I want to skip a schedule that runs every day under certain conditions. How can I implement this? 🤔 • There is a scheduled HTTP request that will be executed at 9:30AM every day. A) Executed a little earlier at 9:10 am from a Slack slash command → Skip the HTTP request that will be executed at 9:30 am that day B) As usual → automatically executed at 9:30 am

Hey @rough-artist-60672 Sorry, I forgot to add earlier - Dry run is great as you can see the response, but I am getting a 404 and trying to work out why.. is there anyway for me to see my formulated executed payload?

Quick question. I have an action that returns a list of tags, and then a second action that pulls in all of the details for the tags. Is there a way that I can iterate through either one to combine them to show the detailed information for the tags returned for a given IP?

Getting back into Tines after about 8 months away - is there a point where a community tenant gets blown away? Trying to log in and I'm not seeing any tenants. Tried to create a new one and they don't exist. Not sure if I'm stuck in some sort of inactivity limbo?

Having trouble with the creation of a jira ticket. I am attempting have it check if I have configured a user for an assignee, if so add user as assignee. If no user is configured I would like it to go unassigned. • After some research I was able to determine that if the assignee is null then it will leave the ticket unassigned • Issue, if you have the action configured to accept an assignee, the actual structure of needs to be altered for it to be considered "null". For example: This will return a 400 "Specify a valid value for assignee":

"assignee": {
    "id": ""
}

But this will return a 200 and create the ticket with a user unassigned:

"assignee": {}

I know I can easily get around this by creating two different HTTP Actions and a Trigger, but was wondering if there may be a better way to do this.? This is what I was working with so you get an idea of what I was going for:

"assignee": {
        "id": "{% assign accountEmail = .list_users_in_jira.body.first.emailAddress %}{% if .extract_configuration.config_object.jira_rcpt == accountEmail %}{{ .list_users_in_jira.body.first.accountId}}{% else %}{% endif %}"
      }

Has anyone enhanced the fantastic story “Crowdstrike Response Blog” with a filter of detections by severity at all? Including “`{`

"limit": "10",

"sort": "first_behavior|desc",

"filter": "severity:'High'"

`}`” within the payload yields blank results (also tried case-sensitive) Amending the called URL directly via “`/detections?filter=severity%3A%27High%27%2Bseverity%3A%27Critical%27%2Bseverity%3A%27Medium%27&groupBy=none&sortBy=date%3Adesc`” gives a “Validation Error” If possible, I’d prefer to do this in the payload so I can take this example and learn for next time

Hello, Has anyone used the List IAM Users request in AWS? I am curious if you are able to apply parameters to the request so it only lists users form certain groups, and also if there is a way to list policies for users.

Hi! Has anyone tried automatically exporting Stories to an S3 bucket? I just wanna know what data to pass on with the request. Thanks@

Hello world! Has anyone got any examples or luck using Triggers that are looking for

within X number of days from now

or

within the past X number of days until now

I know this example (

"now" | date: "%Y-%m-%d"

) is equal to today Hope this makes sense. TY!

Has anybody had success using the Airtable public templates? I've given it a try but keep getting a 404 error. This even happens when using the basic "List Bases in Airtable" which has a pre-defined URL (https://api.airtable.com/v0/meta/bases). Any thoughts on how I can best troubleshoot this? TIA

Looking for an assist on Crowdstrike, reference the Tine Blog

Need another assist - again referencing the Crowdstrike Blog, attempting to build the resource

crowdstrike_api

- the error is invalid URL

Hi, I am trying to work with the GitHub API. Proper throttling aside, I am having issues paginating the api. An example url I need to call would be https://api.github.com/orgs/myorg/repos?per_page=100&page=0. I need a way to increment the page counter. I can check the output of the request to see if it still has data, I just can't find a way to actually increase the page number.

Asking for a friend, is there a way to get all message for all users via the Gmail API? The

users.messages.list

route requires a UserId. Maybe creating a company wide group that receives a copy of every email?

Hello - a quick question. Is there a way to get a server session in Tines and reuse this for later HTTP requests? So basically what I'd be doing like this in python:

login_url = self.base_url.format(server=server, port=port) + "/login.html"
        session = requests.session()
        login_response = <http://session.post|session.post>(login_url, data=data, verify=True, headers=headers)

Thank you 🙂

Let’s say I want to include a trigger for a JSON value that should never be there, but want to trigger something if it does appear, how do I set that up? Because including a trigger for that particular variable doesn’t work, since the trigger rules don’t match and thus it won’t emit anything.

