Overview
Tines exists to empower people to automate work without needing coding knowledge. With our completely private and secure AI model built into Tines, it is easier than ever to build, run, and monitor your most important workflows. Today you will learn a bit about our newest AI feature, Workbench, a leading AI chat interface that can draw on the power of your Tines workflows.
In this training, you will:
Enable a story and templates for Workbench
Use Workbench to:
Search across devices for vulnerabilities
Visualize the data in tables and graphs using Python code
Enrich a vulnerability
Build a markdown template for a Tines case (or build an html template for an email)
Create a Tines case (or send an email based on your findings)
Your personal AI chat interface
Tines loves AI and LLMs as they can be powerful tools in automation. Expanding on our previous AI features, here at Tines, we wanted to take AI automation to the next level by providing an AI chat interface for running your Tines stories called Workbench. Workbench removes the need to switch context between applications, offering a singular view to run and monitor in the context of real-time scenarios or events.
And just like our other AI features, it runs entirely within our infrastructure, scoped only to your individual tenant. Data never touches the Internet, is never logged, and is never used for training. Our customers get all of the power of top tier LLMs, without any exposure of their critical data. You can read more at Tines Explained.
Workbench specifically is user-scoped, meaning that users can only interact with stories or action templates that they have permissions to interact with through their team or tenant-level settings.
💡Note
Let the building begin
With the overview out of the way, it's time to see how you can leverage Workbench to seamlessly take on the role of an analyst - with the help of an AI chat interface.
💡Note
Enabling a story for Workbench
First, you need set up your story to be used for Workbench.
The option to enable the story for Workbench is located under the “Send to Story” settings on the configuration menu on the right. Click the slider next to “Send to Story” to enable it.
Setting up stories for Workbench and Send to Story both require defining input values as well as input and output actions. The only difference is how the story is triggered, either via another story or Workbench.
Next, set the input and output actions for the story. Configure the input action by clicking the dropdown beneath “Input” and select the webhook action named “Input”. Configure the output action(s) by clicking the dropdown next to “Output” and selecting the “Output: Successful” and “Output: No Results” actions.
Clicking the "+" button next to “Send to Story inputs” adds and defines the input values. There is currently one labeled "Query" of type “Option”. The two options will be “a specific CVE” or “all open CVEs” and it will be a required input value. The story has two path options - either getting all open CVEs or looking for a specific CVE across hosts.
Add another input of type "Text" and label it "CVE". This will be for the CVE value to be passed if a specific CVE is being queried.
Next, scroll down to the “Enable for” options and choose “Workbench”.
There is also an option to require confirmation. This is to add another layer of security before Workbench takes any action, allowing for user confirmation before proceeding. For now, leave that selected. Close that menu by clicking on the storyboard.
The last important step for enabling a story for Workbench is to make sure that there is a detailed description. Workbench uses the descriptions on your stories to decide which story best fits your needs. The better your description, the smarter Workbench can be.
Check out the description under the story configuration options on the right pane.
This story searches for all open vulnerabilities or for a specific vulnerability by CVE ID in Crowdstrike based on the query. If one or more hosts are present with that vulnerability, the host information is gathered and returned.
Set up your credential
If you have already configured a bootcamp_api credential, you can skip to “Interacting with Workbench”, otherwise follow these steps to build your credential.
💡Note
Create a new credential by clicking anywhere on the storyboard to bring up the story menu on the right pane. Find the “Credentials” section.
Note that your story will alert you of a missing credential. Hover over bootcamp_api and click on "Connect" that is shown to the right.
Click “+ Create credential” at the bottom of the modal that pops up, and then select “Text”.
Leave the name as bootcamp_api and for the value, type “secret_api_key”.
Scroll down in the credential builder and find "URLs and Domains" under the "Additional Configurations". Type in toolkit.tines.com.
💡Note
Click "Save".
Interacting with Workbench
In the upper righthand corner of the storyboard, there is a button with a star on it. This will open up the Workbench chat interface.
💡Note
On the left side, you can see templates and stories that can be made available to Workbench.
Access to Workbench is scoped to the individual user, which means that tool configurations, chats, and custom instructions are specific to each user. Within Workbench, users can enable credentials or stories they have access to run within Tines.
💡Note
Presets can be created by team admins to pre-configure a set of Workbench components (this includes templates, stories, credentials and custom instructions) to be available for use by all users in a team.
By clicking a template and configuring credentials, or clicking a story, you can see the green button light up, which means Workbench can automatically use these tools or stories to serve your requests in the chat.
