⚙️

Tines

Name: Tines
Author: IndiAI Tools Editorial Team

Automate security workflows with no-code automation

Free | Freemium | Paid | Enterprise ⭐⭐⭐⭐☆ 4.3/5 ⚙️ Automation & Workflow 🕒 Updated April 22, 2026

IA Reviewed by the IndiAI Tools editorial team How we review →

Visit Tines ↗ Official website

Quick Verdict

Tines is a no-code automation platform focused on security operations and incident response, enabling security teams to automate repetitive workflows without scripting. It’s ideal for SOC analysts and security engineers who need reliable, audit-ready automation across alerts, enrichments, and ticketing. Pricing is tiered with a free community edition and paid plans that scale to enterprise, so teams can trial basic automation before committing to custom enterprise licensing.

Tines is a no-code automation and workflow platform that helps security teams automate incident response, alert enrichment, and repetitive operational tasks. Its core capability is building event-driven “stories” — visual sequences of actions — without writing code, letting teams orchestrate APIs, parse alerts, and push tickets. Tines’ differentiator is a security-first design (audit logs, safe HTTP actions, per-story credentials) that targets SOCs, incident responders, and security operations engineers. Pricing starts with a free community tier for small teams and scales to custom enterprise plans, making the automation platform accessible to evaluators and enterprise buyers alike.

About Tines

Tines is a London-founded no-code automation platform launched in 2018 that positions itself squarely at the intersection of security operations and workflow automation. Built to reduce manual toil in SOCs and security teams, Tines lets users build event-driven “stories” — sequences of actions and triggers — via a visual canvas rather than traditional scripting. The company emphasizes security controls such as per-action credentials, audit trails, and role-based access to ensure automation itself meets compliance and incident-handling requirements. By focusing on security use cases rather than generic automation, Tines claims to lower MTTR and reduce alert fatigue for security practitioners.

The platform’s core features match its security-first focus. The visual story canvas supports four primary action types: HTTP requests (flexible API calls with headers, body templates, and credential binding), Transformers (JSON parsing and field extraction using Jinja-like templates), Conditional actions (if/else branching and event routing), and Connectors (pre-built integrations for ticketing, EDR, SIEMs, and cloud providers). Tines also includes a credentials vault for encrypting API keys per story, robust audit logging showing who executed or edited stories, and a scheduler for recurring tasks. Recent updates added a built-in message bus (event queueing to avoid dropped events) and outgoing webhook reliability features for guaranteed delivery and retry policies.

Tines’ pricing is tiered and intended for a range from small teams to global enterprises. A free Community tier exists for evaluation with limits (single-user or small-team constraints, limited stories and connectors). Paid pricing is not fully self-service beyond a Starter/Pro offering; the public site lists a Professional/Team tier starting around a documented quote-based monthly price for more connectors, team seats, and SLAs, while Enterprise is custom-priced and includes SSO, dedicated support, and contract terms. The free tier is suitable for proof-of-concept work; paid plans unlock multi-user collaboration, higher event throughput, SSO, and enterprise compliance features. Exact per-seat and throughput pricing is typically provided during sales conversations for Pro and Enterprise tiers.

Security engineers, SOC analysts, and automation specialists are the primary users of Tines. A SOC analyst uses Tines to automate triage and enrichment, reducing analyst time per alert by extracting IOC details and enriching them across threat feeds. A security engineer uses Tines to orchestrate automated containment workflows, such as disabling user accounts and creating tickets in ServiceNow. Real-world workflows include phishing triage, vuln alert enrichment, and automated remediation. Compared to a generic iPaaS like Zapier, Tines differentiates by offering per-story credential isolation, audit-centric design, and event durability tailored to security operations rather than broad business automation.

What makes Tines different

Three capabilities that set Tines apart from its nearest competitors.

✨ Per-story credential vaulting that isolates API keys and secrets per workflow.
✨ Built-in event queueing and retry policies designed to avoid dropped security alerts.
✨ Audit-centric design (detailed execution logs and edit history) tailored for SOC compliance.

Is Tines right for you?

