Blog

Streamline your security workflows with these 3 shortcuts in Tines

by
Madeline Day
,
January 2, 2024
Streamline your security workflows with these 3 shortcuts in TinesStreamline your security workflows with these 3 shortcuts in Tines
Madeline Day
January 2, 2024
On this page

Looking for ways to simplify your cloud DLP workflows in 2024? Read on for 3 ways that Tines—our go-to secure workflow builder—can make your resolutions a reality.

First, let’s learn a little about how Tines works. In short, Tines helps users to create “stories” (aka workflows) that streamline communications, automate tasks, and more. Tines stories can take any number of twists and turns by:

  • Converting HTTP callbacks into actions with webhooks.
  • Sending HTTP requests to complete actions in apps like Jira, Slack, GitHub, and more.
  • Automating actions based on incoming emails.
  • Modifying stories by throttling alerts, delaying actions, extracting text, or incorporating other event transformations.
  • Mixing and matching story components with the “Sending to Story” feature.

But how can you put these actions into practice? Read on to see how you can use Tines alongside Nightfall to level up your monitoring, triage, and remediation workflows.

Scanning for sensitive data in Intercom

Intercom, Zendesk, and other customer service platforms present a unique risk when it comes to data leak prevention (DLP). Sensitive data leaks can happen as a result of either an employee accidentally sharing data, or a customer “over-sharing” their own personal data—and the latter happens more frequently than you’d think.

For instance, imagine you’re an employee using Intercom to help a customer process a refund. That customer starts a conversation with the following message:

Hi there! I’m looking to check on the status of my refund for order #12345. My credit card number is 2235-5978-0999-0987. When will my refund be processed?

Though this customer is trying to be helpful, they’ve also leaked sensitive payment information in the process. In order to protect the customer’s PCI and maintain compliance with leading standards like PCI-DSS, it’s vital to detect and remediate the customer’s credit card number as quickly as possible. This is where Tines and Nightfall come in.

Tines and Nightfall have an easy-to-use story template for this precise scenario. In order to set this story into motion, you’ll need to set up a webhook in Intercom for when a user either starts or replies to a conversation. This will ensure that your Tines story will run for each new message.

Monitor Intercom for sensitive content with Nightfall and record in Tines

At a glance, this story will scan each new Intercom message for sensitive data according to your detection rules in Nightfall. To continue our earlier example, we could configure our detection rules to scan for PCI compliance, credit card numbers, and financial transactions. When Nightfall discovers sensitive data, our Tines story will record that data in a Tines case for security teams to investigate it further.

Not only does this story help security teams to automate their workflows, but it also helps them to enhance their security posture and prevent costly breaches. The 2023 Okta breach illustrates just how important it is to scan for sensitive data leaks in customer support systems. (ICYMI, a threat actor was able to access session tokens stored in HAR files, and used those session tokens to impersonate in-house Okta admins at nearly 18,000 customers.)

For more information about how to leverage this story to protect your sensitive data in Intercom, watch Tines’ video here.

Rotating AWS access keys

Say you’re already using Nightfall to scan for API keys, passwords, and other credentials in apps like GitHub and Jira. Even though you’re looking out for possible leaks, it’s still a good idea to rotate your access keys regularly. Here’s where Tines comes in handy yet again: Tines has another story at the ready for automatically rotating AWS access keys that are listed in Tines.

Rotate AWS IAM access keys and update Tines credentials

The story starts by pinpointing keys named “aws_<UserName>_<AccessKeyID>”. Once Tines discovers all relevant keys, it deletes them and replaces them with new ones. It also updates any mention of these keys across other Tines stories. Tines then rounds out the story by sending a Slack message to let your team know that their credentials have been updated.

If you’re looking for a painless way to improve your security posture, this story is a fantastic way to supplement your cloud DLP coverage.

Managing cases in Slack

So you receive your Nightfall alerts via Slack, and want to manage your Tines cases there as well. Have no fear: Tines has another story to help you customize your case management system.

Manage Tines Cases via Slack and track SLAs

First, Tines will lead you through the setup for your case management system, from connecting your Tines credentials to creating webhooks and SLAs. You’ll also be able to set up tags to reflect each case’s status, as well as configure notifications for case updates and comments in Slack.

Last, but not least, each Tines case will contain valuable metadata such as the case’s status, incident classification, impact, total time to detect, total time to respond, and more. This robust metadata not only keeps everyone on your team up to date, but also ensures that your case is thoroughly addressed before it’s closed.

The best part? Now, you can receive Nightfall alerts, remediate sensitive data, and monitor your Tines cases all from the convenience of Slack.

Key takeaways

If you’re looking to transform your cloud security workflows, Tines pairs seamlessly with Nightfall to help you do just that.

Can’t wait to get started? Try creating your own custom Tines stories or scheduling a demo with Nightfall today.

Nightfall Mini Logo

Getting started is easy

Start protecting your data with a 5 minute agentless install.

Get a demo