Manual threat intelligence processes leave your security team drowning in alerts, missing critical threats, and racing against attackers who don't wait - orchestrating and automating threat intelligence is your key to a proactive defense.
The good news? There's a Tines workflow for that.
Security teams need to prioritize and manage alerts effectively, often using SIEM platforms or other security orchestration tools to correlate and analyze the data. The specific types of alerts a team focuses on can vary depending on the organization's threat landscape, industry, and risk profile, but can include malware detections, network-based threats, user account and authentication alerts, or advanced persistent threats (APTs).
When it comes to threat intelligence, security teams have many responsibilities, including:
Security teams leaverage Tines to automate these tasks and more.
Augment raw security alerts with additional context such as IP reputation, domain analysis, and known threat actor tactics for faster and more accurate threat assessment and response.
Enrich high severity SIEM alerts as they are sent from Elastic to Slack, using Tines records.
Tools: Elastic, Slack, Tines
By Aaron Jewitt at Elastic
Receive CrowdStrike events to webhook, alert Slack channel, look up endpoint metadata in Oomnitza & CrowdStrike, open GitHub issues for tracking. Escalate to PagerDuty for notifying on-call resources if alert requires it.
Tools: CrowdStrike, GitHub, PagerDuty, Slack
By Lucas Cantor at Intercom
Retrieve alerts from Microsoft Defender365 and create tickets in Jira. Message a user to review the alert, perform an anti-virus scan, and collect an investigation package for forensic analysis. Then attach the results to the relevant Jira tickets, and isolate the system with Defender M365 if needed.
Tools: Microsoft, Microsoft Teams
Carry out a simple threat investigation by pulling in unresolved SentinelOne threats. Analyze each alert individually, deduplicate incidents, then create a case in Jira.
Tools: Jira Software, SentinelOne
Proactively search through networks and datasets for hidden, advanced threats using indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs) gleaned from various intelligence sources.
Scrutinize specific artifacts or observable evidence – such as IP addresses, domain names, file hashes, or email addresses to identify, validate, and contextualize potential security threats.
Identify and assess indicators of compromise (IOCs) through comprehensive analysis. Receive weekly summaries and create detailed cases for ongoing tracking and investigation.
Tools: AbuseIPDB, CrowdStrike, GreyNoise, Pulsedive, Sublime Security, Tines, URLScan.io, VirusTotal
This Story allows you to send a hash, IP, or domain to Recorded Future and returns a criticality level, summary, score, and link to Recorded Future. This Story corresponds to Recorded Future's SecOps and Threat Intel module.
Tools: Recorded Future
The Tines story library contains 1,000s of pre-built workflows to help you automate your most important tasks securely.
Businesses of all sizes from global enterprises to national laboratories automate processes at scale with Tines.
Learn how other customers have used Tines for threat intelligence
We get it. A lot of products make bold claims. There’s no way one product could do all this. Right?
Don’t take our word for it.
What to expect:
