Automation has transformed alert triage and now powers AI-driven security operations
What is our primary use case?
In the cybersecurity engineering and security automation field, we use Tines to automate the enrichment and analysis of different use cases, including IOC enrichment and bringing AI-powered capabilities into our workflows.
The primary use case is automating our detection use cases. Whenever we create a new detection, the alert is sent to a webhook in Tines, and from that webhook we create a workflow that automates the primary job of the L1 analyst, which is the initial triage of that particular alert. Tines will then create a ticket in our ticketing platform that will be sent directly to the customer, so the initial manual effort after that alert has been created is automated through Tines.
Regarding the scope of impact, we have about 12,000 customers using our product, and for each customer, we generate roughly about five alerts per day. Ninety percent of these alerts are automated through Tines, which is going to reach 100% pretty soon. For each of these alerts, the initial triage costs about 30 minutes to one hour per analyst, and the entire work is being done through Tines, which includes time-consuming enrichment. For example, we have a particular module in Tines that takes in a malicious IP that was seen in a particular alert and drives that IP through different OSINT tools—about seven different OSINT tools—and consolidates the results and generates a risk score for that IP based on all the results. For an analyst, it would take at least one hour to two hours to get the result with this much perfection, but with Tines, it happens instantaneously. Including the enrichment of different IOCs, the workflow does the initial triage of the alert and creates a ticket that has sufficient information that would take a significant amount of time for an analyst to compile manually for each alert. In perspective of 12,000 customers with each customer having about roughly two to five alerts per day, that much alert volume is completely automated through Tines.
Beyond this primary use case, we also use Tines for integrating different tools and making the SOC AI powered. We have a different AI model that we integrate with Tines to bring AI capacity and GenAI capabilities into our day-to-day activities, including detection creation, ticket management, and change control management. We have integrations with GitHub to use this in the DevOps field. However, all of these are smaller use cases compared to the SIEM rules automation, which is the primary one, but we cover a broad spectrum across many different fields.
How has it helped my organization?
Our team, the Security Automation Engineering team, had a primary role to do platform management for Tines. Initially we could only focus on Tines or trying to automate these use cases, but eventually we brought in so much automation that other teams started to pitch in. We only needed to do platform management and we got fewer in numbers because the level of automation got so large that we are now focusing on many different projects and not just level two SOC operations.
What is most valuable?
The API capabilities are what I find most valuable. I have used other SOAR platforms before, and the integration and API capabilities in those other SOAR platforms are relatively difficult to use when compared to Tines. In Tines, if I want to build an integration or API connectivity within different platforms, it is much easier. There are two very helpful actions: one is called Webhook and another is called HTTP Actions. We can use these two, so the webhook will literally accept traffic from the internet and the HTTP action makes it so much easier to send an HTTP request or an API request to different platforms. Using these two actions, we can very easily have interconnectivity, which really adds to the orchestration part when we are using SOAR.
The second feature I find really attractive is called Pages. By using Pages, instead of just creating a workflow, we can also use Pages to add a UI for anyone who is not a builder but who can actually use the workflows. For example, I am creating ten different workflows, and I can connect them through Pages so that someone from my team who is not a builder or a developer can actually use these workflows if I create for them a nice UI using Pages.
What needs improvement?
There are three things that I would say could be better. The first is the Change Control UI. I have noticed that the UI for Change Control is a bit difficult to navigate and assess, but I know that Tines is working on that and so hopefully we will see results soon.
The second thing is the action called Implode. The issue with the Implode action is that once we get a certain number of events into the Implode action, we lose context of all the events except the last one that came in, so it is a bit difficult to send data back once it goes through the Implode action. I have raised this up with Tines, but I do not know if they are working on this or not.
The third thing is the capacity to debug. If my story is not attached to a case, it is a bit difficult to debug if I run into an error. I have to identify the exact event that caused the error and then start debugging from there, so that is not entirely user-friendly. These are the three downfalls that I have noticed with Tines.
For how long have I used the solution?
I have been actively using Tines for about two years.
What do I think about the stability of the solution?
Tines is stable. I cannot speak for the answer to that question before we chose Tines because ever since I joined my organization, Tines has already been there.
What do I think about the scalability of the solution?
Tines has an auto-scaling feature that clearly provides the metrics about the number of workers that have been deployed and the amount of workload that these workers are carrying. We have the capacity to increase and decrease the number of workers to some extent manually, and it has to some extent an auto-scaling feature as well. We can put a ceiling on the permitted auto-scaling so as not to blow up. Whenever this became insufficient, we could easily reach out to the Tines team where they immediately gave us a remedy or fixed the issue. When things felt going off the roof, they have themselves reached out to us saying that these stories are causing issues and we could think of optimizing them or something.
