Article Details

How to Automate CVE and Vulnerability Advisory Response with Tines. Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike threat intelligence, and streamlines ticket creation and notification. Developed by Josh McLaughlin, a security engineer at LivePerson, the workflow drastically reduces manual work while keeping analysts in control of final decisions, helping teams stay on top of new vulnerabilities. "Before automation, creating tickets for 45 vulnerabilities took about 150 minutes of work," Josh explains. "After automation, the time needed for the same number of tickets dropped to around 60 minutes, saving significant time and freeing analysts from manual tasks like copy-pasting and web browsing." LivePerson's security team reduced the time this process takes by 60% through automation and orchestration, creating a major boost to both efficiency and analyst morale. In this guide, we'll share an overview of the workflow, plus step-by-step instructions for getting it up and running. The problem - manual tracking of critical advisories For security teams, timely awareness of newly disclosed vulnerabilities is essential - but monitoring multiple sources, enriching advisories with threat intelligence, and creating tickets for remediation are time-consuming and error-prone tasks. Teams often have to: These repetitive steps not only consume valuable analyst time but also risk inconsistent responses if an important vulnerability is missed or delayed. The solution – automated monitoring, enrichment, and ticketing Josh's pre-built workflow automates the process end-to-end - but crucially, it keeps analysts in control at key decision points: The result is a streamlined, efficient process that ensures vulnerabilities are tracked and actioned quickly, without sacrificing the critical thinking and prioritization that only analysts can provide. Key benefits of this workflow: Workflow overview Tools used: How it works: Configuring the workflow - step-by-step guide 1. Log into Tines or create a new account. 2. Navigate to the pre-built workflow in the library. Select import. This should take you straight to your new pre-built workflow. 3. Set up your credentials You'll need three credentials added to your Tines tenant: Note that similar services to the ones listed above can also be used, with some adjustments to the workflow. From the credentials page, select New credential, scroll down to the relevant credential and complete the required fields. Follow the CrowdStrike, ServiceNow, and Slack credential guides at explained.tines.com if you need help. 4. Configure your actions. 5. Test the workflow. Trigger a test by pulling recent advisories from CISA, and verify that: 6. Publish and operationalize Once tested, publish the workflow. Share the Slack channel with your team to start reviewing and approving advisories efficiently. If you'd like to test this workflow, you can sign up for a free Tines account.