Use Case

Threat intelligence enrichment

Automatically enrich alerts with rich context and actionable information.

Automate this workflow

The problem 

Enriching alerts with threat intelligence is a core task for many security analysts – but often with an unfortunate number of manual tasks involved.

From repeatedly eliminating false positives, to digging deep for additional details and context, it can be a slow, stressful, and error-prone process.

The solution 

Tines can entirely automate the repetitive aspects of threat intel enrichment.

  • Build complex workflows to coordinate external and internal tools, building context and distilling information.

  • Filter out false positives for known good/low risk IOCs, as well as those recently observed.

  • Run workflows on demand, on a schedule, or trigger automatically through webhooks or alerts.

  • Integrate with a case management system, documenting the full context and status.

Thanks to Tines, the first time an analyst looks at the case, they already have all the information they need to decide what action to take. This workflow saves around 50% of an analyst’s time working on each case. But it’s not just about time – we also eliminate the human error that can creep into manual processes.

Tom Sage
Security Engineer
Logo of Tom Sage

Your workflow, built your way

Connect with and integrate both external systems and internal tools to craft a powerful enrichment workflow – as complex and precise as you need it.

Fault-tolerant and robust

Error-handling and smart retries are built in, handling real-world situations. For true failures, our active monitoring instantly alerts your team.

From analyst to automator

Analysts who previously spent time facing noise and manually enriching now continuously improve the process – without needing a development team.

Loading Story...

Loading Story...

FAQs

What tools can Tines consume threat intel alerts from?

Typically, these alerts will come from SIEM, EDR, or firewall tools. Tines can consume from practically any source – well-known tools like SolarWinds, but also niche products, or your internal/custom tools. All they have to do is ping a standard Tines webhook to kick off your workflow.

How does Tines separate the signal from noise?

First, Tines’ powerful deduplication capability cuts down the workload. Next, we'll rapidly filter out known good/low risk IOCs. Finally, you can leverage context from historical events to eliminate noise. What remains are high priority alerts, ready to be automatically filed in your case management system.

How does case management and collaboration work?

Our philosophy is to ruthlessly focus on helping you automate the tools you already have in your stack. When it comes to case management, our customers use Tines to automatically document, track, and assign tickets in tools like JIRA, ServiceNow, or The Hive.

No-code
automation
for
security teams

Get started