Automating detection and response with Panther and Tines

Modern detection and response teams face the challenge of processing vast amounts of log data from various sources in the cloud, requiring efficient workflows for analyzing logs, generating alerts, and determining their validity. The integration of Panther and Tines offers a solution by automating these processes, allowing security teams to focus on critical issues. In a given scenario, Okta SSO logs are analyzed with Panther to alert on any user granted Administrator privileges, which is crucial as SSO controls access to internal systems. Alerts are sent to Tines via a webhook to automate responses such as checking for malicious IPs and confirming user actions through Slack. Depending on user responses, further actions like creating a new case or locking an account may be taken. Panther's ability to collect, normalize, and query logs using SQL, combined with Tines' drag-and-drop workflow builder, allows for the automation of threat intelligence lookups and incident escalation. This approach not only enhances security but also reduces manual workload and burnout in security operations centers (SOCs), demonstrating a scalable method to maintain strong security in growing cloud environments.