Tines (Partners)

In the cybersecurity engineering and security automation field, we use Tines  to automate the enrichment and analysis of different use cases, including IOC enrichment and bringing AI-powered capabilities into our workflows.

The primary use case is automating our detection use cases. Whenever we create a new detection, the alert is sent to a webhook in Tines , and from that webhook we create a workflow that automates the primary job of the L1 analyst, which is the initial triage of that particular alert. Tines will then create a ticket in our ticketing platform that will be sent directly to the customer, so the initial manual effort after that alert has been created is automated through Tines.

Regarding the scope of impact, we have about 12,000 customers using our product, and for each customer, we generate roughly about five alerts per day. Ninety  percent of these alerts are automated through Tines, which is going to reach 100% pretty soon. For each of these alerts, the initial triage costs about 30 minutes to one hour per analyst, and the entire work is being done through Tines, which includes time-consuming enrichment. For example, we have a particular module in Tines that takes in a malicious IP that was seen in a particular alert and drives that IP through different OSINT tools—about seven different OSINT tools—and consolidates the results and generates a risk score for that IP based on all the results. For an analyst, it would take at least one hour to two hours to get the result with this much perfection, but with Tines, it happens instantaneously. Including the enrichment of different IOCs, the workflow does the initial triage of the alert and creates a ticket that has sufficient information that would take a significant amount of time for an analyst to compile manually for each alert. In perspective of 12,000 customers with each customer having about roughly two to five alerts per day, that much alert volume is completely automated through Tines.

Beyond this primary use case, we also use Tines for integrating different tools and making the SOC AI powered. We have a different AI model that we integrate with Tines to bring AI capacity and GenAI capabilities into our day-to-day activities, including detection creation, ticket management, and change control management. We have integrations with GitHub  to use this in the DevOps field. However, all of these are smaller use cases compared to the SIEM  rules automation, which is the primary one, but we cover a broad spectrum across many different fields.

Our team, the Security Automation Engineering team, had a primary role to do platform management for Tines. Initially we could only focus on Tines or trying to automate these use cases, but eventually we brought in so much automation that other teams started to pitch in. We only needed to do platform management and we got fewer in numbers because the level of automation got so large that we are now focusing on many different projects and not just level two SOC operations.

The API capabilities are what I find most valuable. I have used other SOAR  platforms before, and the integration and API capabilities in those other SOAR  platforms are relatively difficult to use when compared to Tines. In Tines, if I want to build an integration or API connectivity within different platforms, it is much easier. There are two very helpful actions: one is called Webhook and another is called HTTP Actions. We can use these two, so the webhook will literally accept traffic from the internet and the HTTP action makes it so much easier to send an HTTP request or an API request to different platforms. Using these two actions, we can very easily have interconnectivity, which really adds to the orchestration part when we are using SOAR.

The second feature I find really attractive is called Pages. By using Pages, instead of just creating a workflow, we can also use Pages to add a UI for anyone who is not a builder but who can actually use the workflows. For example, I am creating ten different workflows, and I can connect them through Pages so that someone from my team who is not a builder or a developer can actually use these workflows if I create for them a nice UI using Pages.

There are three things that I would say could be better. The first is the Change Control  UI. I have noticed that the UI for Change Control  is a bit difficult to navigate and assess, but I know that Tines is working on that and so hopefully we will see results soon.

The second thing is the action called Implode. The issue with the Implode action is that once we get a certain number of events into the Implode action, we lose context of all the events except the last one that came in, so it is a bit difficult to send data back once it goes through the Implode action. I have raised this up with Tines, but I do not know if they are working on this or not.

The third thing is the capacity to debug. If my story is not attached to a case, it is a bit difficult to debug if I run into an error. I have to identify the exact event that caused the error and then start debugging from there, so that is not entirely user-friendly. These are the three downfalls that I have noticed with Tines.

I have been actively using Tines for about two years.

Tines is stable. I cannot speak for the answer to that question before we chose Tines because ever since I joined my organization, Tines has already been there.

Tines has an auto-scaling feature that clearly provides the metrics about the number of workers that have been deployed and the amount of workload that these workers are carrying. We have the capacity to increase and decrease the number of workers to some extent manually, and it has to some extent an auto-scaling feature as well. We can put a ceiling on the permitted auto-scaling so as not to blow up. Whenever this became insufficient, we could easily reach out to the Tines team where they immediately gave us a remedy or fixed the issue. When things felt going off the roof, they have themselves reached out to us saying that these stories are causing issues and we could think of optimizing them or something.

