Integration Overview:
Team Cymru's integration with Tines offers comprehensive threat intelligence capabilities through our Pure Signal™ Threat Intelligence platform. This integration allows you to collect, normalize, and monitor logs, helping to identify suspicious activity in real-time. The enriched data from Team Cymru is retained within Tines, enabling thorough security investigations and threat analysis. Tines' powerful automation capabilities help customers accelerate detection and response to enhance overall security.
Use Cases for Team Cymru Data in Tines
Tines Brings Power Automation Capabilities To Your SOC and Accelerates IR & Investigations.
Shown below: Tines' Template accelerates the process of discovering assets, identifying vulnerabilities and leverages automation to launch an investigation using Team Cymru's Pure Signal™ Platform.
Parsing, Normalizing, &
Analyzing Logs
As the Team Cymru App ingests logs, they are parsed, normalized, and stored within Tines. This enables you to write detections, identify anomalies, and conduct investigations across extensive datasets.
Normalization: The app applies standardized fields to log records, allowing for consistent attribute names and facilitating data correlation across multiple sources.
Analysis Tools: Utilize Tines' tools to investigate your normalized logs for suspicious activities or vulnerabilities.
Built-In And Easily Customizable Detections
The Team Cymru App provides several pre-built detections out-of-the-box, offering immediate value for monitoring common indicators of compromise (IoCs) and threats.
Pre-built Detections: Access default detections tailored for common threats and loCs.
Custom Detections: Leverage Tine’s powerful Transform capabilities to create custom detection logic, allowing you to define rules specific to your organization’s needs.
Configuring Alerts
The app generates alerts based on your configured detection rules and policies. These alerts can be integrated with various destinations for intuitive management and remediation.
Severity Levels: Alerts are categorized into different severity levels -- Info, Low, Medium, High, and Critical. Customize these levels based on specific log event attributes.
Alert Destinations: Integrate alerts with Tine's alert actions to send notifications to email, Slack, or other SOAR platforms
Onboarding Team Cymru Data in Tines
Install the App
Download and install the Team Cymru App from Tines.
Configure Data Inputs
Collect Team Cymru logs. Configure the parameters in the appropriate settings.
API key setup
Obtain your API Key from Team Cymru and configure it within the app settings.
Verify data collection
Ensure that logs are being ingested correctly and that threat intelligence data is being applied.
Team Cymru + Tines = Winning Combination
Team Cymru and Tines together provide a powerful solution for comprehensive threat intelligence and automated response. Team Cymru's detailed threat intelligence feeds and extensive data on IP address relationships, combined with Tines' robust automation and orchestration capabilities, create a highly effective security operations environment.
Tines’ ability to automate and manage security workflows is complemented by Team Cymru’s real-time threat intelligence, enabling security teams to identify and respond to quicker with a higher degree of accuracy. This integration allows organizations to gain deeper insights into their security posture, streamline their incident response processes, and maintain a proactive approach to cybersecurity.