Panther × Tines

Integrating Tines’ automation with Panther’s advanced threat detection streamlines incident response, enhancing security operations efficiency and effectiveness.

Book a demo Sign up free

Pre-built templates

With Tines, you can easily take any action that has a defined API. We've already pre-built some of the most popular ones for you, so you can build quickly.

Update an Alert Status in Panther

List all Database Entities in Panther

Get Hits Across Stored Logs using Indicator Search in Panther

Get Entities of a Particular Database in Panther

Get Each Occurrence of Indicator Results in Panther

Get all Schema Info in Panther

Get Alerts Created in the Last 7 Days in Panther

Get Alert Details Based on Alert ID in Panther

Build your own connections

With Tines, you can easily take any action that has a defined API using an HTTP request. To build even more quickly, copy a cURL command and paste it into the storyboard.

cURL request

curl -v   -X GET   --location   "https://api.nasa.gov/neo/rest/v1/neo/browse?api_key=DEMO_KEY"   -H 'Content-Type: application/json'

Paste in your Tines story

Full workflow examples

Explore pre-built workflows for Panther. Use them for inspiration or as a starting point to build your custom automation solution.

Explore all →

Perform SQL searches in Panther

Use Tines' Send to Story action to query Panther with specified SQL commands and retrieve the resulting data.

Tools: Panther

Implement data loss prevention policies

Respond to DLP alerts if a user makes something on Google Drive public, accidentally or deliberately. This Story will contact the user via Slack, remove the relevant permissions from the file, and make it private again if necessary.

Tools: Google, Panther, Slack

Check IP addresses in Panther & send results via Slack

Receive a slash command with an indicator, enrich it using Panther and AbuseIPDB, and send a Slack message with the results to a specified channel.

Tools: AbuseIPDB, Panther, Slack

Monitor Panther alerts & remediate SSH brute force attacks

This Story receives a Panther alert and checks if it is an SSH brute force attack, enriching it via Panther and AbuseIPDB. Then, it blocks it in AWS ACLs, creates a Jira ticket, and sends a Slack message to a channel.

Tools: Panther

Connect quickly

It takes minutes, not months, to connect to tools in Tines.

Panther connect flow

Learn how to authenticate Panther for use with Tines.

Authentication Guides

Learn how to authenticate third-party products for use with Tines.

Explore more resources

Check out our blogs that mention Panther, browse our learning paths, and more.

Blog

Panther Labs CEO Jack Naglieri: How to make security operations painless

Read now

Case studies

Powerful users, powerful studies

Discover how companies – from Fortune 10 to startups – apply Tines to transform the way their teams operate.

Read case studies

Learn

Tines University

Build your knowledge with dedicated learning paths at all levels.

Start learning

Learn

Learn to use Tines with our documentation

Go to docs

Trusted by industry innovators

Built by you,
powered by Tines

Book a demo Sign up free

By product

Professional services

Partners

Tines Blog →

Case studies

Library

University

Tines Explained ↗

Customer center

Careers

About

Tines Store ↗