Any tips on using

jsonparse

with spaces? From the VirusTotal API I want to enumerate the Alexa and Umbrella ranks. Using

search_for_domain_address_in_virustotal.body.data.attributes.popularity_ranks | jsonpath: "Alexa.rank"

works fine and returns

1

, but

search_for_domain_address_in_virustotal.body.data.attributes.popularity_ranks | jsonpath: "Cisco Umbrella.rank"

returns the whole JSON dict. Only difference is the space? Testing with https://jsonpath.com/ it also works so I can't understand why.

This is more of a Slack question than a Tines one, I think, but maybe someone else has run in to the same problem. I'm using

chat.postMessage

to post a message to an IM session between a chatbot and a user. That works fine, and I get back a channel ID and a timestamp on the message sent. I then try

chat.update

with that channel ID and timestamp, trying to update the message, and it invariably returns a

message_not_found

. Has anyone successfully done a

postMessage

followed by an

update

within a Tines story?

Noob here - I’m trying to get the unique values for the strings inside the red box

I'm trying to assemble a send-to-story around prompting a user to respond to something via Slack, and then catching their response. The whole process works except for returning the results to the original Send To Story action. This may be because there's two web hooks involved - one to receive the StS event, and another to get the response from Slack. They aren't connected, so I'm assuming there's some metadata that needs to propagate between them to associate the events with the StS action. Is this documented anywhere?

Is there a tutorial for connecting Tines to Jamf?

Has anyone set up/hosted EDLs on Tines for proactive blocking to firewalls? e.g. Palo Alto

Hello, I am trying to see if I can be assisted with clearing all logs that have been stored in any tines systems in reference to two stories created in our accounts, along with any information about potential access to these logs from outside of our org

Hey Team! Anyone else having issues importing story (specifically) Get more context via GuardDuty to remediate AWS alerts? Shows as blank.. TYIA!

Hey everyone, could use some points on transforming an API response into a subset of data I want to use for a next step. I basically have a large JSON response, and I want to pull out objects from that response where one of the values matches. Here is an example: I want to pull any object where the created_at date is today. Any gudiance?

{
  "metadata": [
    {
      "id": "0fcdd87b-258d-44dd-8d34-47818732e8e4",
      "label": "MAILBOX_BRUTEFORCER",
      "slug": "mailbox-bruteforcer",
      "name": "Mailbox Bruteforcer",
      "category": "activity",
      "intention": "malicious",
      "description": "This IP address has been observed attempting to bruteforce POP3 and IMAP usernames and passwords.",
      "references": [],
      "recommend_block": true,
      "cves": [],
      "created_at": "2020-04-07",
      "related_tags": null
    },
    {
      "id": "98f9ab2d-3eb1-4292-8232-2eb164b58aa9",
      "label": "NETGAIN_EM_CMD_INJECTION",
      "slug": "netgain-em-cmd-injection",
      "name": "NetGain EM Command Injection",
      "category": "activity",
      "intention": "malicious",
      "description": "This IP address has been seen attempting to use a command injection vulnerability in some versions of NetGain Enterprise Manager.",
      "references": [
        "<https://www.exploit-db.com/exploits/41499>"
      ],
      "recommend_block": true,
      "cves": [],
      "created_at": "2020-04-07",
      "related_tags": null
    },

When scheduling a step to run at a specific time each day, is the selected time in UTC?

Does Tines treat emitted events from HTTP requests differently than webhooks? I’m using the same approach to parse the JSON fields/data from a webhook emitted event and it’s not reading the fields.

Hi all, really new at this, I’m finding this is an incredible tool! I see that there’s a Google delete user template. I’m looking to trigger a Google suspend user action. Can anyone 👀 at this json code and point me in the right direction? 🙏

{
  "url": "<https://www.googleapis.com/admin/directory/v1/users/{{userkey}}>",
  "content_type": "json",
  "method": "post",
  "payload": {
    "primaryEmail": "{{user@yourcompany.com}}",
    },
  "suspended": true,
  "headers": {
    "Authorization": "Bearer {{.CREDENTIAL.google_oauth}}"
  }
}

I’m trying to match an event to a regex, and I’m not sure why it isn’t matching. For example here’s this event with

rec_id

“LW_S3_1”, which I think should match. Do you see what I mean? What could be missing here? Thx!

First, hold down

Cmd/Ctrl

and drag to multi-select all actions. Then if you click on the little keyboard icon in the bottom-right hand corner of the storyboard there's an option to auto-layout which will handle this for you