Tines

Tines is an enterprise automation platform used to orchestrate and execute workflows across security, IT, and business operations systems.

• Security automation and orchestration for incident response and SOC workflows (security operations)
• Event- and trigger-based workflow engine connecting APIs, Software-as-a-Service (SaaS) tools, and internal systems (workflow automation)
• No-code/low-code interface for building and maintaining automation “stories” (process automation)
• Integrations with common security, identity, IT service management, and collaboration platforms (toolchain integration)
• Execution, monitoring, and logging of automated actions for auditability and compliance use cases (governance and observability)

More About Tines

Tines provides an automation platform (workflow automation) used by enterprises to connect security, IT, and business applications through configurable workflows often referred to as “stories.” These stories ingest events from sources such as email, webhooks, Security Information and Event Management (SIEM) tools, ticketing systems, or other SaaS platforms, then apply logic and execute downstream actions through Application Programming Interface (API) calls, updates, notifications, or ticket operations. The platform is positioned for teams that manage high volumes of operational tasks, particularly Security Operations (SecOps) centers and incident response groups.

The platform is commonly associated with SecOps automation (security orchestration, automation, and response). SOC teams use Tines to enrich alerts, coordinate incident response runbooks, and manage handoffs between detection tools, case management systems, and communication channels. By using HTTP-based connectors, authentication mechanisms, and vendor APIs, Tines workflows can aggregate threat intelligence, update SIEM or Extended detection and response (XDR) tools, and synchronize case data with ITSM systems such as service desks.

Tines follows a no-code or low-code design model, where users configure actions and logic through a browser-based interface instead of writing traditional scripts. This makes it usable by security and IT analysts who understand processes and data flows but may not write code. Stories typically rely on Representational State Transfer (REST) APIs, JSON payloads, and webhooks, and can include conditional branching, loops, and data transformations that resemble traditional automation logic. The platform also supports scheduling and trigger-based execution to respond to events in near real time.

Compared with traditional Security Orchestration Automation Response (SOAR) tools, Tines emphasizes general-purpose workflow automation across multiple domains, including IT operations, employee onboarding, access requests, and business process automation. This positions the product in categories such as security automation, IT process automation, and SaaS operations automation, rather than only within a narrow incident-response tooling segment. The same underlying engine can orchestrate workflows that span HR systems, identity providers, messaging tools, and asset inventories.

For enterprise buyers, Tines addresses use cases where teams need consistent, repeatable workflows with audit trails. The platform logs actions, tracks execution status, and supports collaboration on automation content, which is relevant to governance and compliance requirements. In directory or marketplace taxonomies, Tines fits into security orchestration, automation, and response (SOAR), IT process automation, and broader workflow automation categories, with a focus on API-centric integration across SaaS and cloud systems.