Partnership
AWS × Tines
Automate cloud security with AWS and Tines
Automate cloud security
with AWS and Tines
Cloud security is a fast-changing and dynamic environment which results in many teams struggling to know what is serious and what is noise.
Tines, built exclusively on AWS, helps teams quickly remediate known threats while effectively triaging the new. Providing a user friendly interface to build automation Stories, teams are able to quickly create new workflows, utilizing native AWS APIs to create solutions based on their team’s needs. Tines also is packaged with thousands of Action templates to utilize threat detection services outside of the AWS ecosystem.
Tines allows AWS customers to...
Automate
security alerts management
Streamline
incident response
Improve
accuracy and remediation timelines
Use case examples
Detect and Block Bucket Public Access Policy with Cyera.io and AWS
Identify issues in Cyera.io. Create an issue, add comments for response decisions, and send it up for review before drafting and sending an email.
Tools
Real-Time API Threat Detection and Mitigation with Traceable.ai and AWS WAF
Detecting API security anomalies with Traceable.ai involves using advanced monitoring to detect unusual patterns and behaviors in API traffic, leveraging AI to identify anomalies like traffic spikes, unfamiliar IP addresses, and suspicious request patterns. Automated alerts trigger responses, including updating AWS WAF rules to block offending IPs and thwart malicious requests, ensuring APIs are safeguarded against evolving threats.
Tools
Leverage AWS Bedrock for investigation help in Tines cases
Tag a service account in a Tines case to trigger AWS Bedrock based AI assistance in the investigation of a Tines case. Context from the case will be provided to AI and the response will be left in the case as a new comment. The associated story and actions are provided as is and the customer is not responsible for maintaining the code or any activity derived from the usage of the code.
Tools
Community author
Adam Maksimuk at Navan
Sysdig Cloud Detection, Document with Jira, and Respond with Tines
This story recieves Sysdig Kubernetes threat alerts through the webhook integrations. The story then retrieves asset information sysdig . Tines calls on Jira to documents each alert for tracking purposes. The story will take steps in to executing response automated workflows based on the alert type.
Tools
Community author
Manuel Boira at Sysdig
Detect and Enrich Sysdig Alerts with Risky User with Greynoise and Deny User from AWS Console Login
This narrative begins by receiving Sysdig Cloudtrail alerts via notification integrations. Upon receiving an alert, the system retrieves user identity information from Sysdig, utilizing it to generate a risk score. Furthermore, the story conducts an IP lookup associated with the user to ascertain its reputation. In the event of a malicious IP address, the system autonomously implements a deny-all policy, effectively blocking the user from accessing the AWS console login.
Community author
Manuel Boira at Sysdig
Useful Resources
AWS security response with Tines
Learn how to automate response to AWS Security Alerts using AWS Cloudwatch and SNS together with the Tines Security Automation platform.
Leveraging AWS Lambda in Tines
Using AWS Lambda within your automation platform.
How to create a Tines Tunnel with an AWS EC2 instance
Create a Tines Tunnel so you can route traffic from Tines to a private API/network successfully.
Whether it’s EDR, traffic behavior analysis, firewall management, IDS, phishing simulations, or anything else we use, Tines is very easy to plug into everything, get the alerts we want, and have it process them. That takes hours off our work.
Joel Perez-SanchezSecurity Engineer
Tines is very intuitive in pretty much every aspect; the platform is just really easy to use, so it does a really good job at saving time. The time saved pays for itself, in my opinion.
Dylan WhiteInformation Security Engineer