If a template for a tool is not available, it is possible to create custom templates, also known as private templates.
Click on “Stories” and select “Tines Bootcamp - Workbench” to make it available to workbench.
The popout provides the option for enabling and disabling stories and templates without needing confirmation. Check this option and click "Confirm".
Search for a vulnerability
Let’s say there is a new CVE that may be present in devices within your environment and it needs to be checked and possibly remediated. With your story enabled, type the following to Workbench in the chat bar:
"Can you search CrowdStrike for the vulnerability CVE-2025-21298?"
Workbench will call the story with that specified CVE as the "CVE" input and "a specific CVE" as the "Query" option. You can click on the “<>” button to see the raw JSON input and outputs.
💡Note
Formatting vulnerability data
Workbench excels at summarizing, condensing and reformatting large amounts of data. Call the story again, but this time searching for all open vulnerabilities across all hosts. Additionally, Workbench can be prompted to format the data in a way that is easier to digest.
“Search for all open vulnerabilities in Crowdstrike and return the data in a table format."
💡Note
Workbench can also leverage Python code, known as code analyst, to perform more complex data transformations such as charts and graphs.
"Create a bar chart of the vulnerabilities based on severity.”
When clicking on the “<>” button, Workbench shows the raw Python code being generated based on the prompt and the subsequent output. This can sometimes take a few minutes.
🪄Tip
🪄Tip
Enriching the CVE
Continuing with the original CVE, now that a host affected has been identified, the next step is to gather additional enrichment data in order to assess the threat level.
Click on the templates tab on the left and search for a template named “Tines Bootcamp”. Hover over this template and click the “Connect” button to enter the credential modal.
Click “Choose existing credential” and choose the bootcamp_api credential created earlier.
Upon selecting the credential, the modal will ask which templates you would like to enable. Select “Get CVE Enrichment” and then click “Close”.
You can now see the template is enabled, represented by the green icon. Now click on the chat input and ask Workbench the following.
"Get enrichment information for CVE-2025-21298."
Creating a case
This section will only be relevant for tenants that have cases enabled. Community edition tenants do not have cases enabled. Click here for more information on Tines case management. If you are following the self-paced bootcamp version, skip to the next section here.
Now that you have enriched the CVE, the next step will be to open a case. This action will be included within the “Tines” template. Using the search bar on the left pane, look for “Tines”.
Hover over the “Tines” option and click “Connect” and then “Connect new credential”. This will lead you through the connect flow for creating a Tines credential.
When selecting the API key type, choose “personal” and name it tines_cases_api . For actions, search and select "Create a case" and "List teams".
Let’s open a case and specifically add in some markdown formatting of the data findings. The team ID is needed for the Tines API to create a case, so Workbench needs to gather that info first.
"Look up my team ID and then create a case in my team with markdown tables for the CVE and host data".
💡Note
Workbench provides an overview of case details in addition to a link to the case - click on it to open it in another tab.
Workbench does a great job at quickly formatting data and filling in the blanks for key security concerns and recommended next steps. It even automatically determined the level of priority that the case should be.
🪄Tip
Draft and send an email
For self-paced users using a tenant without cases, another option in this scenario is to draft and send an email instead. You will need to import this story from the story library into your tenant.
For your convenience, this story is already enabled for workbench, and the inputs and outputs are already selected.
This story also already has a description so you can continue on.
Return to Workbench, by clicking on the Tines logo in the top left of your page, and then clicking on “Workbench” in the top right
On the left pane, click on “Stories” and enable the “Draft or send an email” story by clicking it (and note the green dot icon lights up).
💡Note
Use the prompt below in the chat to draft an email.
"Create an email draft with html tables for the CVE and host data and include recommended next steps".
Workbench will provide an overview of the draft that it has created. You can then send the email to your own email, which Workbench already knows based off of your user information within the Tines tenant.
"Send the email".
Wrap up
Congratulations, and thank you for sticking with us to the end! We went through setting up credentials, enabling stories for Workbench, using Workbench to call out to different API endpoints including searching for CVEs across hosts, enriching vulnerabilities, formatting data and creating a case and or drafting and sending an email.
Most importantly, you were able to automate tasks as a security analyst quickly and efficiently - all from an AI chat interface.
More resources
Discover more use cases and prebuilt stories in our Library.
Come talk to us on our Community Slack by signing up here.
Check out more of our learning content in the Tines University.
Take the next step and get certified for no cost here.
Want to talk more? You can book a demo with our team on our Pricing Page.