\n<\/p>\n
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community – all free to import and deploy through the platform’s Community Edition.<\/p>\n
A recent standout is a workflow that automates monitoring for security advisories from CISA and other vendors, enriches advisories with CrowdStrike threat intelligence, and streamlines ticket creation and notification. Developed by Josh McLaughlin, a security engineer at LivePerson, the workflow drastically reduces manual work while keeping analysts in control of final decisions, helping teams stay on top of new vulnerabilities.<\/p>\n
“Before automation, creating tickets for 45 vulnerabilities took about 150 minutes of work,” Josh explains. “After automation, the time needed for the same number of tickets dropped to around 60 minutes, saving significant time and freeing analysts from manual tasks like copy-pasting and web browsing.” LivePerson’s security team reduced the time this process takes by 60% through automation and orchestration, creating a major boost to both efficiency and analyst morale.<\/p>\n
In this guide, we’ll share an overview of the workflow, plus step-by-step instructions for getting it up and running.<\/p>\n
## The problem – manual tracking of critical advisories<\/p>\n
For security teams, timely awareness of newly disclosed vulnerabilities is essential – but monitoring multiple sources, enriching advisories with threat intelligence, and creating tickets for remediation are time-consuming and error-prone tasks.<\/p>\n
Teams often have to:<\/p>\n
* Manually check CISA and other sources for advisories
* Research related CVEs
* Decide whether action is needed
* Manually create tickets and notify stakeholders<\/p>\n
These repetitive steps not only consume valuable analyst time but also risk inconsistent responses if an important vulnerability is missed or delayed.<\/p>\n
## The solution \u2013 automated monitoring, enrichment, and ticketing<\/p>\n
Josh’s pre-built workflow automates the process end-to-end – but crucially, it keeps analysts in control at key decision points:<\/p>\n
* It pulls new advisories from CISA (or a chosen open-source feed)
* It enriches findings using CrowdStrike’s threat intelligence
* It notifies the security team in Slack, and prompts them to provide input quickly via approve and deny buttons
* Upon approval, it automatically creates a ServiceNow ticket with the vulnerability’s details<\/p>\n
The result is a streamlined, efficient process that ensures vulnerabilities are tracked and actioned quickly, without sacrificing the critical thinking and prioritization that only analysts can provide.<\/p>\n
Key benefits of this workflow:<\/p>\n
* Reduces manual effort and speeds up response time
* Leverages threat intelligence for smarter prioritization
* Ensures consistent handling of new vulnerabilities
* Strengthens collaboration across security and IT teams
* Boosts morale by eliminating tedious tasks
* Keeps analysts in control with easy, fast approvals<\/p>\n
## Workflow overview<\/p>\n
Tools used:<\/p>\n
* Tines \u2013 workflow orchestration and AI platform (Community Edition available)
* CrowdStrike \u2013 threat intelligence and EDR platform
* ServiceNow \u2013 ticketing and ITSM platform
* Slack \u2013 team collaboration platform<\/p>\n
How it works:<\/p>\n
* RSS feed collection: fetches the latest advisories from CISA’s RSS feed
* Deduplication: filters out duplicate advisories
* Vendor filtering: focuses on advisories from key vendors and services (e.g., Microsoft, Citrix, Google, Atlassian).
