IT workflows are becoming increasingly necessary as complexity increases. Digital transformation, cloud adoption, and remote work have required IT teams to adapt, respond, and take action faster and more efficiently than ever before. Workflows make it possible to automate some tasks and make others more repeatable and streamlined, which is especially welcome in cybersecurity.
Tines’ no-code automation transforms complex security workflows into actionable processes. For example, managing a constant flow of endpoint detection alerts requires a great deal of manual effort. In fact, 83% of security pros report fatigue at the constant barrage of SIEM alerts.
With Tines, creating a workflow is as simple as combining one or more actions (there are only seven different ones) in a simple UI. Each workflow can perform a number of functions, including integrating with 3rd party tools, and can run on a predefined schedule or when an event is received. The seven different actions are typically configured to emit events between one another, and are viewed graphically through an “event flow” display.
Figure 1. A partial view of Tines’ event flow display
Tines is especially helpful for building cybersecurity workflows. It can be used for enriching threat intelligence, alerting when phishing attacks or suspicious login attempts occur, streamlining vulnerability management processes, and automating endpoint detection and response workflows.
JupiterOne’s integration with Tines streamlines workflows for incident response, improving vulnerability management and reducing your attack surface:
- Analyze and address vulnerabilities at a higher velocity when armed with comprehensive data from JupiterOne’s graph knowledge base and add details for each sub-task using Tines.
- Assign individual Jira tickets with Tines, adding comments and checking if vulnerabilities have been addressed.
- Close tickets if JupiterOne vulnerabilities are resolved.
These simple steps can save significant time for SecOps teams and allow them to focus on security operations rather than manual processes.
Here are some specific use cases for our integration with Tines.
Analyze vulnerabilities by source and severity
Using Tines, you can query JupiterOne for open vulnerabilities and then create enriched Jira issues for each source account. Then, by adding details of each finding as a subtask to the relevant source account Jira issue, each subtask will have the appropriate Jira priority set based on the severity identified by JupiterOne. You can post a message to Slack with a link to the Jira issue for further analysis by each source account.
Comments can be added to each vulnerability subtask allowing users to check if the vulnerability has been addressed and is no longer present in JupiterOne. If it isn’t present any longer in JupiterOne, the ticket can be marked as done.
Search for and remediate public AWS S3 buckets
Our integration with Tines also allows you to query JupiterOne for public S3 buckets and create enriched Jira tickets for each public bucket returned to JupiterOne. Then, you can take remediative actions to enable the bucket as public or private based on the Jira ticket.
Figure 2. Tines workflow illustrating AWS S3 bucket vulnerabilities
Close Jira tickets if JupiterOne vulnerabilities are resolved
You can also leverage our integration with Tines to close Jira tickets if vulnerabilities are resolved. In this workflow, you query JupiterOne for open vulnerabilities. If the specified vulnerability is no longer present in JupiterOne, the ticket is marked as done.
Within Tines, this workflow can be repeated as a “Send to Story.” This is because teams often need to perform a task (or tasks) in multiple different Tines stories. For example, a threat intelligence story and a phishing response story may use the same procedure to analyze a URL. Further, a de-provisioning story and a vulnerability management story may require ticket creation. Sent to Stories utilizes sub-stories; each sub-story has an Entry and Exit action. The entry action is a webhook while the exit action is a message-only event.
JupiterOne’s integration with Tines can help streamline and automate repetitive workflows that distract SecOps teams from performing more meaningful tasks. We invite you to learn more about our integration with Tines here. You can learn more about JupiterOne through our demo here. And we have comprehensive documentation about our product, our integrations, along with a questions library, events, and more at our AskJ1 community site here.