Thinkst Canary × Tines

Integrating Tines’ automated workflows with Thinkst Canary’s high-fidelity intrusion detection enhances your organization’s security posture by streamlining threat detection and response efforts.

Book a demoSign up free

Pre-built templates

With Tines, you can easily take any action that has a defined API. We've already pre-built some of the most popular ones for you, so you can build quickly.

Update canarytoken redirect URL in Thinkst Canary
Remove AWS S3 canarytoken in Thinkst Canary
Device IPs in Thinkst Canary
Update canarytoken memo in Thinkst Canary
Unacknowledged incidents in Thinkst Canary
Search incidents in Thinkst Canary
Search canarytokens in Thinkst Canary
Search CanaryTokens
Remove a generic webhook in Thinkst Canary
Ping in Thinkst Canary
Pending bird commissions in Thinkst Canary
Paginate canarytokens in Thinkst Canary
Outside bird alerts in Thinkst Canary
Live birds in Thinkst Canary
List kinds of canarytokens in Thinkst Canary
List generic webhooks in Thinkst Canary
List canarytokens available via canarytoken factory in Thinkst Canary
List canarytoken factory auth strings in Thinkst Canary
Incident history for source i p in Thinkst Canary
Get user auth in Thinkst Canary

Build your own connections

With Tines, you can easily take any action that has a defined API using an HTTP request. To build even more quickly, copy a cURL command and paste it into the storyboard.

cURL request

curl -v -X GET --location "https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY" -H 'Content-Type: application/json'

Paste in your Tines story

Full workflow examples

Explore pre-built workflows for Thinkst Canary. Use them for inspiration or as a starting point to build your custom automation solution.

Deploy Canarytoken using CrowdStrike RTR

Deploy a Thinkst Canarytoken using CrowdStrike's Real Time Response (RTR) API and post the results to a Slack channel.

Tools: CrowdStrike, Slack, Thinkst Canary

By Tyron Kemp at Thinkst Canary

Hunt, contain, and escalate threats with Thinkst Canary

Use this Story to interrogate alerts, communicate with your team, and take whatever action is needed, whether it means digging a little deeper or initiating containment or escalation.

Tools: Thinkst Canary

Enrich Canarytoken alerts and notify the security team

Enrich Thinkst Canarytokens to detect external or insider threats. Identify who triggered the alert, search for additional context, and notify security team for response.

Tools: AbuseIPDB, Thinkst Canary

By Dennis Chow

Check Thinkst Canary alerts in GreyNoise and record in runZero

Investigate Thinkst Canary alerts by sending IPs to GreyNoise for context and tagging, then record the asset in runZero. This Story was created by Justin Varner.

Tools: GreyNoise, runZero, Thinkst Canary

By Justin Varner

Connect quickly

It takes minutes, not months, to connect to tools in Tines.

Credentials documentation

Learn how to use credentials in Tines.

Thinkst Canary authentication guide

Learn how to authenticate Thinkst Canary for use with Tines.

Explore more resources

Check out our blogs that mention Thinkst Canary, browse our learning paths, and more.

Blog

Breaking the attacker cycle with Thinkst Canary and Tines

Read now

Case studies

Powerful users, powerful studies

Discover how companies – from Fortune 10 to startups – apply Tines to transform the way their teams operate.

Read case studies

Learn

Tines University

Build your knowledge with dedicated learning paths at all levels.

Start learning

Learn

Learn to use Tines with our documentation

Go to docs

Trusted by industry innovators

CanvaCode42CoinbaseElasticGitLabIntercom
MarsMcKessonOak Ridge National LaboratoryOpenTableSnowflakeReddit

Built by you,
powered by Tines

Book a demoSign up free

Already have an account? Log in.