Article Details

How To Automate Ticket Creation, Device Identification and Threat Triage With Tines. Run by the team at workflow orchestration and AI platform Tines, the Tines library features over 1,000 pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai, the workflow makes it easier to determine the severity of a security alert and escalate it seamlessly, depending on the device owner's response. "It's a great way to reduce noise and add context to security issues that are added on our endpoints as well," Lucas explains. In this guide, we'll share an overview of the workflow, plus step-by-step instructions for getting it up and running. The problem - lack of integration between security tools For security teams, responding to malware threats, analyzing their severity, and identifying the device owner so they can be contacted to resolve the threat, can take up a lot of time. From a workflow perspective, teams often have to: Going through this process manually can result in delays and increase the chances of human error. The solution - automated ticket creation, device identification, and threat triage Lucas's prebuilt workflow automates the process of taking the malware alert and creating the case - while crucially notifying the device owner and the on-call team. This workflow helps security teams accurately identify the level of threat faster by: The result is streamlined response to malware security alerts that ensures they are dealt with quickly, no matter what the severity. Key benefits of this workflow: Workflow overview Tools used: How it works Part 1 Part 2 Configuring the workflow - step-by-step guide 1. Log into Tines or create a new account. 2. Navigate to the pre-built workflow in the library. Select import. This should take you straight to your new pre-built workflow. 3. Set up your credentials You'll need five credentials added to your Tines tenant: Note that similar services to the ones listed above can also be used, with some adjustments to the workflow. From the credentials page, select New credential, scroll down to the relevant credential and complete the required fields. Follow the CrowdStrike, Oomnitza, Github, PagerDuty, and Slack credential guides at explained.tines.com if you need help. 4. Configure your actions. 5. Test the workflow. 6. Publish and operationalize Once tested, publish the workflow. If you'd like to test this workflow, you can sign up for a free Tines account.