Sep 19, 2025The Hacker NewsAI Automation / Safety Operations
Run by the staff at workflow orchestration and AI platform Tines, the Tines library options over 1,000 pre-built workflows shared by safety practitioners from throughout the group – all free to import and deploy by way of the platform’s Neighborhood Version.
The workflow we’re highlighting streamlines safety alert dealing with by robotically figuring out and executing the suitable Normal Working Procedures (SOPs) from Confluence. When an alert triggers, AI brokers analyze it, find related SOPs, and carry out required remediation steps – all whereas protecting the on-call staff knowledgeable through Slack.
It was created by Michael Tolan, Safety Researcher L2 at Tines, and Peter Wrenn, Senior Options Engineer at Tines.
On this information, we’ll share an outline of the workflow, plus step-by-step directions for getting it up and operating.
The issue – handbook alert triage and SOP execution
For safety groups, responding to alerts effectively requires shortly figuring out the risk kind, finding the suitable SOP, and executing the required remediation steps.
From a workflow perspective, groups usually need to:
Manually analyze incoming safety alerts
Search by way of Confluence for related SOPs
Doc findings and actions in case administration techniques
Execute a number of remediation steps throughout totally different safety instruments
Replace the case administration system once more after the very fact
Notify stakeholders about incidents and actions taken
This handbook course of is time-consuming, liable to human error, and may result in inconsistent dealing with of comparable alerts.
The answer – AI-powered alert triage with automated SOP execution
This prebuilt workflow automates your entire alert triage course of by leveraging AI brokers and Confluence SOPs. The workflow helps safety groups reply sooner and extra persistently by:
Utilizing AI to investigate and classify incoming alerts
Routinely finding related SOPs in Confluence
Creating structured case information for monitoring
Deploying a second AI agent (subagent) to execute remediation steps
Documenting all actions and notifying the on-call staff through Slack
The result’s a streamlined response to safety alerts that ensures constant dealing with in accordance with established procedures.
Key advantages of this workflow
Lowered imply time to remediation (MTTR)
Constant utility of safety procedures
Complete documentation of all actions taken
Lowered analyst fatigue from repetitive duties
Improved visibility by way of automated notifications
Workflow overview
Instruments used:
Tines – workflow orchestration and AI platform (free Neighborhood Version obtainable)
Confluence – data administration platform for SOPs
This particular workflow additionally makes use of the next items of software program. Nonetheless, you should utilize no matter enrichment/remediation instruments presently present inside your expertise stack alongside Tines and Confluence.
CrowdStrike – risk intelligence and EDR platform
AbuseIPDB – IP status database
EmailRep – e mail status service
Okta – id and entry administration
Slack – staff collaboration platform
Tavily – AI analysis software
URLScan.io – URL evaluation service
VirusTotal – file and URL scanning service
The way it works
Half 1: Alert Ingestion and Evaluation
Obtain safety alert from built-in safety instruments
AI agent analyzes the alert to find out kind and severity
System searches Confluence for related SOPs based mostly on alert classification
Create a case document with alert particulars and recognized SOP
Half 2: Remediation and Documentation
Second AI agent opinions the case and SOP directions
AI agent orchestrates remediation actions throughout applicable safety instruments
All actions are documented within the case historical past
Slack notification is distributed to the on-call staff with alert particulars and actions taken
Configuring the workflow – step-by-step information
1. Log into Tines or create a brand new account.
2. Navigate to the pre-built workflow within the library. Choose import.
3. Arrange your credentials
You will want credentials for all of the instruments used on this workflow. You’ll be able to add or take away no matter instruments you want to fit your surroundings.
Confluence
CrowdStrike
AbuseIPDB
EmailRep
Okta
Slack
Tavily
URLScan.io
VirusTotal
From the credentials web page, choose New credential, scroll all the way down to the related credential and full the required fields. Observe the credential guides at defined.tines.com for those who need assistance.
4. Configure your actions.
Set your surroundings variables. On this explicit workflow, that particularly requires setting the Slack channel for notifications (hardcoded to #alerts by default, however could be adjusted within the Slack motion).
5. Customise the AI prompts
The workflow contains two key AI brokers:
Alert Evaluation Agent: Customise the immediate to assist determine alert sorts
Remediation Agent: Customise the immediate to information remediation actions
6. Take a look at the workflow.
Create a check alert to confirm:
Alert is correctly categorised
Appropriate SOP is retrieved from Confluence
Case is created with applicable particulars
Remediation steps are executed
Slack notification is distributed
7. Publish and operationalize
As soon as examined, publish the workflow and combine together with your safety instruments to start receiving dwell alerts.
If you would like to check this workflow, you possibly can join a free Tines account.
Discovered this text attention-grabbing? This text is a contributed piece from one in every of our valued companions. Observe us on Google Information, Twitter and LinkedIn to learn extra unique content material we publish.
