Use Case

Abuse response

Dynamically analyze suspicious emails and take action in real time

Automate this workflow

The problem 

Managing abuse inboxes across the enterprise is a complex operation due to the sheer volume of alerts relating to spam, policy violations, phishing, and more.

Security analysts need to investigate and assess the impact of the threat, before deciding and implementing remediation steps – and these steps are often executed manually, leading to toil and error.

The solution 

  • Tines can entirely automate this workflow.

  • Monitor email mailboxes in real-time, or instantly process reported abuse notifications from other tools.

  • Deduplicate the alert by cross-referencing your system of record.

  • Analyze email headers, bodies, and attachments, and enrich data using external services for additional IOC detection.

  • Automatically take action and remediate: suspend accounts, delete emails, notify teams and vendors of critical alerts.

Tines has enabled a level of customization and utility that wasn’t previously available to Box’s security analysts. Now, incident response analysts can customize the workflow to suit their needs. And they can add extra features to suit their own playbook without having to request any software updates.

Tristan Waldear
Security Automation Manager
Logo of Tristan Waldear

Your workflow, built your way

Every single abuse response process is unique. Tines allows you to model your organization’s process exactly as you see fit, with unrivalled flexibility and power.

From analyst to automator

Analysts who previously spent time manually analyzing abuse cases now continuously improve the process – without needing a development team

Defer to a human

Use a Tines prompt to pause the automated workflow at critical points when required – seamlessly obtaining an input of human judgment from a real analyst.


How does Tines connect with and monitor email inboxes?

The most common way is to directly connect to an inbox using our dedicated IMAP Action, processing new emails in real time.

If you already have a system to monitor mailboxes, you can send Tines a webhook for each new email, or have our system periodically check for batches of new reported emails through a polling HTTP request.

What email analysis tools does Tines support?

Tines itself can fully parse incoming emails, making inspection of and extraction from email bodies, headers, and attachments extremely straightforward. From there, it’s straightforward to connect to any external or internal tool for analysis. If it has an API, Tines can integrate with it – directly.

How do we make sure actions taken by automated remediation are safe and correct?

Remediative actions like suspending an account or deleting an email are not to be taken lightly. In some cases, you may decide that the signal is clear enough to act immediately without a human in the loop. For grey areas, you can always delegate the final decision to a human using a Tines prompt. This could be sent as a Slack message or single-click button in an email, making execution extremely lightweight for the human analyst.

security teams

Get started