AWS × Tines
Automate cloud security with AWS and Tines
Automate cloud security
with AWS and Tines
Cloud security is a fast-changing and dynamic environment which results in many teams struggling to know what is serious and what is noise.
Tines, built exclusively on AWS, helps teams quickly remediate known threats while effectively triaging the new. Providing a user friendly interface to build automation Stories, teams are able to quickly create new workflows, utilizing native AWS APIs to create solutions based on their team’s needs. Tines also is packaged with thousands of Action templates to utilize threat detection services outside of the AWS ecosystem.
Tines allows AWS customers to...
Automate
security alerts management
Streamline
incident response
Improve
accuracy and remediation timelines
Use case examples
Detect, log and remediate AWS alerts with Orca Security and Jira
Ingest AWS alerts from Orca Security, focusing on IAM misconfigurations. Take appropriate action based on severity and automatically remediate S3 bucket alerts. Confirm with user/team via Slack.
Provision AWS and Vault access via Okta
Provision AWS access for new users and allow them to securely retrieve their AWS login details via the Vault tile in Okta. This story was created by Zach Perry at PathAI.
Create, update and run AWS Lambda functions
Create, update, and invoke AWS Lambda functions to run custom code. Utilize any runtime provided by AWS in your workflows to carry out complex tasks.
Find & remediate publicly exposed S3 buckets with Wiz
Query Wiz's Cloud Configuration Findings API for exposed public access to S3 buckets. If a public S3 bucket finding is found, create an issue within Jira, send an alert via Slack, and include a remediation prompt within the Jira issue to apply the appropriate block access policy to the S3 bucket.
AWS Partner Solution using GuardDuty findings with remediation actions
Receive AWS GuardDuty findings and take response actions, such as changing AWS security groups.
Identify and resolve false positive AWS alerts in Orca
This story gets alerts from Orca for AWS buckets that have been made public. It then pulls the details of the bucket in AWS to get the current bucket permissions and identify if this alert is a false positive or negative. If the bucket is now private, the alert in Orca is dismissed. If the bucket is still public, a Slack message is sent with bucket details and the option to either leave the bucket open and dismiss the alert or make the bucket private and close the alert. Once the choice has been made in slack, the message updates to reflect that choice and a comment confirming the chosen action has been completed is added to the thread.
Useful Resources
Whether it’s EDR, traffic behavior analysis, firewall management, IDS, phishing simulations, or anything else we use, Tines is very easy to plug into everything, get the alerts we want, and have it process them. That takes hours off our work.
Joel Perez-SanchezSecurity Engineer
Tines is very intuitive in pretty much every aspect; the platform is just really easy to use, so it does a really good job at saving time. The time saved pays for itself, in my opinion.
Dylan WhiteInformation Security Engineer
