Friday Flows

First in a series of short videos showing a simple use case in each episode. In this episode we run through an overview of what Tines is and how it works.

Join Blake and Chris as they talk through Threat Intelligence Enrichment

Employee onboarding & offboarding. Often owned by both IT & security, and ripe for automation to help reduce repetitive manual work & human error.

Topics covered:
1. How Tines uses Tines.
2. A demo of New Hire Onboarding with systems like BambooHR, Atlassian, Okta, and Slack.
3. How PathAI is saving 45 minutes per onboarding request compared to manual processes.

This Story will run a given CrowdStrike RTR command against a provided Host ID. All default RTR scripts can be used.

Friday Flows is highlighting a few CrowdStrike-related stories ahead of Fal.Con later this month.

Spending too much time enriching, analyzing, and administering CrowdStrike alerts?

Our #1 CrowdStrike Story can help you automate your EDR playbook by digesting the alert, automatically enriching the alert, opening a case, creating metrics, and notifying the right analysts when needed.

Then need to take a response action?

Tines can help facilitate that process too with Cases. From one place, multiple tools can be connected painlessly.

The strides in GenAI have been remarkable this year, but we're all still trying to figure out how to impact our day-to-day work.

In this demo, we use AI in the best way we know how to at Tines: by speeding up a security analyst's work and making their life a little easier!

Use ChatGPT to normalize alert formats, in this case from CRWD. Alerts from multiple sources are converted into a standard format for easier processing by a SOC, and a ticket is then created.

The majority of SOC teams are overworked & under-appreciated. Generally, they get flooded with alerts. There aren't enough human beings or resources to deal with the volume of alerts.

So teams will 'turn down' their SIEM solutions so that they can deal with a realistic volume.

The downside is that you're going to miss alerts you should deal with & you're going to get a lot of false positives."

Stephen Creedon shares a highly popular Tines workflow to do the opposite: turn your SIEM (Elastic) up to 100 and let smart, secure workflows built by you & powered by Tines take care of the analysis for you.

This week’s Friday Flows features our first Community-built story. Big thank you to Christopher Cutajar for sharing his “Manage Elasticsearch and GKE clusters via Slack” workflow and for highlighting the great work of his team at Elastic overall.

"As a team, we've built quite a lot of stuff. Both Tines and Elastic are easy to work with & provide value not just with security, but provide a platform for anyone technical or non-technical to enable the business."

A common challenge we hear from IT teams is the constant barrage of requests for applications.

These can come from new hires, people transitioning roles, consultants & third-parties, etc.

Whitney Young runs through a great story using Tines pages where folks can initiate a self-serve application request that triggers an automation workflow to:

1. Open a new Jira ticket
2. Slack the IT team for approval
3. Grant or deny access for a specific amount of time
4. Remove access when time expires

What happens when a team member reports a lost laptop on a Friday evening? In most cases, it doesn't get locked down by IT until Monday morning

Enter automation. This Tines story created by Conor Dunne allows users to mark the device as lost and prevent further access through Jamf.

Conor & the Labs team will be recording more walkthroughs like this & adding them directly to the Story Library to help you bring them to life in your tenant.

The question of the week from a customer was: “How do we use Tines with our Infrastructure-as-Code methodology?”

Today we’re looking at how to automate processes around Terraform Cloud, like documentation, opening tickets, and getting approval for changes in the cost of the infrastructure.

Use this workflow to save time, maintain consistent records for audits, and manage incremental infrastructure costs.

On this Friday Flows Jesse Strivelli shares a side-by-side comparison of an automation written in Python & built in Tines.

The workflow is around triaging alerts for an eCommerce business. The goal is to ingest the alert, enrich & get further analysis, and take action if there's a high-risk score.

Jesse has been a software developer at Fortune 100 organizations for most of his career. And while coding remains near & dear to his heart, he shares how building in Tines now saves him time & headaches.