Introducing ‘send to story’

Introducing ‘send to story’

Teams regularly need to perform a task or a set of tasks in multiple different automation stories. For example, a threat intelligence story and a phishing response story may use the same procedure to analyse a URL; similarly a user de-provision story and a vulnerability management story may require you to find and then relate tickets in Jira based on a search term. Tines can now help you solve this problem once and for all!

Continuing our deep-dive into new features included in the Tines Autumn 2019 release, we’re proud to detail information about our latest feature ‘Send to Story‘.

Rather than creating the same set of agents in multiple stories (thus violating the DRY-principle), send to story allows users create “sub-stories” to which events can be sent from other stories. When the sub-story receives an event, it will perform its action and when finished, emit an event from the sending agent.


Sub-stories work the exact same as normal Tines stories. The only difference being that a sub-story has an Entry agent and an Exit agent. The entry agent must be a webhook type agent. The exit agent must be a message-only mode event transformation agent.

Enabling a story for send to story (creating a sub-story)

From a storyboard, when no agents are selected, in the properties panel there is a checkbox to enable a story for send to story. When this checkbox is clicked, you’ll be asked to specify entry and exit agents. A sub-story can only have one entry and one exit agent.

Enable sub-story from storyboard
Enable sub-story from storyboard
Configure send to story
Configure send to story

Entry agent

When a Send to Story agent sends an event to a sub-story, the entry agent will emit an event to its receiver agents. Entry agents must be of type Webhook.

Exit Agent

The Exit agent is the last agent in a sub-story and must be a message-only mode event transformation agent. The content specified in the Exit agent will be emitted by the agent that originally sent the event to the sub-story.

Sending to a Sub-Story

When you need to send data to a sub-story, you should use a Send to Story Agent with the story widget. For example say we have a sub-story called Substory we would send events to this sub-story with a Send to Story Agent:

You can create a new Send to Story agent by dragging an Empty agent from the agent library panel.

Send to story agent animation
  "story": "{% story Substory %}",
  "payload": {
    "url": ""

The entry agent in Substory will then emit an event similar to the below:

  "receive_url_to_analsye": {
    "url": "",
    "#event_id": "1029",
    "#agent_id": "21"

When this event has run down the story, the Exit agent will emit an event, and the calling Send to Story agent will also emit an event that matches the exit agent’s configuration.

For example, let’s say the HTTP Request Agent above was named “Analyse URL” and we have the following exit agent defined in Substory:

  "mode": "message_only",
  "uppercase_url": "{{.receive_url_to_analsye.url | upcase }}"

When the sub-story is complete Analyse URL will emit an event similar to the below:

  "analyse_url": {
    "uppercase_url": "HTTP://EVIL-SITE.COM"

Demo Story

To illustrate this further, you can download a sample story, ‘analyze URL in urlscan’ here.

Note, to import and run this story you’ll need to create a credential, urlscan_io, using an API Key from

This story is designed to submit URLs to urlscan for analysis. It will then wait for 30 seconds while urlscan processes the results, and, when complete, return the verdict.

This analyze URL in urlscan process now be can now be called from any other Tines story to analyze urls using a Send to Story Agent. You can also run the agent from within the Sub-Story itself and hardcode a URL to analyze. This way you can just click “Run” and shortly after Tines will return with the results of the URL Analysis.

Send to Story Ideas

Other repeatable processes our customers have automated include:

  • Analyze an IP Address, Domain or Email Address
  • Search a SIEM for visits to a Domain
  • Lock a User’s Account
  • Update a JIRA Ticket
  • Analyze a Suspicious File in a Sandbox
  • Find and Relate Tickets in a Case Management System
  • Find and Send a User an Instant Message

To learn more about Tines, book a demo or get started with a fully-featured Community Edition account. It’s free to use, requires no up-front commitment and includes a generous automation capacity.

Eoin Hinchy
Eoin Hinchy
Founder, Tines