Skip to content

Respond to



positive events

Alerts related to sudo to root, password changes, user creations, and VPN authentications as well as the use of live-off-the-land tools like Powershell occur thousands of times per day. The vast majority of these events will be legitimate, however, the impact associated with a malicious occurrence could be devastating. Enterprise security teams do not have the bandwidth to investigate every one of these alarms.

With Tines you can crowd-source response dramatically increasing response coverage and staff security engagement.

Receive alerts

Use a Webhook or IMAP agent to receive notification when a high-risk/high-false positive event occurs.

Investigate and filter

Use threat intelligence and log searches to filter obviously legitimate results, for example: has the associated IP been seen in our environment the last 30 days?, is the associated asset in an inventory?, does the user have a trouble ticket? etc.

Automate use confirmation

When an event that is obviously not legitimate has been detected, use the Tines Prompt Widget to automate reach out to the employee associated with the event on channels such as IM, Email and SMS.

For example: "Hi Alice, you recently used sudo on, if you did not perform this action, please click here."

Sound the alarm

If a user confirms the action is not associated with them, escalate to an analyst and/or automate remediation actions.

Join Tines and level up your security

Start your free trial today!

The Tines security automation platform helps the world's leading security teams automate any manual task.

Making them more effective and efficient.