Skip to main content

Overview

Accessing Tines#

To sign into Tines you need a tenant. A tenant is created when you purchase a Tines plan or when you sign up for our forever-free community edition.

Actions#

Actions are the building blocks of Tines automation stories. They perform a number of functions, including interaction with 3rd-party tools and services. After running, actions emit events to other actions. They can run on a predefined schedule or when they receive an event. There are seven types of actions in Tines. With just these seven actions, you will be able to automate and scale almost any manual workflow.

Actions are configured using an 'options block'. The options block is a JSON object which defines how the action will operate. Each action type has unique configuration options. The action types are listed below and are described in detail in the Actions section.

Action functionality can be expanded through configuration widgets and Liquid templating.

Events#

Events represent the structured data sent between actions. Tines events are JSON objects, making them flexible and easily to read. A Tines event can be anything from the JSON representation of an anti-virus alert, to an email, or a threat intelligence indicator. The following represents an event emitted by an IMAP action:

{  "message_id": "CAEZnBTFKu21fR-5xHtTDsTbmMMNgaVQwEmhd9TCrPWn-UAE0vg@mail.example.com",  "folder": "INBOX",  "subject": "This is a sample email",  "from": "alice@example.com",  "to": ["tinesdemouser@outlook.com"],  "cc": [],  "date": "2018-03-12T11:06:48+00:00",  "mime_type": "text/plain",  "body": "This is the email body.",  "has_attachment": false}

When an action (Action A) receives an event it has access to every field contained in the incoming event's body. Based on the action's configuration it will action the event and emit the results in a new event. This event will be emitted to any action configured to receive events from Action A.

Every event is timestamped and "write once", providing an audit trail and making them ideal for calculating key performance metrics for your programs.

Stories#

Stories are a collection of interconnected actions working towards a singular mission. They can be viewed as analogous to use-cases or playbooks. For example, you might have a Phishing story, an Infected endpoint story or a DDoS story. To support sharing, stories can be imported and exported.

Stories are created and updated on an interactive storyboard in Tines. The following image shows the storyboard for a story designed to automate threat detection and response of corporate VPN connections.

Sample Tines story

Each Tines tenant includes a number of sample stories to help you get started.