Core capabilities
Find the right starting point for your team
Our core capabilities highlight the most popular stories in Tines by function. It’s a great place to find inspiration for what to build first.
Security operations
Founded in security, we understand how workflows and automation streamline incident response processes to allow you to focus on more complex strategic tasks.
Analyze URLs in URLScan
Tools: URLScan.io
Create unique ServiceNow tickets from Splunk alerts
Tools: ServiceNow, Splunk
Analyze phishing email senders, URLs, & attachments
Tools: EmailRep, Sublime Security, URLScan.io, VirusTotal
Analyze a hash in VirusTotal
Tools: VirusTotal
Analyze a file in Hybrid Analysis
Tools: Hybrid Analysis
Endpoint security
Leverage workflows to identify true positive alerts from your endpoint detection tools. Integrate threat intelligence to those workflows to prevent ongoing campaigns or known attacks.
Run a CrowdStrike Real Time Response command
This Story will run a given CrowdStrike RTR command against a provided Host ID. All default RTR scripts can be used.
Tools: CrowdStrike
Investigate EDR alerts from Carbon Black
Get EDR alerts for applications and services that Carbon Black has started or stopped on a system. Enrich application information using VirusTotal, generate a ticket in Jira and record the details, then isolate a machine if deemed malicious.
Tools: CarbonBlack, Jira Software, PagerDuty, VirusTotal
Identify and remediate malicious SentinelOne threats with VirusTotal
Query SentinelOne for unresolved threats, verify their maliciousness, and take remedial action. Notify users via email and gather the information in Jira.
Tools: Jira Software, SentinelOne, VirusTotal
Analyze CrowdStrike detections
Pulls a list of new CrowdStrike Detections, flags them as in progress in CrowdStrike, and gets the detection details for each one. For each detection, the individual behaviors are examined, and the process hash is checked in VirusTotal to see if it is known malicious. Where there is a provided IOC as part of the behavior, this is also checked in VirusTotal. A Jira ticket is created for each Detection, and a message sent to a Slack Channel.
Tools: CrowdStrike, Jira Software, Slack, VirusTotal
Vulnerability management
Vulnerability management is an ongoing process that can contain repetitive tasks. Automation can streamline the creation, updating, and closure of vulnerability reports and tickets, simplifying the ticket management process.
Generate new vulnerability scan reports with Qualys
Tools: Qualys
Fetch and record CrowdStrike Spotlight vulnerabilities with Jira
Tools: Automox, CrowdStrike, Jira Software
Retrieve software vulnerabilities from Fleet for a given host
Tools: Fleet
By Dave Herder at Fleet
Analyze vulnerabilities from Tenable workbench
Tools: GreyNoise, Jira Software, Slack, Tenable Vulnerability Management
Close Jira tickets if JupiterOne vulnerabilities are resolved
Tools: Jira Software, JupiterOne
Data loss prevention (DLP)
Incorporating automated workflows into Data Loss Prevention (DLP) helps you detect exposed or sensitive data and set access restrictions to this data. By creating solutions around these tools you can both detect possible issues and speed up remediation times of DLP incidents.
Manage AWS Macie findings with Tines cases
Tools: AWS, Tines
Manage departing employee watchlists in Code42
Tools: Code42
Handle Code42 alerts
Tools: Code42, Jira Software, Slack
Remove public access permissions in Google Drive
Tools: Google, Google Drive
Monitor large downloads by employees in Netskope and create Jira issues
Tools: Jira Software, Netskope
Cloud security
Workflow automation allows you to rapidly deploy security measures, consistently enforce policy measures, and efficiently detect threats. By implementing workflow automation into your cloud security practices you'll save your team time and ensure compliance while significantly reducing the risk of a data breach or security incident.
Track AWS GuardDuty alerts in Jira and remediate
Tools: Amazon GuardDuty, AWS, Jira Software
Send Wiz alerts to Slack and raise issues in Jira
Tools: Jira Software, Slack, Wiz
Monitor and deactivate long-lasting AWS IAM keys
Tools: AWS
Cleanup inactive users in AWS IAM
Tools: AWS, Jira Software
Retrieve Google Security Command Center findings and create issues in Jira
Tools: Google, Jira Software
Identity and access management (IAM)
Apply workflow automation for IAM processes like user identity management and verification, real-time access changes, and responding to unauthorized access. In doing so, you're able to implement a more efficient, secure, and compliant process for managing digital identities and access.
Approve user access to Okta or Office 365 using Pages
Tools: Jira Software, Microsoft, Okta, Slack
Send push notifications in Duo Security
Tools: Duo Security
Reset a user's password in Okta
Tools: Okta
Disable accounts in Microsoft Entra ID
Tools: Jira Software, Microsoft Azure
Disable accounts in Google Workspace, GitHub, and Okta
Tools: GitHub, Google, Jira Software, Okta
Application Security (AppSec)
App sec teams leverage automation to consistently detect, track, escalate, and patch vulnerabilities.If the vulnerability is unknown, you can use the workflow builder to map the patch as you build it for future use. This reinforces your software security posture as part of your software development lifecycle without introducing unnecessary friction.
