Overview
Tines exists to empower people to automate work without needing coding knowledge. With our completely private and secure AI model built into Tines, it is easier than ever to build, run, and monitor your most important workflows. Today you will learn a bit about our newest AI feature, Workbench, a leading AI chat interface that can draw on the power of your Tines workflows.
In this training, you will:
Enable a story and template for Workbench
Use Workbench to:
Get a list of running AWS EC2 instances
Analyze the data and enrich specific IP addresses
Build a markdown template for a Tines case (or build an html template for an email)
Create a Tines case (or send an email based on your findings)
Your personal AI chat interface
Tines loves AI and LLMs as they can be powerful tools in automation. Expanding on our previous AI features, here at Tines, we wanted to take AI automation to the next level by providing an AI chat interface for running your Tines stories called Workbench. Workbench removes the need to switch context between applications, offering a singular view to run and monitor in the context of real-time scenarios or events.
And just like our other AI features, it runs entirely within our infrastructure, scoped only to your individual tenant. Data never touches the Internet, is never logged, and is never used for training. Our customers get all of the power of top tier LLMs, without any exposure of their critical data. You can read more at Tines Explained.
Workbench specifically is user-scoped, meaning that users can only interact with stories or action templates that they have permissions to interact with through their team or tenant-level settings.
Note: To access Workbench in your personal tenant, you need to enable AI-powered features from your admin settings. Learn how here.
Let the building begin
With the overview out of the way, it's time to see how you can leverage Workbench to seamlessly take on the role of an analyst - with the help of an AI chat interface.
Enabling a story for Workbench
First, you need set up your story to be used for Workbench.
The option to enable the story for Workbench is located under the “Send to Story” settings on the configuration menu on the right. Click the slider next to “Send to Story” to enable it.
Now you can set the input and output actions for this story. Configure the input action by clicking the dropdown beneath “Input” and select the webhook action named “Receive Data”. Configure the output action(s) by clicking the dropdown next to “Output” and selecting the “Return Error Message” and “Return Results” actions.
Next, scroll down to the “Enable for” options and choose “Workbench”.
There is also an option to require confirmation. This is to add another layer of security before Workbench takes any action, allowing for user confirmation before proceeding, for now, leave that selected. Close that menu by clicking on the storyboard.
The next step is to add a description to the story, which can be seen under the story configuration options on the right pane.
Use the following description for your story:
List & describe all EC2 instances within AWS. The story returns information about each EC2 instance in a region.
💡Note
Set up your credential
If you have already configured a bootcamp_api credential, you can skip to “Interacting with Workbench”, otherwise follow these steps to build your credential.
💡Note
Create a new credential by clicking anywhere on the storyboard to bring up the story menu on the right pane. Find the “Credentials” section.
Note that your story will alert you of a missing credential. Hover over bootcamp_api and click on "Connect" that is shown to the right.
Click “+ Create credential” at the bottom of the modal that pops up, and then select “Text”.
Leave the name as bootcamp_api and for the value, type “secret_api_key”.
Scroll down in the credential builder and find "URLs and Domains" under the "Additional Configurations". Type in toolkit.tines.com.
💡Note
Click "Save".
Interacting with Workbench
Navigate back to the home page by clicking the Tines logo in the upper left corner. The "Workbench" button should now be visible in the upper right corner. This will open up the chat interface.
On the left side, you can see templates and stories that can be made available to Workbench.
By clicking a template and configuring credentials, or clicking a story, you can see the green button light up, which means Workbench can automatically use these tools or stories to serve your requests in the chat.
Click on “Stories” and select “Tines Bootcamp - Workbench” to make it available to workbench.
Get a list of AWS EC2 instances
With your story enabled, type the following to Workbench in the chat bar:
"What systems are running in us-east and eu-west?"
Workbench will call the story twice - once for each region. You can click on the “<>” button to see the raw JSON input and outputs.
Notice that workbench has done what AI does very well, and summarized the data and given some enrichment for you. Now it’s time to dig a little deeper.
Formatting data
Building on the previous task, you can ask Workbench to format the data in a way that is easier to digest.
"Take that info from both regions and format it in a table, including the public IP address, region, creation time, and hostname."
Notice that Workbench accurately communicates that it does not have access to “creation date” from the data.
Analyzing the data, everything looks fairly standard - except for an instance called "backupServer0412”. It does not follow the naming standard, and might be worth a closer look.
💡Note
Enriching IP addresses
Now that you have identified a suspicious looking EC2 instance, you should enrich the external IP address to gather more information in order to assess the threat level.
Click on the templates tab on the left and search for a template named “Tines Bootcamp”. Hover over this template and click the “Connect” button to enter the credential modal.
Click “Choose existing credential” and choose the bootcamp_api credential you created earlier.
Upon selecting the credential, the modal will ask which templates you would like to enable. Select “Get IP Address Info” and then click “Close”.
You can now see the template is enabled, represented by the green icon. Now click on the chat input and ask Workbench the following.
"Look up the external IP address for the “backupServer0412” and tell me about it."
Note the helpful recommendations from workbench. This is simulated data so there’s no need for action right now. If this was real in your environment, you could use Workbench to isolate this instance if you needed to, right now it will be enough to open a ticket.
Creating a case
*This section will only be relevant for tenants that have cases enabled. Community edition tenants do not have cases enabled. Click here for more information on Tines case management. If you are following the self-paced bootcamp version, skip to the next section here.
Now that you have enriched the IP and determined it is malicious, we should open a case. This action will be included within the “Tines” template. Using the search bar on the left pane, look for “Tines”.
Hover over the “Tines” option and click “Connect” and then “Connect new credential”. This will lead you through the connect flow for creating a Tines credential.
When selecting the API key type, choose “personal” and name it tines_cases_api . Check all actions for this template.
Let’s open a case and specifically add in some markdown formatting of the data findings.
"Create a case and include markdown tables for the EC2 and IP address info."
💡Note
Workbench provides an overview of case details in addition to a link to the case - click on it to open it in another tab.
Workbench does a great job at quickly formatting data and filling in the blanks for key security concerns and recommended next steps. It even automatically determined the level of severity that the case should be.
💡Note
Draft and send an email
For self-paced users using a tenant without cases, another option in this scenario is to draft and send an email instead. You will need to import this story from the story library into your tenant.
For your convenience, this story is already enabled for workbench, and the inputs and outputs are already selected.
This story also already has a description so you can continue on.
Return to Workbench, by clicking on the Tines logo in the top left of your page, and then clicking on “Workbench” in the top right
On the left pane, click on “Stories” and enable the “Draft or send an email” story by clicking it (and note the green dot icon lights up).
💡Note
Use the prompt below in the chat to draft an email.
"Create an email draft with html tables for the EC2 and IP address info and include recommended next steps".
Workbench will provide an overview of the draft that it has created. You can then send the email to your own email, which Workbench already knows based off of your user information within the Tines tenant.
"Send the email".
Wrap up
Congratulations, and thank you for sticking with us to the end! We went through setting up credentials, enabling stories for Workbench, using Workbench to call out to different API endpoints including getting AWS EC2 instances and enriching IP addresses, formatting data and creating a case and or drafting and sending an email.
Most importantly, you were able to automate tasks as a security analyst quickly and efficiently - all from an AI chat interface.
More resources
Discover more use cases and prebuilt stories in our Library.
Come talk to us on our Community Slack by signing up here.
Check out more of our learning content in the Tines University.
Take the next step and get certified for no cost here.
Want to talk more? You can book a demo with our team on our Pricing Page.