CrowdStrike

CrowdStrike

Featured integrations

CrowdStrike Integration

When you connect CrowdStrike and Tines you empower full cycle incident response, additional threat intelligence, and better context for all your decisions and actions. Tines allows you to integrate easily with many local or remote data sources. You can quickly build workflows that leverage your preexisting processes including those of other teams. By combining CrowdStrike and Tines you open up the ability to leverage institutional knowledge from humans, services, and machines. As your situational awareness grows and needs change, so too do your integration requirements, workflows, and event enrichment needs. With Tines as your automation workflow engine you can keep pace with the future and its evolving threat landscape. Decrease your Mean Time to Respond (MTTR) and refine your responses with intelligent automation.

Use Cases

Automate and enrich threat hunting and IoCs with extra context and actions::Carry out forensic playbook steps (inc. enrichment) on an endpoint::Provide limited and safe agent workflows (status/actions) to helpdesk staff::Retrieve and build multi-platform custom reports in real-time::Create user gate-kept workflows (requiring human confirmation to proceed)::Pivot through Tines stories to interconnect any other platform or API

Tines is built on stories. If you can tell the story of your current process (or a desired workflow) Tines can automate it. Using simple building blocks, any team member can build a Tines story across their teams, platforms, or business units. You can even chain stories together (using sub-stories) to build more complex modular and reusable workflows.

Start with the low-hanging fruit and then work your way up the tree! Which manual tasks, runbooks, playbooks, or SOPs do you or your team spend the most time on?

Agents and Actions

Just a sample of some of the prebuilt triggers, transforms, and actions ✓

Docs and Tutorials

CrowdStrike + API

Falcon is the CrowdStrike platform purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks — including malware and much more. CrowdStrike Falcon provides a powerful yet lightweight solution that unifies next-generation antivirus(NGAV), endpoint detection and response (EDR), cyber threat intelligence, managed threat hunting capabilities and security hygiene — all contained in a tiny, single, lightweight sensor that is cloud-managed and delivered. Falcon Connect provides the APIs, resources and tools needed by customers and partners to develop, integrate and extend the use of the Falcon Platform itself, and to provide interoperability with other security platforms and tools.

You can leverage turn-key Tines agents with Crowdstrike and begin automating 'out-of-the-box'. We recommend creating dedicated Crowdstrike API keys for use with Tines to ensure separation of duty.

Visit CrowdStrike Docs ( https://falcon.crowdstrike.com/support/documentation ) or check out the CrowdStrike API ( https://falcon.crowdstrike.com/support/documentation ) to see what endpoints you can access.

Tines + API

Tines is the automation engine for all your workflows. It enables you and your team to automate away manual tasks and create consistency with repeatable and reliable automated processes. With just a few simple building blocks you can rapidly automate a whole host of everyday tasks and workflows. Not only can you create your own agents but you benefit from the ongoing shared contributions of our analysts, engineers, and customers. Whether you leverage our prebuilt blocks or roll your own, it's simple to create actionable and repeatable outcomes that save you time and stress. This frees you up to work on more valuable and creative challenges. Tines is more than just a SoaR(Security Orchestration Automation and Response) platform or API tool, it's an engine that powers a whole range of processes, people, and workflows.

If there's an endpoint with an API, Tines can query it securely and correctly without using any apps, plugins, modules, or applets. As there is no need for coding or fragile scraping, Tines accelerates and empowers you to work smarter and more strategically. Irrespective of size or volume, it only takes minutes to leverage the Tines cloud. You can even deploy dedicated instances on your own infrastructure.

Escape from alert fatigue, standardize your workflows, and take back control by automating your processes, playbooks, and SOPs(Standard Operating Procedures) with simple drag-and-drop actions.

Visit Tines Docs for more information on agents, events, stories, credentials, globals, or administration. Even though you work from inside the graphical storyboarding tool, you can still access the Tines API if so desired for even deeper integrations.

You can also use powerful Liquid Templates and Filters throughout Tines (including in URLs, headers, credentials, or payloads).

Deep Dives

Check out the Tines Blog for more in-depth deep dives and novel uses.

More Help

If you have a question, comment, or suggestion just reach out!

Explore a quick workflow and begin your own automation story

Try it yourself

Related Integrations