Automating Suspicious Login Alerts
Tines enables customers to automate the essential manual tasks that analysts routinely perform when responding to suspicious login alerts.
Some 43% of all online login attempts are reportedly malicious. A secure, stable, and agile automation solution, Tines improves customers' visibility and helps keep their users' accounts safe from manipulation by helping them to respond faster, take action automatically, and streamline their internal processes.
Customers can leverage customizable templates and easy-to-configure agents within Tines to:
- Receive suspicious login alerts via webhook or email, or pull alerts from an API.
- Retrieve information on the employee, device(s), and location.
- Enrich alert utilizing historical data and threat intelligence sources.
- Check with employee to see if they initiated the action using email or collaboration tool.
- Determine if activity was employee-initiated or suspicious.
- Quarantine device and gather details from all relevant networking tools: EDR, Firewall, SIEM, etc.
- Open Case Management tickets with all relevant details and enrichment.
- Escalate to relevant team members via PagerDuty, collaboration tool or email.
Automate Manual Processes
Remove bottlenecks and manage large volume workflows by automating the process of collecting data and enrichment from multiple platforms and sources.
Reduce the amount of time spent responding to duplicate events and false positives.
Streamline and standardize your process of responding and taking action in your security tools.
Numbers Say it All
Demonstrate time savings and return on investment utilizing Tines’ metrics report.
- Estimated Deployment Time: 2 Hours
- Required Tools: SIEM (e.g. Splunk, Sumo Logic) or Identity Management (OKTA, Ping)
- Optional Tools: Collaboration tool (e.g. Slack, Microsoft Teams), Case Management (e.g. Jira, ServiceNow, The Hive)