I had direct interactions and the experience was great. The customer support is extremely active and they have an AI-powered customer support that is really, really good. The customer support engineers are extremely friendly. We had an open Slack where we could reach out whenever we wanted clarifications or had requests. We would get a response within six hours in my experience. We would get an AI-powered response immediately, and if that was not sufficient, we could connect to a manual person within six hours and they were really friendly. They were willing to get on call, assess the problem, and provide whatever we needed. We had review meetings every month and we could bring up whatever we thought would be an improvement on our side and they would immediately start prioritizing it and working on that. They also gave us a heads up on whatever new features they were thinking of rolling out.

Whenever we hit roadblocks or issues with the platform or story, even if it was our mistake, the people from the most senior engineering team of Tines immediately were willing to get on call with us to try to solve the issue, and they were also willing to temporarily scale the platform just to accommodate the issue that was going on and then temporarily bring it back down. All of these I have had experience with and it was great.

Tines was the first SOAR solution in my organization, but in a different organization, I have worked with different SOAR solutions before.

Tines is a great product. I have used multiple SOAR platforms before and I would say that, I do not know about the cost factor, but otherwise it is a great product and it is amazing to use with its user-friendly features. It is constantly improving, and that is a great thing, so I would highly recommend it.

I can speak for fewer employees needed because we used to require many analysts to deal with all the alerts that we were generating, but now we have about 90 to 95% of the alerts already automated through Tines, which requires tremendous time saved and a ton of reduction in the number of analysts required.

We are not in control of the deployment anymore. Initially we were using an S3  bucket to deploy Tines, but now Tines is taking care of the deployment. It used to be Amazon before, but now Tines is in control of that. The overall rating I give this review is 8 out of 10.

I am Vikram Singh, I work for top service based multinational brand and I am responsible for delivering Tines  services. Essentially, I am working on it, and I am leading one of the source services for a client who uses Tines .

The best advantage is the no-code automation, excellent customer support services, and ease of integration with other tools. API integration simplifies the process. It is very compatible to integrate with other tools. We are utilizing Tines for various automation like incident creation, IOC enrichment, IOC blocking, and containment of various other automations. It helps in streamlining our security operations effectively and efficiently without requiring coding knowledge. Tines almost saves about one hour of effort because it automates numerous tasks that would otherwise be performed manually.

Reporting  and dashboards could be more advanced for deeper analysis. Tines has its own dashboard, which displays information like how many stories have been created and how many automations have taken place. However, the reporting and dashboard are not advanced; they are quite basic, with fewer customizable options. The look and feel of the dashboard could be enhanced. Another area for improvement is in terms of documentation, as every tool and company has its own knowledge base.

I have been using Tines for more than one and a half years.

The accuracy is very good, with very little downtime, and the tool is stable up to ninety-nine point nine percent.

The solutions are very scalable and adaptable.

The support and engineering team is quick to resolve bugs and respond promptly, showing great scalability.

I rate Tines a nine out of ten due to the exceptional support. As a managed service, we were not directly involved, but when Tines was deployed, the support was outstanding. The team first understood the environment and quickly overcame technical limitations, deploying the solution efficiently.

I was not part of the implementation because a different expert team from Tines was engaged. However, the Tines team was integral to the process, while we were on the support side.

When you start working with Tines, ensure you pursue the Tines certifications. They offer these free certifications when they become your partner. Overall, I would rate Tines a nine out of ten.

We use it to automate daily tasks, phishing emails, ticket creation, IOC investigations, and ticket assignments.

It has improved over the years. The user interface has been enhanced, and now it’s mostly a drag-and-drop process for creating actions. These actions can be customized based on what you're doing. The setup resembles a flowchart format, with connectors linking actions. You can add comments and descriptions to actions, which helps others understand what’s happening and makes collaborating easier.

One of the most valuable features is that it’s a low-code solution, so you don’t need to be fluent in Python or any other programming language. For example, I can use Python code to create actions in Tines, but it's unnecessary.

Another key benefit is that it works with anything that has an API. If you can make an API call to a tool or service, you can implement automation using Tines.

They started implementing some AI, and their AI is isolated. So, it doesn't go to the main AI engines with the information. It's within their private cloud.

Others cannot address it. However, since it’s quite new, it seems clunky. I’ve found it almost easier to revert to doing things manually simply.

I have been using Tines for three years.

I rate the solution’s stability a nine out of ten.

I haven't encountered performance issues with adding stories or handling other tasks. The only users that need to be configured in Tines are those who view stories, metrics, or perform activities.

These pages are web URLs that collect information and trigger a story based on submissions. Users can access these pages and submit their information as long as they have the necessary permissions and MFA set up.