Create issues in GitHub and Jira from findings in Semgrep
Tools: GitHub, Jira Software, Semgrep
Query Snyk & gather a vulnerability report
Tools: Jira Software, Snyk
Track Snyk issues in Jira
Tools: Jira Software, Snyk
Manage AWS Inspector findings with ServiceNow
Tools: AWS, ServiceNow
Retrieve vulnerabilities from SonarCloud and suggest code fixes in GitHub
Tools: GitHub, OpenAI, SonarCloud
Compliance
Successful compliance programs require data collection, user training, and policy enforcement, all of which can be assisted with by automation. Automated tools can continuously gather and analyse data, ensuring up-to-date compliance reporting. From these reports, actions can be taken on non-compliance issues, from alerting users to their actions, or lack thereof, or by allowing compliance officers to enforce actions.
Monitor and remediate inactive Kandji devices with Tines Cases
Tools: Kandji, Tines
Report on inactive Okta accounts using Tines cases and deactivate
Tools: Okta
Provide compliance information after signing an MNDA in Docusign eSignature
Tools: DocuSign, Slack
Upload compliance evidence to Drata
Tools: Drata
Send KnowBe4 training reminders via Slack
Tools: Knowbe4, Slack
Asset Management
Workflow automation in Asset Management streamlines the process of tracking and securing digital assets. By automatically cataloging and monitoring all digital components, from hardware to software, it ensures that every asset is accounted for throughout its lifecycle. This proactive approach not only saves time but also enhances the overall security posture by maintaining a reliable, current, and secure asset inventory.
Add devices in Kandji to Google Sheets
Tools: Google, Kandji
Verify CrowdStrike is present on new devices in Jamf
Tools: CrowdStrike, Jamf, Slack
Sync assets between Kandji and runZero while updating ownership
Tools: Kandji, runZero
Lookup devices in Lansweeper using a Slack command
Tools: Lansweeper, Slack
Report and lock lost devices in Jamf
Tools: Duo Security, Jamf, Jira Software
Employee onboarding and offboarding
With workflow automation, builders significantly reduce the manual hours spent managing onboarding and offboarding processes. Through Tines, you can swiftly handle routine tasks (i.e. creating accounts, assigning access rights, etc.) and reduce friction with other teams waiting for access provisioning. This not only speeds up the process, but also reduces the risk of human error or delays and, in the case of offboarding, mitigates risk of unauthorized access. This makes for a smooth and efficient process for the organization and employees.
Remove a user account in Microsoft Entra ID, BambooHR, AWS, and Slack
Tools: AWS, BambooHR, Jira Software, Microsoft Azure, Slack
Create many new Microsoft Entra ID users using Tines pages
Tools: Microsoft, Microsoft Azure
Add a new user in Microsoft Entra ID
Tools: Jira Software, Microsoft, Microsoft Azure, Microsoft Teams
Move Google Docs and Calendar to another user in Google Workspace
Tools: Google
Add new employees to BambooHR and manage system access
Tools: BambooHR, Google, Microsoft Azure, Okta, Slack
Threat Intelligence
Incorporating workflow automation in your threat intelligence processes allows you to disseminate threat intelligence insights faster. Automation helps you gather and analyze data across resources. Once remediation steps are identified, it helps you respond to those threats consistently and tracks the process in an auditable way. This not only supplements the accuracy of threat detection, but also allows you to focus on strategic risk management.
Search for IoCs in a network when a MISP attribute is created
Tools: CrowdStrike, DataDog, MISP
Query GreyNoise for CVEs and update blocklist
Tools: GreyNoise
Analyze an IP in many services at once
Tools: AbuseIPDB, APIVoid, GreyNoise, Jira Software, Pulsedive, VirusTotal
Query Censys for known Command & Control IPs add as IoCs in CrowdStrike
Tools: Censys, CrowdStrike
Analyze IOCs in Pulsedive
Tools: Pulsedive
Patch Management
Assets and vulnerabilities can be detected and managed using various tools. By running automated patching on vulnerable assets, an endpoint and networks can be protected against common attacks. Furthermore, automation can be used to manage and remediate and issues that arise during the patching process.
Update vulnerable hosts using ManageEngine Endpoint Central and Fleet
Tools: Fleet, Manage Engine
Update Linux system packages using Ansible Tower
Tools: Ansible, Slack
Fetch and record CrowdStrike Spotlight vulnerabilities with Jira
Tools: Automox, CrowdStrike, Jira Software
Streamline macOS software updates with self-service patch management
Tools: Jamf
By Tyler Talaga at MyFitnessPal
Find and reboot devices with failed Microsoft Intune updates
Tools: Microsoft, Microsoft Azure
User access requests
Handle user access requests at scale with workflow automation. This ensures access requests are routed appropriately for approval, permissions are provisioned or revoked in real-time, and access changes are adequately documented for audits. This reduces manual intervention, accelerates response times, and reinforces your security policies.
Request and approve access to new tools with an audit trail
Tools: AWS, GitHub, Jira Software, Okta, Slack
Review apps in Lumos for inactive approvers and notify Slack
Tools: Lumos, Slack
Sync on-call engineers from PagerDuty to Bowtie access groups
Tools: Bowtie, PagerDuty
Grant temporary application access
Tools: Jira Software, Okta, Slack, Tines
Grant temporary console access to AWS services with Tines pages
Tools: AWS
