Automating Threat Intel Enrichment
Tines enables customers to automate the essential manual tasks analysts routinely perform to enrich alerts with threat intelligence.
Threat intelligence enrichment is a critical component of any incident investigation process, helping remove false-positives and distill actionable intelligence by providing more details and context.
A secure, stable, and agile automation solution, Tines helps customers streamline and manage what is typically a complicated and time-consuming process at scale, making them better prepared for high-priority incidents.
Customers can leverage customizable templates and easy-to-configure agents within Tines to:
- Ingest alerts from SIEM, EDR, Firewall, or other security tools.
- Extract IOCs from alerts e.g. IPs, Domains, URLs, Hashes, etc.
- Deduplicate Alerts based on multiple parameters.
- Query Multiple Threat Intelligence sources or Threat Intel Platform for IOC reputation.
- Filter and eliminate alerts for IOCs classified as known good or low risk.
- Increase the alert priority for IOCs classified as recently observed and high risk.
- Search and add context from historical events in your security tools.
- Create a case in a case management system, Share Threat Intel & Block IOCs.
Automate Manual Processes
Manage large volume workflows by automating manual processes: ingesting data from multiple platforms, extracting IOCs, and enriching alerts.
Save time filtering false-positives, eliminate alerts based on severity, and take action on events impacting your organization.
Standardize the process of taking action on high-risk alerts.
Numbers Say it All
Demonstrate time-savings and return on investment utilizing Tines’ metrics report.
- Estimated Deployment Time: 2 hours
- Required Tools: Threat Intel Source (e.g. GreyNoise, URLScan), SIEM/EDR/Firewall, Case Management (e.g. JIRA / ServiceNow)
- Optional Tools: Threat Intelligence Platform (e.g. Recorded Future, TruSTAR, Anomali)