* CVE extraction: identifies CVEs from advisory descriptions
* Enrichment: cross-references CVEs with CrowdStrike threat intelligence for added context
* Slack notification: sends an enriched vulnerability with action buttons to a dedicated Slack channel
* Approval flow:
* If approved, the workflow creates a ServiceNow ticket
* If denied, the workflow logs the decision without creating a ticket<\/p>\n
## Configuring the workflow – step-by-step guide <\/p>\n
—
The Tines Community Edition sign-up form <\/p>\n
**1\\. Log into Tines** or create a new account.<\/p>\n
**2\\. Navigate to** the pre-built workflow in the library. Select import. This should take you straight to your new pre-built workflow.<\/p>\n
—
The workflow on Tines’ drag-and-drop canvas
—
Adding a new credential in Tines <\/p>\n
#### 3\\. Set up your credentials<\/p>\n
You’ll need three credentials added to your Tines tenant:<\/p>\n
* CrowdStrike
* ServiceNow
* Slack<\/p>\n
Note that similar services to the ones listed above can also be used, with some adjustments to the workflow. <\/p>\n
From the credentials page, select New credential, scroll down to the relevant credential and complete the required fields. Follow the CrowdStrike, ServiceNow, and Slack credential guides at explained.tines.com if you need help.<\/p>\n
#### 4\\. Configure your actions. <\/p>\n
* Set the Slack channel for advisory notifications (slack_channel_vuln_advisory resource).
* Set your ServiceNow ticket details in the Create ticket in ServiceNow action (e.g., priority, assignment group).
* Adjust vendor filtering rules if needed to match your organization’s priorities.<\/p>\n
#### 5\\. Test the workflow. <\/p>\n
Trigger a test by pulling recent advisories from CISA, and verify that:<\/p>\n
* Slack notifications are sent with correct formatting
* Approval buttons function as expected
* ServiceNow tickets are created correctly upon approval<\/p>\n
#### 6\\. Publish and operationalize<\/p>\n
Once tested, publish the workflow. Share the Slack channel with your team to start reviewing and approving advisories efficiently.<\/p>\n
If you’d like to test this workflow, you can sign up for a free Tines account.<\/p>\n
Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Twitter _\uf099_ and LinkedIn to read more exclusive content we post.\n<\/div>\n
View Advisory Details<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"Security Update News Update Information Title How to Automate CVE and Vulnerability Advisory Response with Tines Update ID THN:1545C03D676DB42FAAE146F9387D3556 Type thn Published 2025-05-02T10:30:00 Last Updated…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,34,12,13,33,7,11,43,5],"class_list":["post-2335","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-00","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n
How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=2335\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem\" \/>\n<meta property=\"og:description\" content=\"Security Update News Update Information Title How to Automate CVE and Vulnerability Advisory Response with Tines Update ID THN:1545C03D676DB42FAAE146F9387D3556 Type thn Published 2025-05-02T10:30:00 Last Updated...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=2335\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-02T07:01:41+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"How to Automate CVE and Vulnerability Advisory Response with Tines\",\"datePublished\":\"2025-05-02T07:01:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335\"},\"wordCount\":923,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-0.0\",\"exploit\",\"news\",\"NONE\",\"Security\",\"tapic\",\"thn\",\"Vulnerability\"],\"articleSection\":[\"category_news\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=2335#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335\",\"name\":\"How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-05-02T07:01:41+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=2335\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=2335#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Automate CVE and Vulnerability Advisory Response with Tines\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=2335","og_locale":"en_US","og_type":"article","og_title":"How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem","og_description":"Security Update News Update Information Title How to Automate CVE and Vulnerability Advisory Response with Tines Update ID THN:1545C03D676DB42FAAE146F9387D3556 Type thn Published 2025-05-02T10:30:00 Last Updated...","og_url":"https:\/\/zero.redgem.net\/?p=2335","og_site_name":"zero redgem","article_published_time":"2025-05-02T07:01:41+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=2335#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=2335"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"How to Automate CVE and Vulnerability Advisory Response with Tines","datePublished":"2025-05-02T07:01:41+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=2335"},"wordCount":923,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-0.0","exploit","news","NONE","Security","tapic","thn","Vulnerability"],"articleSection":["category_news"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=2335#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=2335","url":"https:\/\/zero.redgem.net\/?p=2335","name":"How to Automate CVE and Vulnerability Advisory Response with Tines - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-05-02T07:01:41+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=2335#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=2335"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=2335#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"How to Automate CVE and Vulnerability Advisory Response with Tines"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/2335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2335"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/2335\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}