Thinkst Canary × Tines

Integrating Tines’ automated workflows with Thinkst Canary’s high-fidelity intrusion detection enhances your organization’s security posture by streamlining threat detection and response efforts.

Book a demo Sign up free

Pre-built templates

With Tines, you can easily take any action that has a defined API. We've already pre-built some of the most popular ones for you, so you can build quickly.

Update canarytoken redirect URL in Thinkst Canary

Remove AWS S3 canarytoken in Thinkst Canary

Device IPs in Thinkst Canary

Update canarytoken memo in Thinkst Canary

Unacknowledged incidents in Thinkst Canary

Search incidents in Thinkst Canary

Search canarytokens in Thinkst Canary

Search CanaryTokens

Remove a generic webhook in Thinkst Canary

Ping in Thinkst Canary

Pending bird commissions in Thinkst Canary

Paginate canarytokens in Thinkst Canary

Outside bird alerts in Thinkst Canary

Live birds in Thinkst Canary

List kinds of canarytokens in Thinkst Canary

List generic webhooks in Thinkst Canary

List canarytokens available via canarytoken factory in Thinkst Canary

List canarytoken factory auth strings in Thinkst Canary

Incident history for source i p in Thinkst Canary

Get user auth in Thinkst Canary

Build your own connections

With Tines, you can easily take any action that has a defined API using an HTTP request. To build even more quickly, copy a cURL command and paste it into the storyboard.

cURL request

curl -v   -X GET   --location   "https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY"   -H 'Content-Type: application/json'

Paste in your Tines story

Full workflow examples

Explore pre-built workflows for Thinkst Canary. Use them for inspiration or as a starting point to build your custom automation solution.

Explore all →

Deploy Canarytoken using CrowdStrike RTR

Deploy a Thinkst Canarytoken using CrowdStrike's Real Time Response (RTR) API and post the results to a Slack channel.

Tools: CrowdStrike, Slack, Thinkst Canary

By Tyron Kemp at Thinkst Canary

Hunt, contain, and escalate threats with Thinkst Canary

Use this Story to interrogate alerts, communicate with your team, and take whatever action is needed, whether it means digging a little deeper or initiating containment or escalation.

Tools: Thinkst Canary

Enrich Canarytoken alerts and notify the security team

Enrich Thinkst Canarytokens to detect external or insider threats. Identify who triggered the alert, search for additional context, and notify security team for response.

Tools: AbuseIPDB, Thinkst Canary

By Dennis Chow

Check Thinkst Canary alerts in GreyNoise and record in runZero

Investigate Thinkst Canary alerts by sending IPs to GreyNoise for context and tagging, then record the asset in runZero. This Story was created by Justin Varner.

Tools: GreyNoise, runZero, Thinkst Canary

By Justin Varner

Connect quickly

It takes minutes, not months, to connect to tools in Tines.

Credentials documentation

Learn how to use credentials in Tines.

Thinkst Canary authentication guide

Learn how to authenticate Thinkst Canary for use with Tines.

Explore more resources

Check out our blogs that mention Thinkst Canary, browse our learning paths, and more.

Blog

Breaking the attacker cycle with Thinkst Canary and Tines

Read now

Case studies

Powerful users, powerful studies

Discover how companies – from Fortune 10 to startups – apply Tines to transform the way their teams operate.

Read case studies

Learn

Tines University

Build your knowledge with dedicated learning paths at all levels.

Start learning

Learn

Learn to use Tines with our documentation

Go to docs

Trusted by industry innovators

Built by you,
powered by Tines

Book a demo Sign up free

Meet the product

Cases

Workbench

AI in Tines

Build apps

What’s new?

By product

Professional services

Partners

Tines Blog →

Case studies

Library

University

Tines Explained ↗

Customer center

About

Careers

Contact

Slack Community ↗

Newsroom