Together, Tines and Elastic provide security teams with all the information they need to investigate alerts, make business critical decisions in one place all while saving valuable time and resources. By combining the value of high-fidelity detection and alerting delivered by Elastic Security with Tines’ robust automation, SOC teams can effectively support continuous monitoring, threat detection and prevention, alert enrichment, incident response and more.
Key benefits
Scale security operations efforts
Integrate context & data enrichment into alerts
Investigate & react to alerts faster
Use case examples
Example 1
Triage Elastic Alerts and send to SIEM
Handle webhook alerts from Elastic using triggers and AI. Categorize alerts and raise issues in an incident management platform with all of the relevant information to efficiently decide on next steps.
Tools
Community author
Ameer at CyberNX Technologies
Example 3
Delete Buildkite job logs
Enable incident responders to clean Buildkite logs that would be leaking secrets in the clear at scale. Deleting hundreds of job logs would be a very tedious job to do and not the best usage of time. Using a Tines page, an incident responder can input the details about the Buildkite pipeline and the story will clean all the respective logs within a couple of minutes. The other part of the story is leveraging Entro. Entro is a tool used to detect leaked secrets across various platforms. Entro users can fully automate the remediation by leveraging this story to automatically delete Buidlkite logs whenever a secret could have been leaked within such logs. All audit trails of this investigation will be stored in an Elasticsearch case.
Community author
Christopher Cutajar at Elastic
Example 5
Check Workday for unauthorized travel and alert in Slack
Get login events from JumpCloud and Google and enrich the location from the source IP. If the location matches a list of unauthorized travel sources and has not already been registered in Workday, verify the login with the user and their manager. If it is an unknown login, page the security team with OpsGenie.
Community author
Muhammet Tekbicak
Example 6
Investigate security alerts in Workbench from Slack links
This Story demonstrates how you can start a conversation with Workbench by utilizing the WORKBENCH_LINK function from an external tool, such as Slack. Start a conversation with an Elastic alert and initial GreyNoise analysis and context pre-loaded to assist the investigation.
Created by
Michael Tolan
Useful resources
Tines and Elastic partner to detect security threats and reduce mean time to respond
By combining Tines and Elastic, security teams are able to dramatically reduce dwell times, mean time to respond, and false-positive rates while also strengthening their agility and impact.
Elastic’s James Spiteri: Why SecOps teams need to focus on small incremental wins and not try to boil the ocean
James shares his experiences and learnings over the course of his career, and why he believes community support is critical during cybersecurity incidents.
Automating Detection-as-Code
Security teams today are tasked with detecting and defending more attacks and attack surfaces than ever before. Moving towards developer-centric reliable deployments can help meet these challenges head-on!
“Better context in a world that's changing quickly”: Leading CISOs discuss AI’s role in SecOps
Insights from our webinar with Mandy Andress of Elastic and Matt Hilary of Drata
ELK Stack automation and the Elasticsearch API
Automate the Elasticsearch Search API to rapidly create canned and shareable threat hunting tools for you and your team.
“Crawl, walk, run into zero trust”: a Q&A with Elastic’s John Harmon
Regional Vice President of Cyber Solutions at Elastic John Harmon shares best practices for federal agencies looking to reach their zero trust goals.
Elastic’s Mandy Andress on switching from a tech-first to people-first approach to security
The Elastic CISO speaks to Thomas Kinsella about embracing radical transparency and adopting an infrastructure-as-code approach.
How cloud engineering teams use Elastic Observability and Tines to optimize resources
With Elastic Observability and Tines, cloud engineers can build workflows to help maximize resource utilization and minimize expenses.
Elastic and Tines Announce Enhanced Integrated Experience to Protect Customers Against Advanced Security Threats
Elastic, the company behind Elasticsearch, and Tines, a no-code automation platform for security teams, today announced a strategic partnership to optimize how security operations and response teams prevent, detect and respond to modern security threats.