How are customer service and support?
I had direct interactions and the experience was great. The customer support is extremely active and they have an AI-powered customer support that is really, really good. The customer support engineers are extremely friendly. We had an open Slack where we could reach out whenever we wanted clarifications or had requests. We would get a response within six hours in my experience. We would get an AI-powered response immediately, and if that was not sufficient, we could connect to a manual person within six hours and they were really friendly. They were willing to get on call, assess the problem, and provide whatever we needed. We had review meetings every month and we could bring up whatever we thought would be an improvement on our side and they would immediately start prioritizing it and working on that. They also gave us a heads up on whatever new features they were thinking of rolling out.
Whenever we hit roadblocks or issues with the platform or story, even if it was our mistake, the people from the most senior engineering team of Tines immediately were willing to get on call with us to try to solve the issue, and they were also willing to temporarily scale the platform just to accommodate the issue that was going on and then temporarily bring it back down. All of these I have had experience with and it was great.
Which solution did I use previously and why did I switch?
Tines was the first SOAR solution in my organization, but in a different organization, I have worked with different SOAR solutions before.
How was the initial setup?
Tines is a great product. I have used multiple SOAR platforms before and I would say that, I do not know about the cost factor, but otherwise it is a great product and it is amazing to use with its user-friendly features. It is constantly improving, and that is a great thing, so I would highly recommend it.
What was our ROI?
I can speak for fewer employees needed because we used to require many analysts to deal with all the alerts that we were generating, but now we have about 90 to 95% of the alerts already automated through Tines, which requires tremendous time saved and a ton of reduction in the number of analysts required.
What other advice do I have?
We are not in control of the deployment anymore. Initially we were using an S3 bucket to deploy Tines, but now Tines is taking care of the deployment. It used to be Amazon before, but now Tines is in control of that. The overall rating I give this review is 8 out of 10.
Intuitive platform will have you automating in no time at all
What do you like best about the product?
Its hard to say what I like best. Overall I find the platform to be very intuitive and easy to use. Implementation from start to finish requires little prior knowledge of API integrations and the ability to quickly stand up a workflow is a plus. Using out of the box integrations and quickly onboarding your own will take you from 0-100 fast. The platform continues to improve and add value.
What do you dislike about the product?
There are offerings that arent useful to us, like cases, but mostly because we have other tools that perform in that space already.
What problems is the product solving and how is that benefiting you?
We are leveraging Tines across our SOC stack. Its doing the basics from IOC enrichment, handling the repeat tasks like configurations and onboarding, and even performing auditing. We have integrated it across out security components and at this point its touching everything cloud and now even on-prem.
Powerful platform for security teams
What do you like best about the product?
It is highly flexible without any coding. And it is highly scalable across teams.
What do you dislike about the product?
Could be slightly pricey for smaller teams.
What problems is the product solving and how is that benefiting you?
Automatically ingesting alerts from multiple sources, context in alerts like IP reputation, user info, geo data, etc., Slack/email notifications,
Great Experience with Tines in Cybersecurity Operations
What do you like best about the product?
Tines allows us to build powerful automation workflows without writing code, which significantly speeds up our response times. The interface is clean and intuitive, making it easy to connect tools like SIEMs, ticketing systems, and threat intel feeds. I especially appreciate the flexibility and reliability meven complex workflows run smoothly.
What do you dislike about the product?
There’s a slight learning curve when creating advanced workflows, especially for users new to automation. Also, while the no-code approach is great, some integrations require API knowledge, which might be challenging for non-technical users. However, the documentation and support are quite helpful.
What problems is the product solving and how is that benefiting you?
We use Tines primarily for automating security operations workflows, including alert triage, phishing response, threat intelligence enrichment, and incident reporting. It helps streamline repetitive tasks and integrate multiple tools into a single automated process.
Invaluable for our organization
What do you like best about the product?
Tines has been an invaluable asset to our team, and their support truly sets them apart. We consistently receive exceptional help from their support team, who always make time to address our questions and challenges. Beyond just troubleshooting, they're proactive in coming up with innovative ideas for new automation workflows that significantly boost our efficiency. It's truly a reliable platform that we've come to depend on for critical operations.
What do you dislike about the product?
While there's certainly a learning curve to mastering the system, Tines' incredibly helpful support team makes that process much smoother and more manageable.
What problems is the product solving and how is that benefiting you?
Tines is solving several critical problems for our IT team, directly translating into significant benefits:
Automating User Lifecycle Management (Onboarding & Offboarding):
Problem Solved: Previously, manual onboarding and offboarding were time-consuming, prone to human error, and posed security risks due to potential delays in access provisioning or revocation.
