Hermes + Paperclip Just Changed AI Agents Forever

[0:00]Hello, my name is Ian, and I'm a solutions engineer here at Tines. Today, I'm going to take you through how you can automate your vulnerability management program using Tines. Vulnerability management programs are critical for helping organizations identify and remediate security weaknesses before they can be exploited. However, they can often be complex and time-consuming to manage with many manual tasks involved in the process, such as data collection, analysis, and communication. This is where Tines comes in. We can help security teams automate their vulnerability management program, reduce manual effort, and improve the overall efficiency and effectiveness of their security operations. For today's demonstration, we'll focus on a common use case, automating the ingestion and enrichment of new vulnerabilities that are identified by your vulnerability scanner. Our story begins with a vulnerability scanner that runs daily and produces a new CSV file containing all the vulnerabilities that it's found. To begin our automation, we're going to create a new story in Tines. Our story is going to begin with an event. This event is going to be an incoming webhook that simulates our vulnerability scanner having finished its daily scan and uploaded the report to an S3 bucket. The incoming webhook is going to contain the file name of the report, as well as the S3 bucket that it's located in. The first thing we need to do is download the file from S3, so we're going to use an HTTP request action to download the file. We'll specify the bucket name and the file name from our incoming webhook to download the file. Now that we've downloaded the file, we need to extract the information from the CSV. So we're going to use a CSV to JSON action to parse the CSV file. We're going to specify that we're using the content of the file that we downloaded in the previous step, and we're going to use the ignore blank cells option to make sure that we don't include any blank cells in our JSON. Now that we have the information from our CSV file, we're going to want to take each one of those vulnerabilities and create a new incident in something like service now. So we're going to use a new action type called a send to story action. The send to story action will take each one of the rows from our CSV to JSON action and send it as a new event to a new story. This allows us to create reusable sub stories that can handle the creation of the vulnerability, the enrichment of the vulnerability, and communication around the vulnerability to other systems in a standardized way. So we're going to point to our create vulnerability incident sub story. Now, let's take a look at our sub story. Our sub story begins with an event action. This is going to receive the information from our vulnerability scanner for a single vulnerability. The first thing we're going to want to do is determine if we've seen this vulnerability before. So we're going to use a service now action to query service now to see if an incident already exists for this vulnerability. We're going to use a condition to check if a result was found from our service now query. If a result was found, it means that an incident already exists for this vulnerability, and we can then take action on it, perhaps by updating the incident or closing it out. If no result was found, it means this is a new vulnerability and we're going to need to enrich it before we create a new incident. So we're going to use a mis action to query miss and see if there's any threat intelligence information related to this vulnerability. Next, we're going to use a CV action to query for additional information regarding the CV for this vulnerability. Finally, we're going to use a service now action to create a new incident in service now. We'll pre-populate the incident with information from our vulnerability scanner, as well as the enrichment data we gathered from Miss and CV. We'll also add a tag for vulnerability management to allow us to easily identify these incidents in service now. And that's it. We've automated the ingestion and enrichment of vulnerabilities that are identified by our vulnerability scanner. If you'd like to learn more about how Tines can help you automate your vulnerability management program, please don't hesitate to reach out to us.