Automating Threat Intel Enrichment
Start for free with this workflow
Tines enables customers to automate the essential manual tasks analysts routinely perform to enrich alerts with threat intelligence.
Threat intelligence enrichment is a critical component of any incident investigation process, helping remove false-positives and distill actionable intelligence by providing more details and context.
A secure, stable, and agile automation solution, Tines helps customers streamline and manage what is typically a complicated and time-consuming process at scale, making them better prepared for high-priority incidents.
Customers can leverage customizable templates and easy-to-configure agents within Tines to:
- Ingest alerts from SIEM, EDR, Firewall, or other security tools.
- Extract IOCs from alerts e.g. IPs, Domains, URLs, Hashes, etc.
- Deduplicate Alerts based on multiple parameters.
- Query Multiple Threat Intelligence sources or Threat Intel Platform for IOC reputation.
- Filter and eliminate alerts for IOCs classified as known good or low risk.
- Increase the alert priority for IOCs classified as recently observed and high risk.
- Search and add context from historical events in your security tools.
- Create a case in a case management system, Share Threat Intel & Block IOCs.
Automate Manual Processes
Manage large volume workflows by automating manual processes: ingesting data from multiple platforms, extracting IOCs, and enriching alerts.
Save time filtering false-positives, eliminate alerts based on severity, and take action on events impacting your organization.
Standardize the process of taking action on high-risk alerts.
Numbers Say it All
Demonstrate time-savings and return on investment utilizing Tines’ metrics report.
- Estimated Deployment Time: 2 hours
- Required Tools: Threat Intel Source (e.g. GreyNoise, URLScan), SIEM/EDR/Firewall, Case Management (e.g. JIRA / ServiceNow)
- Optional Tools: Threat Intelligence Platform (e.g. Recorded Future, TruSTAR, Anomali)