Getting Started
Trust CenterTourStatusPageSupport
Start typing to search…

Tines Templates

Automate your security workflows with prebuilt Tines templates that integrate directly with the Stairwell API.


Overview

Stairwell provides a collection of Tines templates to help security teams automate common investigation and enrichment tasks. These templates leverage the Stairwell API, allowing you to seamlessly trigger file uploads, run dynamic analysis, retrieve threat intelligence, and tag files — all from within Tines.

Each template can be added to your Tines stories with minimal setup, accelerating your incident response and threat hunting workflows.


Available Templates

Run to Ground (RTG) in Stairwell

Automate Stairwell’s Run to Ground process to enrich indicators or files.

Flow Overview

  1. HTTP Request: Trigger RTG in Stairwell
  2. Event Transform: Normalize the response
  3. Event Transform: Iterate over RTG results
  4. Output: Send enriched data to other tools (e.g., Slack, CrowdStrike, or a webhook)
💡

Example Use Case: Automatically enrich suspicious hashes detected in your SIEM using Stairwell intelligence.

Get File Hash Reputation

Retrieve Stairwell’s reputation data for a file hash.

Action: Get File Hash Reputation in Stairwell
Input: SHA256 hash
Output: Reputation score, threat confidence, and correlated detections

⚙️

Use this to enrich detection workflows with contextual threat data from Stairwell.

Get Dynamic Analysis Report

Fetch dynamic analysis results for a previously uploaded file.

Action: Get Dynamic Analysis Report in Stairwell
Output: Behavioral analysis details including file activity, indicators, and detections.

🧩

Add behavioral insights directly to your incident investigation pipelines.

Upload a File

Submit files to Stairwell automatically for analysis.

Action: Upload a File in Stairwell
Use Case: Automate file submission from EDR, email security, or sandbox tools.

Create a Tag for a File

Apply metadata tags to files in Stairwell.

Action: Create a Tag for a File in Stairwell
Use Case: Track investigation states such as Under Review, Malicious, or Closed.

Create Job for Dynamic Analysis

Launch a dynamic analysis job on an uploaded file.

Action: Create Job for Dynamic Analysis of File in Stairwell
Use Case: Automate detonation of suspicious binaries as part of your triage process.


Updated about 10 hours ago