Greater visibility and faster incident response with Tines and JupiterOne

by

IT workflows are becoming increasingly necessary as complexity increases. Digital transformation, cloud adoption, and remote work have required IT teams to adapt, respond, and take action faster and more efficiently than ever before. Workflows make it possible to automate some tasks and make others more repeatable and streamlined, which is especially welcome in cybersecurity.

Tines’ no-code automation transforms complex security workflows into actionable processes. For example, managing a constant flow of endpoint detection alerts requires a great deal of manual effort. In fact, 83% of security pros report fatigue at the constant barrage of SIEM alerts. 

With Tines, creating a workflow is as simple as combining one or more actions (there are only seven different ones) in a simple UI. Each workflow can perform a number of functions, including integrating with 3rd party tools, and can run on a predefined schedule or when an event is received. The seven different actions are typically configured to emit events between one another, and are viewed graphically through an “event flow” display.

Figure 1. A partial view of Tines’ event flow display

Tines is especially helpful for building cybersecurity workflows. It can be used for enriching threat intelligence, alerting when phishing attacks or suspicious login attempts occur, streamlining vulnerability management processes, and automating endpoint detection and response workflows.

JupiterOne’s integration with Tines streamlines workflows for incident response, improving vulnerability management and reducing your attack surface:

  • Analyze and address vulnerabilities at a higher velocity when armed with comprehensive data from JupiterOne’s graph knowledge base and add details for each sub-task using Tines. 
  • Assign individual Jira tickets with Tines, adding comments and checking if vulnerabilities have been addressed.
  • Close tickets if JupiterOne vulnerabilities are resolved.

These simple steps can save significant time for SecOps teams and allow them to focus on security operations rather than manual processes.

Here are some specific use cases for our integration with Tines.

Analyze vulnerabilities by source and severity

Using Tines, you can query JupiterOne for open vulnerabilities and then create enriched Jira issues for each source account. Then, by adding details of each finding as a subtask to the relevant source account Jira issue, each subtask will have the appropriate Jira priority set based on the severity identified by JupiterOne. You can post a message to Slack with a link to the Jira issue for further analysis by each source account.

Comments can be added to each vulnerability subtask allowing users to check if the vulnerability has been addressed and is no longer present in JupiterOne. If it isn’t present any longer in JupiterOne, the ticket can be marked as done.

Search for and remediate public AWS S3 buckets

Our integration with Tines also allows you to query JupiterOne for public S3 buckets and create enriched Jira tickets for each public bucket returned to JupiterOne. Then, you can take remediative actions to enable the bucket as public or private based on the Jira ticket.

Figure 2. Tines workflow illustrating AWS S3 bucket vulnerabilities

Close Jira tickets if JupiterOne vulnerabilities are resolved

You can also leverage our integration with Tines to close Jira tickets if vulnerabilities are resolved. In this workflow, you query JupiterOne for open vulnerabilities. If the specified vulnerability is no longer present in JupiterOne, the ticket is marked as done.

Within Tines, this workflow can be repeated as a “Send to Story.” This is because teams often need to perform a task (or tasks) in multiple different Tines stories. For example, a threat intelligence story and a phishing response story may use the same procedure to analyze a URL.  Further, a de-provisioning story and a vulnerability management story may require ticket creation. Sent to Stories utilizes sub-stories; each sub-story has an Entry and Exit action. The entry action is a webhook while the exit action is a message-only event.

Learn More

JupiterOne’s integration with Tines can help streamline and automate repetitive workflows that distract SecOps teams from performing more meaningful tasks. We invite you to learn more about our integration with Tines here. You can learn more about JupiterOne through our demo here. And we have comprehensive documentation about our product, our integrations, along with a questions library, events, and more at our AskJ1 community site here.

Jenn Cardamone
Jenn Cardamone

Jenn Cardamone is Senior Manager of Partner Marketing at JupiterOne. She likes to say she was 'born in the channel.' With over a decade of experience in cybersecurity partner marketing at leading companies like FireEye, ProofPoint, Cisco, and Skybox Security. Her most recent accomplishment was being named one of CRN's Women of the Channel. She is passionate about driving results for our global partner ecosystem.

Keep Reading

Why Better Asset Visibility Matters in Cybersecurity | JupiterOne
August 30, 2023
Blog
Back to basics: Why better asset visibility matters in your security program

At the most basic level of the Incident Response Hierarchy, security teams must know the assets they are defending.

Get easy answers to complex questions with AI-powered natural language search in JupiterOne
August 22, 2023
Blog
Get easy answers to complex questions with AI-powered natural language search in JupiterOne

Natural language search leverages AI to bring ease of use to the forefront of the JupiterOne platform.

Black Hat, BSides, and DEFCON Wrap Up: Hacker Summer Camp 2023
August 15, 2023
Blog
Black Hat, BSides, and DEFCON Wrap Up: Hacker Summer Camp 2023

Here’s our recap of Black Hat, BSides and DEFCON, otherwise known as Hacker Summer Camp 2023!

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.