Together, Tines and Elastic provide security teams with all the information they need to investigate alerts, make business critical decisions in one place all while saving valuable time and resources. By combining the value of high-fidelity detection and alerting delivered by Elastic Security with Tines’ robust automation, SOC teams can effectively support continuous monitoring, threat detection and prevention, alert enrichment, incident response and more. Learn how Texas A&M University System Cyber Operations drives efficient scaling with Tines and Elastic.
Key benefits
Scale security operations efforts
Integrate context & data enrichment into alerts
Investigate & react to alerts faster
Use case examples
Example 2
Delete Buildkite job logs
Enable incident responders to clean Buildkite logs that would be leaking secrets in the clear at scale. Deleting hundreds of job logs would be a very tedious job to do and not the best usage of time. Using a Tines page, an incident responder can input the details about the Buildkite pipeline and the story will clean all the respective logs within a couple of minutes. The other part of the story is leveraging Entro. Entro is a tool used to detect leaked secrets across various platforms. Entro users can fully automate the remediation by leveraging this story to automatically delete Buidlkite logs whenever a secret could have been leaked within such logs. All audit trails of this investigation will be stored in an Elasticsearch case.
Community author
Christopher Cutajar at Elastic
Example 4
Check Workday for unauthorized travel and alert in Slack
Get login events from JumpCloud and Google and enrich the location from the source IP. If the location matches a list of unauthorized travel sources and has not already been registered in Workday, verify the login with the user and their manager. If it is an unknown login, page the security team with OpsGenie.
Community author
Muhammet Tekbicak
Example 5
Investigate security alerts in Workbench from Slack links
This Story demonstrates how you can start a conversation with Workbench by utilizing the WORKBENCH_LINK function from an external tool, such as Slack. Start a conversation with an Elastic alert and initial GreyNoise analysis and context pre-loaded to assist the investigation.
Created by
Michael Tolan
Example 6
Build and search MITRE ATT&CK semantic index in Elastic
This workflow creates an index of the MITRE ATT&CK framework in Elasticsearch with semantic search capabilities. It enables analysts to efficiently search and correlate MITRE techniques to an alert or ticket description even when exact keywords aren’t used. This enhances threat detection, incident response, and security strategy by providing deeper insights into potential threats.
Created by
Michael Tolan
Useful resources
Announcing a new joint product offering from Tines and Elastic
“Better context in a world that's changing quickly”: Leading CISOs discuss AI’s role in SecOps
How cloud engineering teams use Elastic Observability and Tines to optimize resources
Elastic’s Mandy Andress on switching from a tech-first to people-first approach to security
“Crawl, walk, run into zero trust”: a Q&A with Elastic’s John Harmon
Automating Detection-as-Code
Tines and Elastic partner to detect security threats and reduce mean time to respond
Elastic’s James Spiteri: Why SecOps teams need to focus on small incremental wins and not try to boil the ocean
ELK Stack automation and the Elasticsearch API
Elastic and Tines Announce Enhanced Integrated Experience to Protect Customers Against Advanced Security Threats
Elastic, the company behind Elasticsearch, and Tines, a no-code automation platform for security teams, today announced a strategic partnership to optimize how security operations and response teams prevent, detect and respond to modern security threats.