Cyber Security Engineer at a tech vendor with 1,001-5,000 employees
Real User
Top 20
Mar 25, 2026
In the cybersecurity engineering and security automation field, we use Tines to automate the enrichment and analysis of different use cases, including IOC enrichment and bringing AI-powered capabilities into our workflows. The primary use case is automating our detection use cases. Whenever we create a new detection, the alert is sent to a webhook in Tines, and from that webhook we create a workflow that automates the primary job of the L1 analyst, which is the initial triage of that particular alert. Tines will then create a ticket in our ticketing platform that will be sent directly to the customer, so the initial manual effort after that alert has been created is automated through Tines. Regarding the scope of impact, we have about 12,000 customers using our product, and for each customer, we generate roughly about five alerts per day. Ninety percent of these alerts are automated through Tines, which is going to reach 100% pretty soon. For each of these alerts, the initial triage costs about 30 minutes to one hour per analyst, and the entire work is being done through Tines, which includes time-consuming enrichment. For example, we have a particular module in Tines that takes in a malicious IP that was seen in a particular alert and drives that IP through different OSINT tools—about seven different OSINT tools—and consolidates the results and generates a risk score for that IP based on all the results. For an analyst, it would take at least one hour to two hours to get the result with this much perfection, but with Tines, it happens instantaneously. Including the enrichment of different IOCs, the workflow does the initial triage of the alert and creates a ticket that has sufficient information that would take a significant amount of time for an analyst to compile manually for each alert. In perspective of 12,000 customers with each customer having about roughly two to five alerts per day, that much alert volume is completely automated through Tines. Beyond this primary use case, we also use Tines for integrating different tools and making the SOC AI powered. We have a different AI model that we integrate with Tines to bring AI capacity and GenAI capabilities into our day-to-day activities, including detection creation, ticket management, and change control management. We have integrations with GitHub to use this in the DevOps field. However, all of these are smaller use cases compared to the SIEM rules automation, which is the primary one, but we cover a broad spectrum across many different fields.
I am Vikram Singh, I work for top service based multinational brand and I am responsible for delivering Tines services. Essentially, I am working on it, and I am leading one of the source services for a client who uses Tines.
Tines offers no-code and low-code automation for users to automate tasks without coding expertise, integrating seamlessly with APIs to enhance incident management and security operations.Known for a vendor-neutral approach, Tines provides detailed documentation and live chat support, allowing for effective integration with other tools, scheduling capabilities, and streamlined processes that save time and effort. Users find it intuitive for efficient task handling, making manual intervention...
In the cybersecurity engineering and security automation field, we use Tines to automate the enrichment and analysis of different use cases, including IOC enrichment and bringing AI-powered capabilities into our workflows. The primary use case is automating our detection use cases. Whenever we create a new detection, the alert is sent to a webhook in Tines, and from that webhook we create a workflow that automates the primary job of the L1 analyst, which is the initial triage of that particular alert. Tines will then create a ticket in our ticketing platform that will be sent directly to the customer, so the initial manual effort after that alert has been created is automated through Tines. Regarding the scope of impact, we have about 12,000 customers using our product, and for each customer, we generate roughly about five alerts per day. Ninety percent of these alerts are automated through Tines, which is going to reach 100% pretty soon. For each of these alerts, the initial triage costs about 30 minutes to one hour per analyst, and the entire work is being done through Tines, which includes time-consuming enrichment. For example, we have a particular module in Tines that takes in a malicious IP that was seen in a particular alert and drives that IP through different OSINT tools—about seven different OSINT tools—and consolidates the results and generates a risk score for that IP based on all the results. For an analyst, it would take at least one hour to two hours to get the result with this much perfection, but with Tines, it happens instantaneously. Including the enrichment of different IOCs, the workflow does the initial triage of the alert and creates a ticket that has sufficient information that would take a significant amount of time for an analyst to compile manually for each alert. In perspective of 12,000 customers with each customer having about roughly two to five alerts per day, that much alert volume is completely automated through Tines. Beyond this primary use case, we also use Tines for integrating different tools and making the SOC AI powered. We have a different AI model that we integrate with Tines to bring AI capacity and GenAI capabilities into our day-to-day activities, including detection creation, ticket management, and change control management. We have integrations with GitHub to use this in the DevOps field. However, all of these are smaller use cases compared to the SIEM rules automation, which is the primary one, but we cover a broad spectrum across many different fields.
I am Vikram Singh, I work for top service based multinational brand and I am responsible for delivering Tines services. Essentially, I am working on it, and I am leading one of the source services for a client who uses Tines.
We use it for automations on the enterprise security aspect.
I run a security operation center. We used the solution for alert detection. We evaluated it for managed detection and response.