Together, Tines and Elastic provide security teams with all the information they need to investigate alerts, make business critical decisions in one place all while saving valuable time and resources. By combining the value of high-fidelity detection and alerting delivered by Elastic Security with Tines’ robust automation, SOC teams can effectively support continuous monitoring, threat detection and prevention, alert enrichment, incident response and more.
Key benefits
Scale security operations efforts
Integrate context & data enrichment into alerts
Investigate & react to alerts faster
Use case examples
Example 1
Check Workday for unauthorized travel and alert in Slack
Get login events from JumpCloud and Google and enrich the location from the source IP. If the location matches a list of unauthorized travel sources and has not already been registered in Workday, verify the login with the user and their manager. If it is an unknown login, page the security team with OpsGenie.
Community author
Muhammet Tekbicak
Example 2
Investigate security alerts in Workbench from Slack links
This Story demonstrates how you can start a conversation with Workbench by utilizing the WORKBENCH_LINK function from an external tool, such as Slack. Start a conversation with an Elastic alert and initial GreyNoise analysis and context pre-loaded to assist the investigation.
Created by
Michael Tolan
Example 3
Build and search MITRE ATT&CK semantic index in Elastic
This workflow creates an index of the MITRE ATT&CK framework in Elasticsearch with semantic search capabilities. It enables analysts to efficiently search and correlate MITRE techniques to an alert or ticket description even when exact keywords aren’t used. This enhances threat detection, incident response, and security strategy by providing deeper insights into potential threats.
Created by
Michael Tolan
Example 5
Replay Data with Cribl into Elastic Security and Isolate Hosts Using Elastic Agent
Receive a webhook from Elastic to initiate the creation of a SIEM case and link alerts. Analyze the IP, add location and enrichment data, query Elasticsearch for related hits, and decide whether to isolate the host.
Useful resources
ELK Stack automation and the Elasticsearch API
Automate the Elasticsearch Search API to rapidly create canned and shareable threat hunting tools for you and your team.
Tines and Elastic partner to detect security threats and reduce mean time to respond
By combining Tines and Elastic, security teams are able to dramatically reduce dwell times, mean time to respond, and false-positive rates while also strengthening their agility and impact.
Elastic’s James Spiteri: Why SecOps teams need to focus on small incremental wins and not try to boil the ocean
James shares his experiences and learnings over the course of his career, and why he believes community support is critical during cybersecurity incidents.
Automating Detection-as-Code
Security teams today are tasked with detecting and defending more attacks and attack surfaces than ever before. Moving towards developer-centric reliable deployments can help meet these challenges head-on!
“Crawl, walk, run into zero trust”: a Q&A with Elastic’s John Harmon
Regional Vice President of Cyber Solutions at Elastic John Harmon shares best practices for federal agencies looking to reach their zero trust goals.
Elastic’s Mandy Andress on switching from a tech-first to people-first approach to security
The Elastic CISO speaks to Thomas Kinsella about embracing radical transparency and adopting an infrastructure-as-code approach.
How cloud engineering teams use Elastic Observability and Tines to optimize resources
With Elastic Observability and Tines, cloud engineers can build workflows to help maximize resource utilization and minimize expenses.
“Better context in a world that's changing quickly”: Leading CISOs discuss AI’s role in SecOps
Insights from our webinar with Mandy Andress of Elastic and Matt Hilary of Drata
Elastic and Tines Announce Enhanced Integrated Experience to Protect Customers Against Advanced Security Threats
Elastic, the company behind Elasticsearch, and Tines, a no-code automation platform for security teams, today announced a strategic partnership to optimize how security operations and response teams prevent, detect and respond to modern security threats.