Tines Security Automation API

Tines security automation platform REST API for security operations teams, DevSecOps engineers, and enterprise security programs to build and manage no-code security workflows that orchestrate across security tools and automate SOC operations. Enables AI agents to manage story (workflow) creation and configuration for security automation deployment, handle action trigger and event-based workflow execution for SOC alert automation, access API action configuration for multi-tool security orchestration automation, retrieve story execution logs and audit trail for security workflow compliance automation, manage team and credential management for security workflow governance automation, handle webhook inbound event processing for security alert ingestion automation, access AI action integration for AI-powered security decision automation within Tines workflows, retrieve story performance analytics for security automation ROI reporting automation, manage template and story library for security automation standardization, and integrate Tines with SIEM, EDR, ticketing, and communication tools for end-to-end security operations automation.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Security tines security-automation SOAR no-code workflow-automation SOC
⚙ Agent Friendliness
64
/ 100
Can an agent use this?
🔒 Security
82
/ 100
Is it safe for agents?
⚡ Reliability
78
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
20
Documentation
82
Error Messages
80
Auth Simplicity
75
Rate Limits
75

🔒 Security

TLS Enforcement
95
Auth Strength
80
Scope Granularity
77
Dep. Hygiene
77
Secret Handling
80

Security automation. SOC2, ISO27001, GDPR. API key/OAuth2. US/EU. Security workflows, credentials, and incident automation data.

⚡ Reliability

Uptime/SLA
80
Version Stability
80
Breaking Changes
75
Error Recovery
78
AF Security Reliability

Best When

A security operations team wanting AI agents to automate SOC alert enrichment, incident response orchestration, multi-tool security workflows, and compliance reporting using Tines's no-code security automation platform with API-first design.

Avoid When

AUTOMATED INCIDENT RESPONSE BLAST RADIUS FOR DESTRUCTIVE ACTIONS: Tines automated security workflows can execute destructive actions (account disable, endpoint isolate, file quarantine) at machine speed; automated remediation without human confirmation gate for high-impact actions creates blast radius risk from false positive detection; implement mandatory human approval for automated endpoint isolation, account suspension, or network block actions. CREDENTIAL STORAGE FOR PRIVILEGED ACCESS: Tines stores API credentials for connected security tools; automated workflow credentials should follow least-privilege principle; over-privileged credentials stored in Tines creates elevated attack surface if Tines platform is compromised; implement dedicated service account credentials with minimum required permissions for each Tines integration. ALERT FATIGUE FROM MISCONFIGURED AUTOMATION: Automated notification and escalation actions in Tines stories misconfigured with broad trigger conditions create alert fatigue for security teams; automated alert routing without threshold and deduplication configuration generates high-volume noise that degrades SOC team response to genuine incidents.

Use Cases

  • Automating SOC alert triage from security operations agents
  • Orchestrating incident response from security workflow agents
  • Enriching threat intelligence from security data automation agents
  • Automating phishing response from email security agents

Not For

  • Network traffic analysis and NDR (use Darktrace or ExtraHop)
  • Endpoint detection and response (use CrowdStrike or SentinelOne natively)
  • SIEM log management and search (use Splunk or Elastic Security)

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: apikey oauth
OAuth: Yes Scopes: Yes

Tines uses API key and OAuth 2.0 authentication. REST API with JSON. Dublin, Ireland HQ and New York. Founded 2018 by Eoin Hinchy and Thomas Kinsella. Private (~$260M raised, Accel, Addition, Tiger Global). No-code security automation platform. 700+ pre-built integrations. Community library of story templates. AI actions for LLM-powered workflow steps. SOC2 Type II, ISO 27001. Competes with Splunk SOAR (Phantom), Palo Alto XSOAR, and Torq for security orchestration.

Pricing

Model: subscription
Free tier: Yes
Requires CC: No

Dublin Ireland. Private (~$260M raised). Annual subscription. Free community edition. Team and Enterprise tiers. SOC2, ISO27001.

Agent Metadata

Pagination
cursor
Idempotent
Full
Retry Guidance
Documented

Known Gotchas

  • STORY EXECUTION RATE AND CONCURRENT STORY LIMITS: Tines story execution has concurrent execution limits per subscription tier; automated workflows that trigger many parallel story executions (mass alert processing) may hit concurrency limits; implement story execution queue management and monitor concurrency utilization before high-volume automated security event processing deployment
  • CREDENTIAL ROTATION FOR CONNECTED SECURITY TOOLS: Tines stores credentials for connected tools as encrypted secrets; automated credential rotation for connected security tools must update Tines secret values as part of rotation workflow; automated security tool credential rotation without updating Tines secrets creates authentication failure for all stories depending on rotated credentials
  • AI ACTION OUTPUT DETERMINISM FOR AUTOMATED DECISION GATES: Tines AI actions use LLM for security decision support; AI action outputs are non-deterministic; automated security workflows that use AI action output as binary decision gate (block/allow) without confidence threshold create inconsistent automated response based on LLM output variation; implement confidence scoring and human escalation for AI-driven security decisions
  • WEBHOOK INBOUND EVENT ORDERING AND DEDUPLICATION: Tines inbound webhook processing does not guarantee event ordering for concurrent events from same source; automated security alert enrichment workflows must implement alert deduplication using external alert ID; automated processing of out-of-order alert events creates incorrect alert state and duplicate enrichment actions
  • STORY TEMPLATE COMMUNITY LIBRARY SECURITY REVIEW: Tines Community library provides pre-built story templates; automated deployment of Community templates without security review creates untested automation in production security workflows; review all imported story templates for hardcoded credentials, overly broad permissions, and unintended external data sharing before automated story deployment

Alternatives

swimlane-api d3security-api torq-api splunk-soar-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Tines Security Automation API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered