Automate cloud security with AWS and Tines
Automate cloud security
with AWS and Tines
Cloud security is a fast-changing and dynamic environment which results in many teams struggling to know what is serious and what is noise.
Tines, built exclusively on AWS, helps teams quickly remediate known threats while effectively triaging the new. Providing a user friendly interface to build automation Stories, teams are able to quickly create new workflows, utilizing native AWS APIs to create solutions based on their team’s needs. Tines also is packaged with thousands of Action templates to utilize threat detection services outside of the AWS ecosystem.
security alerts management
accuracy and remediation timelines
Ingest AWS alerts from Orca Security, focusing on IAM misconfigurations. Take appropriate action based on severity and automatically remediate S3 bucket alerts. Confirm with user/team via Slack.
Provision AWS access for new users and allow them to securely retrieve their AWS login details via the Vault tile in Okta. This story was created by Zach Perry at PathAI.
Create, update, and invoke AWS Lambda functions to run custom code. Utilize any runtime provided by AWS in your workflows to carry out complex tasks.
Query Wiz's Cloud Configuration Findings API for exposed public access to S3 buckets. If a public S3 bucket finding is found, create an issue within Jira, send an alert via Slack, and include a remediation prompt within the Jira issue to apply the appropriate block access policy to the S3 bucket.
Receive AWS GuardDuty findings and take response actions, such as changing AWS security groups.
This story gets alerts from Orca for AWS buckets that have been made public. It then pulls the details of the bucket in AWS to get the current bucket permissions and identify if this alert is a false positive or negative. If the bucket is now private, the alert in Orca is dismissed. If the bucket is still public, a Slack message is sent with bucket details and the option to either leave the bucket open and dismiss the alert or make the bucket private and close the alert. Once the choice has been made in slack, the message updates to reflect that choice and a comment confirming the chosen action has been completed is added to the thread.
Learn how to automate response to AWS Security Alerts using AWS Cloudwatch and SNS together with the Tines Security Automation platform.
Whether it’s EDR, traffic behavior analysis, firewall management, IDS, phishing simulations, or anything else we use, Tines is very easy to plug into everything, get the alerts we want, and have it process them. That takes hours off our work.Joel Perez-SanchezSecurity Engineer
Tines is very intuitive in pretty much every aspect; the platform is just really easy to use, so it does a really good job at saving time. The time saved pays for itself, in my opinion.Dylan WhiteInformation Security Engineer