Cases

Automation for the threats you know, cases for the ones you don’t

Learn more
Security team / Cases /
CrowdStrike alert, host: MARTIN-PC (#36297)
Created 2d ago by Cases bot • 0 comments
D
In progress
All activity
Comments
June 24, 2024
Cases bot created case #36297
4:32 PM
Cases bot added tag CrowdStrike
4:32 PM
Cases bot set priority to Medium
4:32 PM
Cases bot assigned
D
 Darren
4:32 PM
Cases bot added record 1.1.1.1
4:32 PM
Cases bot completed
4:32 PM
CrowdStrike Falcon alerts about a potential security incident
Add a comment...
Send
CrowdStrike alert, host: MARTIN-PC
Case metrics
TypeCase timeSLA timeMet SLA?
TTDTo be updated with TTD time60 minTo be updated with TTD SLA result
TTRTo be updated with TTR time4 hrTo be updated with TTR SLA result

CrowdStrike detection received: View details below for further detection, behavior, and IP enrichment information.

Runbook

Go to Runbook

Initial detection and triage
CrowdStrike Falcon alerts about a potential security incident
Confirm the severity and priority level
Gather basic information about the alert, including affected hosts, observed behaviors, and timestamps
Verify if the alert aligns with known threat intelligence or attack patterns
Incident notification and coordination
Notify stakeholders, including the incident response team, SOC, and relevant IT personnel
Establish clear lines of communication and assign roles to team members
Create and incident ticket or record in your incident management system
Containment and isolation
Identify affected hosts and isolate them from the network to prevent further compromise
Engage CrowdStrike’s containment capabilities, if available, to isolate the affected hosts
Consider applying network-based controls to block associated suspicious traffic
Leverage CrowdStrike’s threat intel and community forums to gather additional info
Response and mitigation
Based on the findings, develop a mitigation plan to address the incident effectively
Apply necessary patches, updates or configurations to address any vulnerabilities found
Identify compromised user accounts, credentials, or access rights, and revoke or reset them as appropriate
Implement necessary changes to security policies, configurations, or access controls to prevent future similar incidents.
Priority
Medium
Tags
CrowdStrike
Actions
Isolate hosts
Go
Lock user account
Go
Linked cases
Metadata
FieldValue
ImpactMedium
ResolutionIn progress
Closure comments
Case requirements
User assigned
Case metadata completed

Investigate, remediate, and report on an incident in a collaborative workspace with Tines’ powerful, intuitive case management.

Records

Capture data across workflows to report on this in a consistent, structured format.

Dashboards

Monitor and report on workflow performance with cases and records in one location.

Better automations, fewer cases, faster incident response

Bring humans into the loop when it matters for your business while workflows run to capture the rest. Cases make it easy to work on incident response and create an audit trail of the resolution.

Reduce friction without compromising on your technology

Automation often involves other teams – DevOps, IT, HROps – who work in other systems. Effectively collaborate across those systems and teams using cases.

AI + Cases

Do more with cases and AI

Examples

  • Summarize event data and pass to a case
  • Format a case template using Markdown
  • Summarize what happened on a case and pass it to a page
  • Format a timeline of events into a visualization then add it to a case
  • Map record data
Example workflow

Normalize alerts with Tines AI and create Cases

Use Tines AI to normalize alerts from various sources. If the analyzed threat level is determined to be high, a Case will also be created in Tines to track.

Example workflow

Use AI to create cases and act on CrowdStrike alerts

Get CrowdStrike alerts and create a Tines case using AI to build the ticket. Use AI to automatically initiate required remediation steps.

Learn more about AI in Tines

Leverage LLMs to build, run, and monitor your most important workflows. Private and secure by design.

Learn more

Why Tines cases?

Fast

This is automation-first case management: create a case from within your existing workflow. From creation to search to correlating information – the experience feels instantaneous.

Flexible

Cases don’t presume a way of working, it responds to yours. Start from a template, fine tune to your own preferences; or both. Cases connects to any workflow, record, page, or API.

Powerful

Define advanced, nuanced data tracking across stories and cases. Aggregate into a dashboard to track SLAs, open cases, MTTR and more.

Collaborative

Mitigate risks with teams from a single location with intuitive components. Cases provide real-time visibility into data that can be analyzed, aggregated and reported to share with key stakeholders.

Start building today

Talk to one of our experts or explore our docs, to learn how your business can leverage Tines cases.

Talk to an expert

Examples

See examples in our workflow library

Not sure where to start? Explore examples of cases in our library.

View examples

Docs

Learn cases through the documentation

Get a breakdown of cases and its features in the product docs.

Go to docs

Learn

Tines
University

Learn how to build in Tines; from the basics to advanced.

Learn more

Get certified

Certification
programs

Become immersed in the Tines product with hands-on labs.

Enroll now

Built by you,
powered by Tines

Book a demoSign up free

Already have an account? Log in.