Friday Flows

First in a series of short videos showing a simple use case in each episode. In this episode we run through an overview of what Tines is and how it works.

Join Blake and Chris as they talk through Threat Intelligence Enrichment

Employee onboarding & offboarding. Often owned by both IT & security, and ripe for automation to help reduce repetitive manual work & human error.

Topics covered:
1. How Tines uses Tines.
2. A demo of New Hire Onboarding with systems like BambooHR, Atlassian, Okta, and Slack.
3. How PathAI is saving 45 minutes per onboarding request compared to manual processes.

This Story will run a given CrowdStrike RTR command against a provided Host ID. All default RTR scripts can be used.

Friday Flows is highlighting a few CrowdStrike-related stories ahead of Fal.Con later this month.

Spending too much time enriching, analyzing, and administering CrowdStrike alerts?

Our #1 CrowdStrike Story can help you automate your EDR playbook by digesting the alert, automatically enriching the alert, opening a case, creating metrics, and notifying the right analysts when needed.

Then need to take a response action?

Tines can help facilitate that process too with Cases. From one place, multiple tools can be connected painlessly.

The strides in GenAI have been remarkable this year, but we're all still trying to figure out how to impact our day-to-day work.

In this demo, we use AI in the best way we know how to at Tines: by speeding up a security analyst's work and making their life a little easier!

Use ChatGPT to normalize alert formats, in this case from CRWD. Alerts from multiple sources are converted into a standard format for easier processing by a SOC, and a ticket is then created.

The majority of SOC teams are overworked & under-appreciated. Generally, they get flooded with alerts. There aren't enough human beings or resources to deal with the volume of alerts.

So teams will 'turn down' their SIEM solutions so that they can deal with a realistic volume.

The downside is that you're going to miss alerts you should deal with & you're going to get a lot of false positives."

Stephen Creedon shares a highly popular Tines workflow to do the opposite: turn your SIEM (Elastic) up to 100 and let smart, secure workflows built by you & powered by Tines take care of the analysis for you.

This week’s Friday Flows features our first Community-built story. Big thank you to Christopher Cutajar for sharing his “Manage Elasticsearch and GKE clusters via Slack” workflow and for highlighting the great work of his team at Elastic overall.

"As a team, we've built quite a lot of stuff. Both Tines and Elastic are easy to work with & provide value not just with security, but provide a platform for anyone technical or non-technical to enable the business."

A common challenge we hear from IT teams is the constant barrage of requests for applications.

These can come from new hires, people transitioning roles, consultants & third-parties, etc.

Whitney Young runs through a great story using Tines pages where folks can initiate a self-serve application request that triggers an automation workflow to:

1. Open a new Jira ticket
2. Slack the IT team for approval
3. Grant or deny access for a specific amount of time
4. Remove access when time expires

What happens when a team member reports a lost laptop on a Friday evening? In most cases, it doesn't get locked down by IT until Monday morning

Enter automation. This Tines story created by Conor Dunne allows users to mark the device as lost and prevent further access through Jamf.

Conor & the Labs team will be recording more walkthroughs like this & adding them directly to the Story Library to help you bring them to life in your tenant.

The question of the week from a customer was: “How do we use Tines with our Infrastructure-as-Code methodology?”

Today we’re looking at how to automate processes around Terraform Cloud, like documentation, opening tickets, and getting approval for changes in the cost of the infrastructure.

Use this workflow to save time, maintain consistent records for audits, and manage incremental infrastructure costs.

On this Friday Flows Jesse Strivelli shares a side-by-side comparison of an automation written in Python & built in Tines.

The workflow is around triaging alerts for an eCommerce business. The goal is to ingest the alert, enrich & get further analysis, and take action if there's a high-risk score.

Jesse has been a software developer at Fortune 100 organizations for most of his career. And while coding remains near & dear to his heart, he shares how building in Tines now saves him time & headaches.

It took us 14 episodes but we're finally highlighting the #1 most popularly used story in the Tines Library.

Investigating phishing email senders, URLs, and attachments can eat up hours of an analyst’s time - this Tines story demoed by Michael Tolan does everything for you.

Connecting services like VirusTotal, urlscan.io, and EmailRep from Sublime Security across multiple story forks, it includes several options for submitting suspicious emails and displaying the results.

Data enrichment can come from many different places. Often this information resides inside of internal databases.

The process to get this data can be complicated today. You may have to install ODBC connectors and then start writing it out in code. Sometimes you can use a management tool, like SQL Management Studio, which has great displays, but take up a lot of memory on your computer.

Instead, Tines can connect to these data sources so the automation pipeline can include customer specific data points.

Jesse Strivelli runs through a few different Story examples, including pulling data from Amazon Web Services (AWS), MongoDB, Snowflake, and Amazon DynamoDB.

Monitor Intercom (or any channel like Zendesk, Slack, email, etc.) to scan messages for data leak.

This Tines story can help catch sensitive information and help you stay proactive by automatically creating a case for your team to manage.

Tines & Teams... has a nice ring to it!

Rosie Halpin, our newest Product Manager, walks through the new & improved ways to quickly get connected, start sending messages, and build powerful automations that send relevant information to users in Teams.

Aaron Sandow said it's now so simple & easy to use he could teach his grandparents to connect Tines to Teams!

Learn how Intercom is automating use cases like:

Employee lifecycle management
Hardware issue reporting
Access request management
Security alert notifications

"For a long time, we’ve had this goal to empower other people in our company to automate their own processes, without having to wait on engineers to have bandwidth."

With an interface that teams in IT infrastructure, cloud security, IT support, and customer solutions can easily use, Tines is helping Intercom create that all-important culture of secure automation faster.

Analyst’s often take in IOCs from many different sources and manually copy & paste them into security tools to search for them across environments or add them to blocklists. This can be time-consuming & repetitive.

This Friday Flows features a workflow that utilizes APIs to easily manage IOC’s in CrowdStrike & collaborate with peers in Slack.

Launching an AWS EC2 instance can be done in seconds, but are they being set up securely for success?

In today's Friday Flows, Michael Tolan helps us celebrate the 700th Tines Story Library addition with a look at a customer submitted workflow to audit and remediate default security groups for virtual machines in AWS.

Learn more about one of our most popular workflow templates: Onboard Employees & Grant Access to Specific Tools where Conor Dunne shows how easy it is.

A fundamental pillar of cybersecurity continues to be employee education & awareness.

Today's Friday Flows features an easy way to test your employees & teach them to keep an eye out for suspicious emails.

This Tines story created by Conor Dunne grabs a list of employees from your HR system and sends them a simulated phishing email. A Tines Case will be created to track if a link in the email is clicked.

"This is a great example of the power of Tines. You can automate something simple, but also very manual & time-consuming."

Michael Tolan continues our cloud security series & walks us through a workflow to easily identify and manage Azure Entra ID guest accounts detected by Wiz. In seconds, take action by disabling or deleting any undesired guest accounts via a Tines page.

Great Friday Flows today with Conor Dunne. He built this story to send notifications when a new device is enrolled in Jamf, check CrowdStrike to see if the device is also located there, and respond to a Slack thread with the findings.

They have impressively:

Reduced workflow build time by 95%, compared to Python
Have 4x more team members automating
Saved 150 hours in the first month of using Tines

Don't have a technical background, but want to create automations that can help your daily work?

Check out Tines University: https://lnkd.in/eVuaVKbd

Andrew Lee, a Business Development Rep here at Tines, recently completed the certification & learned how to create Tines stories. In this Friday Flows, he walks through an API Pagination story to grab Star Wars characters.

No matter your skill set, it's easy to get started. In a matter of weeks, you'll be prepared to build powerful workflows and start reducing mundane, repetitive tasks.