Jul 09, 2025The Hacker NewsSecurity Operations / Automation
Run by the group at workflow orchestration and AI platform Tines, the Tines library options over 1,000 pre-built workflows shared by safety practitioners from throughout the neighborhood – all free to import and deploy by means of the platform’s Neighborhood Version.
A current standout is a workflow that handles malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Developed by Lucas Cantor at Intercom, the creators of fin.ai, the workflow makes it simpler to find out the severity of a safety alert and escalate it seamlessly, relying on the gadget proprietor’s response. “It is a good way to cut back noise and add context to safety points which might be added on our endpoints as properly,” Lucas explains.
On this information, we’ll share an summary of the workflow, plus step-by-step directions for getting it up and working.
The issue – lack of integration between safety instruments
For safety groups, responding to malware threats, analyzing their severity, and figuring out the gadget proprietor to allow them to be contacted to resolve the risk, can take up a whole lot of time.
From a workflow perspective, groups usually need to:
Manually reply to CrowdStrike occasions
Enrich the alert with further metadata
Doc and alert the gadget proprietor in Slack
Notify on name groups through PagerDuty
Going by means of this course of manually can lead to delays and enhance the probabilities of human error.
The answer – automated ticket creation, gadget identification, and risk triage
Lucas’s prebuilt workflow automates the method of taking the malware alert and creating the case – whereas crucially notifying the gadget proprietor and the on-call group. This workflow helps safety groups precisely establish the extent of risk quicker by:
Detecting new alerts from Crowdstrike
Figuring out and notifying the gadget proprietor
Escalating vital points
The result’s streamlined response to malware safety alerts that ensures they’re handled rapidly, it doesn’t matter what the severity.
Key advantages of this workflow:
Diminished remediation time
Gadget proprietor is stored knowledgeable
Clear remediation and escalation pathways
Centralized administration system
Workflow overview
Instruments used:
Tines – workflow orchestration and AI platform (free Neighborhood Version accessible)
Crowdstrike – risk intelligence and EDR platform
Oomnitza – IT asset administration platform
Github – developer platform
PagerDuty – incident administration platform
Slack – group collaboration platform
The way it works
Half 1
Get a safety alert from CrowdStrike
Discover the gadget that the alert was triggered and lookup its particulars
Create a ticket in GitHub for the alert and lift the difficulty in a Slack message
If the gadget is owned by a person and it’s a low precedence,
Ship the proprietor a message requesting escalation
If the gadget is owned by a person and it’s a excessive precedence,
Create a PagerDuty Occasion to inform the on-call analyst
Informing the proprietor of the continuing problem
Half 2
Get a person interplay with the Slack message
Enrich the GitHub problem with the customers response
If the proprietor escalates the difficulty
Create a PagerDuty Occasion to inform the on-call analyst
Configuring the workflow – step-by-step information
1. Log into Tines or create a brand new account.
2. Navigate to the pre-built workflow within the library. Choose import. This could take you straight to your new pre-built workflow.
3. Arrange your credentials
You may want 5 credentials added to your Tines tenant:
CrowdStrike
Oomnitza
Github
PagerDuty
Slack
Word that related companies to those listed above may also be used, with some changes to the workflow.
From the credentials web page, choose New credential, scroll right down to the related credential and full the required fields. Comply with the CrowdStrike, Oomnitza, Github, PagerDuty, and Slack credential guides at defined.tines.com when you need assistance.
4. Configure your actions.
Set your surroundings variables. This consists of your:
Slack IT channel alerting webhook (`slack_channel_webhook_urls_prod`)
CrowdStrike/GitHub severity precedence mapping (`crowdstrike_to_github_priority_map`)
Configure CrowdStrike to alert the New CrowdStrike Detection webhook when a detection is created
Configure your SlackBot interactivity URL to the Obtain Slack Button Push webhook
5. Take a look at the workflow.
6. Publish and operationalize
As soon as examined, publish the workflow.
If you would like to check this workflow, you’ll be able to join a free Tines account.
Discovered this text fascinating? This text is a contributed piece from one in all our valued companions. Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.
