Bootcamp.” Click and drag the Tines Bootcamp template onto the storyboard. You will see the action name is "Select a template". In the configuration pane on the right side, select "Calculate Risk".
This is a preconfigured AI action. Reading the prompt, you can see this action will use the incoming data to calculate risk scores for each vulnerability, provide justifications for those risk scores, and then provide a remediation step.
Connect your “Automatic filter” action to “Calculate Risk” by dragging the arrow as before. Observe that we are using a pill using automatic_filter.output to reference the upstream data.
Run the story from the top again and investigate the output from the AI action by clicking on "Events" below the action.
Close the event pane and continue.
Find the right team
As part of this story, you are going to simulate sending a well formatted email to the team responsible for any vulnerable assets. For now, you will build the flow to send to the infrastructure team.
Drag on another Event Transform Action below the “Calculate Risk” action and connect it to your story.
Rename this action to “Filter for Infrastructure Team” and select “Automatic” as the mode from the dropdown menu.
Click the “Input” field to bring up the configuration modal.
Ensure “calculate_risk” is configured as the input, and for the Guidance, type the following: ”Return only assets that belong to the infrastructure team”.
Click "Generate" to build the code, and then click "Save" to lock it in.
Re-emit the last event from "Calculate Risk" by clicking on the action and then clicking on the kebab menu on the right side of the context menu. Then click "Re-emit last event". This will send the last processed event downstream without actually executing the action again.
Now view the events for "Filter for Infrastructure Team" to validate the output.
You may close the event pane after.
No HTML skills? No problem.
Now that you have all of the assets specific to the infrastructure team, you can will want to send them a summary of their vulnerable assets. Since you’re emailing the results, you will want to build an HTML body to make it visually appealing.
If you are not an HTML expert, there is no need to worry - AI can be your expert instead.
Drag another Event Transform Action on to the board and connect to your last action. Name this action “Build HTML Table” and set it to “Automatic” mode. Click the pill under “Input” to bring up the configuration modal.
For the input, ensure filter_for_infrastructure_team is set.
For the guidance, it is time to do something a bit more complex. Use the following prompt by copying this from the guide and pasting it into the guidance section:
Build a color coded HTML table of the vulnerabilities for each asset.
Columns should be: Asset name, Vulnerable Package, CVE URL, Risk Score, Justification, and Remediation steps.
Highlight any risk score over 9 in red.
Return the final HTML as a string.
Only use beautiful soup.💡Note
View the formatted HTML in the output and click "Save" to lock in this behavior.
Craft an email
While AI will never be a replacement for the soul that a human can impart on written content, it can certainly compose a nice email. Now you will use the AI action to draft an email that will be sent to the owners of the vulnerable assets.
Bring on another AI action and connect it your story. Name this action “Write Email”
Build the prompt as you see fit, but remember the tips when using AI. Be specific about what you want and remember you can iterate to get to the ideal output.
In the prompt, tell the AI to use the HTML table you created earlier. You can reference it with a pill by clicking the + and selecting “value”. Type in build_html_table.output as the value.
To check the output, re-emit the last event from the "Filter for Infrastructure Team" action by clicking on that action, then clicking the kebab menu in the context menu, and finally clicking "Re-emit the last event."
Check the events from the "Write Email" action and update the prompt as needed. Re-emit from the upstream actions again to run the AI action again with the new prompt.
The final prompt that we used is below:
Write a gentle but firm email to stakeholders to let them know they have vulnerable assets that must be patched as soon as possible.
Include the HTML table of vulnerabilities.
The output should be in HTML. Do not include any text or information except for HTML.
Sign the email as "Security"
HTML table: <<build_html_table.output>>Send the results
Tines can do any number of things with the data, send it to slack, open a ticket in the case management of your choice, today we’re going to email it.
Click and drag a “Send Email” action onto the story board and connect it to the bottom of the “Write Email” action.
In the Send Email action, you can configure the subject as you choose, set “Vulnerable Assets Need Patching”.
In the section under “Body”, create another pill by clicking in the field, and then clicking the plus sign + then selecting “Value”. Type in the path for the output from the “Write Email” action: write_email.output.
Now run your story from the top by clicking on the “Get Assets” action and clicking “Run” and check your email to see your results.
Wrap up
Thank you for taking the time to go through our AI bootcamp! Today you learned a bit about the power of Tines, and even more about what a multiplier that AI in Tines will be for you and your other builders. Please try our other bootcamps at https://tines.com/bootcamps if you would like go through more hands on training. Happy building!
More resources
Discover more use cases and prebuilt stories in our Library.
Come talk to us on our Community Slack by signing up here.
Check out more of our learning content in the Tines University.
Take the next step and get certified for no cost here.
Want to talk more? You can book a demo with our team on our Pricing Page.