Partners

Automate detection and investigation with Tines and Elastic

Elastic logo
Sign upBook a demo

Together, Tines and Elastic provide security teams with all the information they need to investigate alerts, make business critical decisions in one place all while saving valuable time and resources. By combining the value of high-fidelity detection and alerting delivered by Elastic Security with Tines’ robust automation, SOC teams can effectively support continuous monitoring, threat detection and prevention, alert enrichment, incident response and more.

Key benefits

Scale security operations efforts

Integrate context & data enrichment into alerts

Investigate & react to alerts faster

Use case examples

Example 1

Investigate security alerts in Workbench from Slack links

This Story demonstrates how you can start a conversation with Workbench by utilizing the WORKBENCH_LINK function from an external tool, such as Slack. Start a conversation with an Elastic alert and initial GreyNoise analysis and context pre-loaded to assist the investigation.

Created by

Michael Tolan

Example 2

Build and search MITRE ATT&CK semantic index in Elastic

This workflow creates an index of the MITRE ATT&CK framework in Elasticsearch with semantic search capabilities. It enables analysts to efficiently search and correlate MITRE techniques to an alert or ticket description even when exact keywords aren’t used. This enhances threat detection, incident response, and security strategy by providing deeper insights into potential threats.

Created by

Michael Tolan

Example 3

Retrieve logs from the Wazuh Indexer

Retrieve Cowrie honeypot logs from Wazuh Indexer. Enrich the source IP and record the event in Tines records alongside the used username and password.

Created by

Conor Dunne

Example 4

Replay Data with Cribl into Elastic Security and Isolate Hosts Using Elastic Agent

Receive a webhook from Elastic to initiate the creation of a SIEM case and link alerts. Analyze the IP, add location and enrichment data, query Elasticsearch for related hits, and decide whether to isolate the host.

Example 5

Search Elastic alerts

Search Elastic for alerts based on general or specific criteria.

Tools

Elastic

Created by

Michael Tolan

Example 6

Analyze Elastic alerts, block IPs, and notify in Slack and Tines Cases

Analyze Elastic Security alerts for IP threats using GreyNoise and block malicious IPs with Google Firewall. Communicate the incidents on Slack and log the details in Tines Cases.

Created by

Michael Tolan

An illustration of a chain with two rings

Detect security threats and reduce time to respond with Tines and Elastic