Support is pretty top-notch. If they identify an issue, they notify their customers. For instance, they monitor the tenants, and if a problem occurs, they send an email to inform you.

They provide a lot of their support through Slack channels. Each customer has a dedicated channel where you can post questions or mention issues you’re facing. You’ll usually receive a response quickly. Recently, they’ve integrated AI into this process, so you often get useful suggestions within a minute. If needed, you can also request a human to take a look. Their response time is generally quick, although it might be slower at night since they aren’t available 24/7.

The initial setup is very easy. There’s no installation required. It’s just a matter of getting the correct permissions. Since it uses APIs to communicate with the tools, setting everything up is relatively straightforward once you have access, including any SSO or multi-factor authentication needed on your and the company’s end. If you can configure the API credentials in the tool you want, you can make the necessary calls.

Tines is a very cost-effective solution compared to others. The ability to integrate with anything that has an API is a major advantage. Their support team has also been impressive, providing excellent presentations and sales pitches.

I recommend it to anyone in need of automation. It’s not limited to security. You can use it to onboard employees, gather information, and set permissions based on their roles. It’s a versatile tool that can be applied across various areas, including engineering. To streamline the process, it’s helpful to gather any necessary API information for the tools and systems you’ll be accessing.

It is an easy tool for a beginner to learn. It offers many tutorials, documentation, and knowledge-based material.

Overall, I rate the solution a ten out of ten.

We use it for automations on the enterprise security aspect.

The best thing is that it's no code, so it doesn't require coding knowledge. But it does require knowing all the features and variables that can be used for automation. It's also good for scheduling scripts daily. It's easy to use and gather information within Tines, and every detail is in the documentation. If we get stuck, we can use the live chat feature to discuss and get help.

Maybe Tines can add more features and demonstrations, like videos on how to use the features within the tool. For example, when you click on a feature, it could show a video link explaining how to use it. That feature could be added in the future.

So, I'd like to see more documentation on how to use Tines.

I have been using it for six months.

It's a stable product. As far as updates go, it's been stable with no bugs. They consistently provide updates to the platform, and it has never hampered our work. It's been very good to use.

Different team members used it. In our environment, there's a team that manages cloud platforms and cloud security. They use it to alert on cloud alerts. It's for the enterprise.

There were three or four people for cloud security, and I was the only one in the enterprise using it. There are a few others who are on-site. We are from India, but there are on-site people as well.

They also used to have access and were performing automation with Tines.

I talked to the support team through the live chat feature. When we raise a question, an engineer is assigned within five or ten minutes, and they provide solutions on how to proceed.

The support was good. If we know things in Tines, and if we understand their answers correctly, we can get the solution. I would rate them seven to eight. If a user doesn't understand their answer, they might need to get on a call and have someone show them how it's done.

The client finds it very easy to use, and everyone can learn it easily and perform automation tasks. The other platforms previously used for automation were a bit complicated and required a larger team to set up. Tines is very easy and compatible with the environment, so the client uses it for automation purposes.

I didn't onboard it. It was already deployed in my environment. I was just using it for automation.

If someone needs tasks performed daily that can be automated between different systems, and if there's a cybersecurity or SOC analyst team, they can also use it by creating various API calls, setting alerts, and investigating those alerts based on automation scripts. It's very useful and can be used in other places as well. Any tool with an API can be automated with Tines.

Overall, I would rate it a nine out of ten.

I run a security operation center. We used the solution for alert detection. We evaluated it for managed detection and response.

It was helpful to get additional data to the analysts without having them do manual work. The tool was vendor-neutral. We liked that a lot.

Tines was a little bit more expensive than Torq.

I used the solution last summer.

Tines is a great product. The scalability is great.

The support persons seemed unwilling to spend as much time with us after we moved forward with them. The salesperson was great. However, we got a bit more hands-on time with the people from Torq.

The setup was not difficult. It seemed pretty simple. We were using fairly common hardware and applications used in the security industry. The help we get on how to do our use cases, specifically in the first couple of weeks, saves us a lot of setup time.

I was able to reduce my staff by about 30%. It was a pretty good saving. The response time was increased.

Currently, we use Torq. Tines works the same way Torq does. We use Torq to handle additional phishing email intelligence. We use it to reach out to users automatically with some pre-created questions. We use it to automate our current playbooks. Torq is a little bit cheaper than Tines.

Torq’s team seemed a little more ready to work with us during the initial setup and get our use cases developed. Torq’s sales team is better than Tines’. Tines and Torq are pretty similar. They both have a lot of customization. They both have a much lower price point than other tools on the market.

I will recommend the product to others. Overall, I rate the solution an eight out of ten.