Friday Flows Episode 28: Use AI to create cases and act on CrowdStrike alerts
In today’s Friday Flows, Conor Dunne, from the Tines Labs team, walks us through a new story using AI to create cases and act on CrowdStrike alerts.
As is the case with many alerts, there’s a lot of information, but it’s not always very clear. He first uses AI to simplify & normalize the data.
Once that is done & a case is created, we can also use AI to act as a security analyst and respond with one of four actions:
🙅♀️ Suspend a user account
🔐 Isolate a host
❌ Block a URL
🔔 Alert the security team using PagerDuty
In this demo, the AI was confident enough to block the URL, so it took action. If the confidence is not high enough, it will provide a recommendation but allow the analyst to take action manually.
I love this example because it’s a natural evolution of stories that Tines users have built for years: take an alert, enrich it, create a case, and help an analyst act. But with the developments in AI, it’s now much easier to parse the information & act with fewer manual steps.