Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

FRIDAY FLOWS #31 - Analyze Elastic alerts, block, IPs, and notify in Slack and Tines Cases Personally, my favourite partners to work with. Elastic and Tines go hand in hand technology wise. Whether you're using Elastic for SIEM, Cloud Security, Endpoint, or outside security like Observability, Tines acts as the automation glue for those tools. I hope you enjoy today's episode with Michael Tolan and as always, check out the Tines community edition in the comments to play around with this specific story and more.

FRIDAY FLOWS #31 - Beyon Cyber: An MSSP Journey from Traditional SOAR to Tines For any MSSPs out there, this is a really interesting deployment we did with Beyon. Service Providers will look to use SOAR as backend automation for their services. However, traditional SOARs can create their own problems. Requiring dedicated Dev teams to deploy & write automation. Not allowing customisable integration ability outside the box and ultimately being very resource-intensive to maintain.

Phishing is one of the biggest time consumers for security teams. Between doing enrichment on IOCs, weeding false positives & escalating real events. It's one of the biggest contributors to alert fatigue. Today we're going to show how to put a stop to that through automation in Tines. Karl Dyas joins me on this episode to break down how we handle. As always, if you want to test out Tines.

FRIDAY FLOWS Episode #30 - Normalizing Alerts using Tines AI & Creating Cases In today's episode, Michael Tolan takes us through a workflows where we're leveraging the new Tines AI Action to normalize multiple alerts and create cases in our native Case management. As always, our free Community edition is in the comments and we'd love to hear what you thought of today's episode in the comments.

From transforming data with a prompt and generated code, to directly accessing and using a language model in your workflows, our AI features make automation even more accessible and efficient for anyone in your organization. Learn how you can take multi-source security alert workflows from 25 actions to 3, reducing the potential for error and making it simpler to make updates like adding sources, change rule definitions, and more.

In this video, we'll take a look at some basic navigation around being a admin within Tines.

On today's episode, Michael Tolan from the Tines labs team is taking us through this enrichment workflow. Recorded Future is our long-time threat intel partner and has been the leader in that space for years now. This will give you some insight into how we work better together.

Rosie Halpin, Product Manager, will dive into how you can use powerful, intuitive case management in Tines to investigate, remediate, and report on security incidents. She’ll walk through how cases powers security teams to respond to events by: Join us to learn how you can build on top of your existing powerful automations in Tines with cases.

In today’s Friday Flows, Conor Dunne, from the Tines Labs team, walks us through a new story using AI to create cases and act on CrowdStrike alerts. As is the case with many alerts, there’s a lot of information, but it’s not always very clear. He first uses AI to simplify & normalize the data. Once that is done & a case is created, we can also use AI to act as a security analyst and respond with one of four actions: Suspend a user account Isolate a host Block a URL Alert the security team using PagerDuty.

We're excited to bring you another workflow from the Tines library and to introduce your new Friday Flows host Cameron Higgs! The legendary Blake Coolidge is handing over the reins for a season but he'll be back on your screens before too long. In this episode, Conor Dunne walks Cameron through a workflow that pulls leads related to the Amazon Web Services (AWS) environment flagged by Hunters and searches for users with unauthorized permissions.