AWS × Tines

Automate cloud security with AWS and Tines

Automate cloud security
with AWS and Tines

An illustration of a tunnel connecting the sky to the ground

Cloud security is a fast-changing and dynamic environment which results in many teams struggling to know what is serious and what is noise.

Tines, built exclusively on AWS, helps teams quickly remediate known threats while effectively triaging the new. Providing a user friendly interface to build automation Stories, teams are able to quickly create new workflows, utilizing native AWS APIs to create solutions based on their team’s needs. Tines also is packaged with thousands of Action templates to utilize threat detection services outside of the AWS ecosystem.

Tines allows AWS customers to...


security alerts management


incident response


accuracy and remediation timelines

Use case examples

Example 1

Detect and Block Bucket Public Access Policy with and AWS

Identify issues in Create an issue, add comments for response decisions, and send it up for review before drafting and sending an email.

Example 2

Analyze AWS IAM policies for sensitive access permissions

Evaluate current or newly created AWS IAM policies for sensitive access permissions and obtain recommendations through Tines AI.



Created by

Michael Tolan

Example 3

Real-Time API Threat Detection and Mitigation with and AWS WAF

Detecting API security anomalies with involves using advanced monitoring to detect unusual patterns and behaviors in API traffic, leveraging AI to identify anomalies like traffic spikes, unfamiliar IP addresses, and suspicious request patterns. Automated alerts trigger responses, including updating AWS WAF rules to block offending IPs and thwart malicious requests, ensuring APIs are safeguarded against evolving threats.

Example 4

Leverage AWS Bedrock for investigation help in Tines cases

Tag a service account in a Tines case to trigger AWS Bedrock based AI assistance in the investigation of a Tines case. Context from the case will be provided to AI and the response will be left in the case as a new comment. The associated story and actions are provided as is and the customer is not responsible for maintaining the code or any activity derived from the usage of the code.



Community author

Adam Maksimuk at Navan

Example 5

Detect and remediate malware issues in Wiz with SentinelOne and The Hive

Retrieve critical alerts related to malware from Wiz. Create a case in TheHive and run automated remediation using SentinelOne.

Example 6

Sysdig Cloud Detection, Document with Jira, and Respond with Tines

This story recieves Sysdig Kubernetes threat alerts through the webhook integrations. The story then retrieves asset information sysdig . Tines calls on Jira to documents each alert for tracking purposes. The story will take steps in to executing response automated workflows based on the alert type.

Community author

Manuel Boira at Sysdig

Whether it’s EDR, traffic behavior analysis, firewall management, IDS, phishing simulations, or anything else we use, Tines is very easy to plug into everything, get the alerts we want, and have it process them. That takes hours off our work.

Joel Perez-Sanchez
Security Engineer
Logo of Joel Perez-Sanchez

Tines is very intuitive in pretty much every aspect; the platform is just really easy to use, so it does a really good job at saving time. The time saved pays for itself, in my opinion.

Dylan White
Information Security Engineer
Logo of Dylan White

Automate cloud security
with AWS and Tines