Benefit: Tines now automates the creation and deprovisioning of user accounts, syncing seamlessly with Okta. This ensures new hires gain access swiftly and departing employees have their access revoked securely and consistently. This has vastly improved our efficiency, enhanced our security posture, and strengthened our compliance.
Streamlining Offboarding Workflows via Slack:
Problem Solved: Initiating offboarding required specific access and potentially switching between different systems, adding friction to the process.
Benefit: The custom Slack automation we've built empowers us to initiate offboarding workflows directly from Slack. This streamlines our daily operations, making the process more convenient and responsive for the team.
Automation with Tines is a game changer for our company Attestra
What do you like best about the product?
The ease of use of Tines, the documentation, the extensive functions librairy and the existing examples already on the website and available in the application are really helpful to leverage Tines quickly and efficently. The customer support is quick, efficient and useful if you hit a wall.
What do you dislike about the product?
The pricing model is a little bit hard to understand and hard to justify for a small business like us. We need to focus on implementing high value, frequent uses cases to prove the ROI is meaningful. On the plus side, the integration of a way to calculate the time saved per story or action is really helpful.
What problems is the product solving and how is that benefiting you?
Tines play multiple roles in our company. Integration of old applications to our new stack, automation of boring and error-prone tasks, security alert, statistics and incident response. In the remote context that we implemented, Tines is helping us meet our regulation, processes and audits requirements with a high quality of information, standardisation of information and responses and access to the right information at the right time. We think Tines is allowing us, for the same amount of time per employee, to have a better productivity with a better standardisation of processes.
Tines Makes Security Automation So Easy
What do you like best about the product?
I’ve been using Tines for a while now, and it’s honestly been a game-changer for automating our security workflows. The platform is incredibly easy to use, and I love how it works with pretty much anything that has an API or can send/receive webhooks. It’s like the perfect bridge between all the different tools we use, and setting up workflows is a breeze.
What do you dislike about the product?
One thing I’d like to see is versioning with Git integration available to all users, not just on higher paid tiers. These features are essential for maintaining workflows and collaboration.
What problems is the product solving and how is that benefiting you?
It’s significantly reduced human error and helped us keep our metrics at an all-time low, in the best way possible.
Tines is a great no to low code automation tool!
What do you like best about the product?
Tines is an automation that requires low or no coding abilities based of the complexity of what you want to automate. It saves the team a lot of time when it comes to automating our tasks. We have struggled previously with other automation options, but Tines has been great so far. Their product makes API integrations easy and there is nothing so far that we cannot integrate!
What do you dislike about the product?
For someone with no prior coding/scripting knowledge it may be hard to pick up how to Tines, but after their free training and support from their team, Tines will become second nature!
What problems is the product solving and how is that benefiting you?
Tines is helping reduce our teams workload and the time saved from using it to automate repetitive task is exponential compared to how long it takes to build the automation.
Tines Review
What do you like best about the product?
The flexibility and approachability of the platform are the two biggest draws for me as a user. It was easy to stand up and hook into with external programs. The platform allowed me to not only make workflows with very little coding background, but allows me to see how it would work from a raw code perspective. Our Customer Success Manager, Sales Engineer, and the support team are nothing but helpful. Being able to see my feature requests become implemented definitely helps in my day to day use of the platform.
What do you dislike about the product?
The only negative thing I can say isn't really about Tines, but the lack of APIs or functions of other platforms to be able to hook them into Tines for automation.
What problems is the product solving and how is that benefiting you?
Being able to bridge the gap between third-party platforms and our ticketing system, reducing the amount of time needed for manual report creation, and record keeping of various datasets via their Cases platform.
Fun and Powerful Automation Tool that Keeps Suprising Me
What do you like best about the product?
Tines has so many great features, and if I were to dive into each one, this review would be pages long. Instead I'll just highlight what I appreciate about Tines the most: The ease of use, implementation, and integration. Tines has made it as easy as possible to create powerful automations that easily connect to other applications via API with little to no coding experience, which is truly remarkable. Also, the customer support has been nothing short of amazing. They have helped us along the way since the beginning, and have been extremely responsive, helpful, and kind.
What do you dislike about the product?
The only thing about Tines that can sometimes be an issue is how young the platform is. Sometimes it can be obvious that Tines is a fast-growing and young automation software because some expected features can be missing, big updates might pushed out with big changes, and features/functionalities can be a little buggy. This is a very small critique and will be fixed if Tines keeps moving in the direction it's going.
What problems is the product solving and how is that benefiting you?
We mainly use Tines to automate tracking and reporting of security information. Our biggest use cases right now are tracking our apps in the marketplaces, serving as a threat intelligence feed for our SecOps team, and keeping records of our pentesting metrics. We've used Tines for many more use-cases, however they are a bit smaller or have been archived.
