AWS × Tines

Automate cloud security with AWS and Tines

View Examples

Automate cloud security
with AWS and Tines

An illustration of a tunnel connecting the sky to the ground

Cloud security is a fast-changing and dynamic environment which results in many teams struggling to know what is serious and what is noise.

Tines, built exclusively on AWS, helps teams quickly remediate known threats while effectively triaging the new. Providing a user friendly interface to build automation Stories, teams are able to quickly create new workflows, utilizing native AWS APIs to create solutions based on their team’s needs. Tines also is packaged with thousands of Action templates to utilize threat detection services outside of the AWS ecosystem.

Tines allows AWS customers to...


security alerts management


incident response


accuracy and remediation timelines

Use case examples

Example 1

Detect, log and remediate AWS alerts with Orca Security and Jira

Ingest AWS alerts from Orca Security, focusing on IAM misconfigurations. Take appropriate action based on severity and automatically remediate S3 bucket alerts. Confirm with user/team via Slack.

Example 2

Provision AWS and Vault access via Okta

Provision AWS access for new users and allow them to securely retrieve their AWS login details via the Vault tile in Okta. This story was created by Zach Perry at PathAI.

Example 3

Create, update and run AWS Lambda functions

Create, update, and invoke AWS Lambda functions to run custom code. Utilize any runtime provided by AWS in your workflows to carry out complex tasks.

Example 4

Find & remediate publicly exposed S3 buckets with Wiz

Query Wiz's Cloud Configuration Findings API for exposed public access to S3 buckets. If a public S3 bucket finding is found, create an issue within Jira, send an alert via Slack, and include a remediation prompt within the Jira issue to apply the appropriate block access policy to the S3 bucket.

Example 5

AWS Partner Solution using GuardDuty findings with remediation actions

Receive AWS GuardDuty findings and take response actions, such as changing AWS security groups.

Example 6

Identify and resolve false positive AWS alerts in Orca

This story gets alerts from Orca for AWS buckets that have been made public. It then pulls the details of the bucket in AWS to get the current bucket permissions and identify if this alert is a false positive or negative. If the bucket is now private, the alert in Orca is dismissed. If the bucket is still public, a Slack message is sent with bucket details and the option to either leave the bucket open and dismiss the alert or make the bucket private and close the alert. Once the choice has been made in slack, the message updates to reflect that choice and a comment confirming the chosen action has been completed is added to the thread.

Whether it’s EDR, traffic behavior analysis, firewall management, IDS, phishing simulations, or anything else we use, Tines is very easy to plug into everything, get the alerts we want, and have it process them. That takes hours off our work.

Joel Perez-Sanchez
Security Engineer
Logo of Joel Perez-Sanchez

Tines is very intuitive in pretty much every aspect; the platform is just really easy to use, so it does a really good job at saving time. The time saved pays for itself, in my opinion.

Dylan White
Information Security Engineer
Logo of Dylan White

Automate cloud security
with AWS and Tines

Get started