✅ Best for

SOC analysts who need to reduce alert triage time
Security engineers who need automated containment and ticketing
Incident responders who require reproducible, audited playbooks
Automation teams who need API-first security workflows

❌ Skip it if

Skip if you need extensive low-cost end-user business automation like Zapier.
Skip if you require fixed per-seat SaaS pricing publicly available.

✅ Pros

Per-action credential vaulting increases security for stored API keys
Guaranteed delivery features (retry and queueing) reduce missed alerts
Detailed audit logs and edit history support compliance reviews

❌ Cons

Pricing for Pro/Enterprise is quote-based; no transparent per-seat public pricing
Steeper learning curve for complex JSON templating and conditional logic

Tines Pricing Plans

Current tiers and what you get at each price point. Verified against the vendor's pricing page.

Plan	Price	What you get	Best for
Community	Free	Limited stories, limited connectors, single-team evaluation use	Small teams proving automation concepts
Pro / Team	Custom / quote	Higher story/connectors limits, team seats, faster support	Growing security teams needing collaboration and SLAs
Enterprise	Custom / quote	Unlimited stories, SSO, audit logging, dedicated support	Large orgs requiring compliance and uptime guarantees

Best Use Cases

SOC Analyst using it to reduce phishing triage time by extracting IOCs and enriching alerts
Security Engineer using it to automate account containment and create ServiceNow tickets
Incident Responder using it to standardize playbooks and ensure audit trails for incidents

Integrations

ServiceNow Slack CrowdStrike

How to Use Tines

1
Create a Community account

Sign up at the Tines website and choose the Community plan. Verify your email, log in, and land on the Dashboard; success looks like access to the story canvas and a starter template.
2
Start a new story canvas

Click New Story → Blank Story from the Dashboard, then name it. Add a Trigger action to ingest an alert (HTTP webhook or scheduler) so your story starts when an event arrives.
3
Add actions and transformers

Drag HTTP actions and Transformer actions onto the canvas. Configure an HTTP action with endpoint, headers, and body template; use Transformer to extract fields. Run the test event to see parsed JSON output.
4
Connect and deploy

Bind credentials via the Credentials vault, attach a ServiceNow or Slack Connector, then enable the story. A successful run will show execution logs, output payloads, and created tickets or messages.

Tines vs Alternatives

Bottom line

Choose Tines over Cortex XSOAR if you prioritize a no-code visual story canvas and per-story credential isolation for small-to-mid security teams.

Head-to-head comparisons between Tines and top alternatives:

Frequently Asked Questions

How much does Tines cost?+

Cost is quote-based for Pro and Enterprise plans. The Community tier is free for evaluation with limited stories and connectors; Pro/Enterprise pricing is provided through sales, typically reflecting team seat counts, event throughput, and SLAs. Contact Tines sales for an exact monthly or annual quote tailored to required connectors, SSO, and support levels.

Is there a free version of Tines?+

Yes — a Community tier exists for free evaluation. It includes limited stories, connectors, and team seats suitable for proofs-of-concept. The free tier is intended for small teams to prototype workflows; production usage, SSO, higher throughput, and enterprise audit features require paid Pro or Enterprise plans.

How does Tines compare to Cortex XSOAR?+

Tines emphasizes no-code story canvas and per-story credential isolation versus XSOAR’s playbook ecosystem. Tines is often chosen by teams seeking simpler visual automation and credential vaulting, while Cortex XSOAR is selected for deeply integrated SOAR with playbook libraries and tighter vendor integrations at enterprise scale.

What is Tines best used for?+

Tines is best used for automating SOC workflows like phishing triage, alert enrichment, and incident remediation. Its strengths are orchestrating API calls, parsing JSON payloads, and ensuring auditability of automated actions—reducing manual analyst steps and standardizing response playbooks.

How do I get started with Tines?+

Start with the Community plan and create a new story from the Dashboard. Add a Trigger (HTTP webhook or scheduler), then chain Transformer and HTTP actions. Test with a sample alert and enable the story; successful runs show logs and generated outputs for verification.