The majority of SOC teams are overworked & under-appreciated. Generally, they get flooded with alerts. There aren't enough human beings or resources to deal with the volume of alerts. So teams will 'turn down' their SIEM solutions so that they can deal with a realistic volume. The downside is that you're going to miss alerts you should deal with & you're going to get a lot of false positives.".

This week’s Friday Flows features our first Community-built story. Big thank you to Christopher Cutajar for sharing his “Manage Elasticsearch and GKE clusters via Slack” workflow and for highlighting the great work of his team at Elastic overall. "As a team, we've built quite a lot of stuff. Both Tines and Elastic are easy to work with & provide value not just with security, but provide a platform for anyone technical or non-technical to enable the business.".

The strides in GenAI have been remarkable this year, but we're all still trying to figure out how to impact our day-to-day work. In this demo, we use AI in the best way we know how to at Tines: by speeding up a security analyst's work and making their life a little easier! Use ChatGPT to normalize alert formats, in this case from CRWD. Alerts from multiple sources are converted into a standard format for easier processing by a SOC, and a ticket is then created.

API-based automations rely on credentials and secrets. Managing these secrets across multiple locations can increase the workload for administrators. In this webinar, Tines Solutions Engineer Chris Kohanek will show you how to securely reference secrets stored in 1Password and HashiCorp Vault. This means you won't need to store API credentials in Tines, and updates to your secrets won't disrupt your Tines Stories. We'll also guide you through setting up a Secrets Automation Workflow in 1Password and demonstrate how Tines can automate the process of referencing secrets, making it more secure and reducing the administrative burden on your team.

In the first instalment of "Tines, securing your cloud infrastructure" we look at two stories designed to save money and resources and close potential security gaps in your AWS environment. Our first story monitors AWS IAM access keys and automatically deactivates any that are older than 30 days. Our second story looks at automatically stopping and starting EC2 instances that may have been spun up for testing purposes.