Tines
by Tines
No-code security automation and SOAR platform Tines is a no-code automation platform built specifically for security operations and IT teams. Founded in 2018 in Dublin by Eoin Hinchy and Thomas Kinsella, both former DocuSign security engineers, Tines treats incident response, phishing triage, vulnerability management, and SOC2 evidence collection as composable workflows ("stories") rather than scripts.
Performance Scores
1 ranking evaluated
Score range: 7.6 – 7.6
-
#7Best AI Agent Platforms in 2026
Score: 7.6 · Best for: Security operations AI automation and SOAR
Key Facts
General
| Attribute | Value | As of | Source |
|---|---|---|---|
| Security Tool Integrations | 30+ | Apr 2026 | Tines |
| Compliance | SOC 2 Type II certified | Apr 2026 | Tines |
| Funding | Raised over $119 million in total funding, including an $83 million Series B in 2022, achieving a $900 million valuation | Mar 2026 | Tines |
| Founded | 2018 | Apr 2026 | Tines |
| Headquarters | Dublin, Ireland | Apr 2026 | Tines |
| Security-First Origin | Originally built for security orchestration, automation, and response (SOAR); expanded to general-purpose workflow automation while retaining dominance in security operations teams | Mar 2026 | Tines |
| Customer Base | Adopted by security teams at Box, Databricks, GitLab, Elastic, and Mars; over 500 security and IT operations teams as customers as of 2025 | Mar 2026 | Tines |
pricing
| Attribute | Value | As of | Source |
|---|---|---|---|
| Community Edition | Community edition free for individual use (single-user, limited stories) | Apr 2026 | Tines Pricing |
| Enterprise Pricing | Enterprise pricing is quote-based as of 2026; published list pricing is not available | Apr 2026 | Tines Pricing |
company
| Attribute | Value | As of | Source |
|---|---|---|---|
| Customer Count | Used by 500+ security and operations teams as of 2026 according to public marketing | Apr 2026 | Tines Customers |
| Funding history | $50M Series B in 2022 led by Felicis Ventures, ~$300M valuation | May 2026 | Tines press release |
capability
| Attribute | Value | As of | Source |
|---|---|---|---|
| Platform Type | No-code SOAR (Security Orchestration, Automation, and Response) platform with story-based workflows | Apr 2026 | Tines Website |
technical
| Attribute | Value | As of | Source |
|---|---|---|---|
| Integration library (May 2026) | 200+ named integrations plus arbitrary REST/GraphQL via HTTP Request action | May 2026 | Tines public story library |
features
| Attribute | Value | As of | Source |
|---|---|---|---|
| AI feature | Workbench AI front-end launched in 2024, scoped to customer tenant | May 2026 | Tines blog (Workbench announcement) |
Strengths
- ●Purpose-built security automation
- ●Free community edition
- ●SOC 2 Type II certified
- ●30+ security tool integrations
Limitations
- ●Narrowly scoped to security operations
- ●Opaque enterprise pricing ($50K+/year)
- ●Learning curve assumes security expertise
Based on evaluations in 1 ranking: Best AI Agent Platforms in 2026
About Tines
Tines is a no-code automation platform built specifically for security operations and IT teams. Founded in 2018 in Dublin by Eoin Hinchy and Thomas Kinsella, both former DocuSign security engineers, Tines treats incident response, phishing triage, vulnerability management, and SOC2 evidence collection as composable workflows ("stories") rather than scripts. The company raised a $50M Series B in 2022 led by Felicis Ventures, reaching a reported $300M valuation, and has continued to ship enterprise features without re-priced funding rounds disclosed publicly through May 2026.
A Tines story is a directed graph of seven action types: Webhook, HTTP Request, Event Transform, Trigger, Send to Story, IMAP, and Email. Stories are versioned, can be exported as JSON, and can call any REST or GraphQL endpoint, which means the integration surface is effectively unbounded; the published library covers 200+ named tools (CrowdStrike, SentinelOne, Splunk, PagerDuty, Okta, Microsoft Graph) but custom HTTP actions cover the rest. Each action runs in an isolated container, and the platform records full event history for audit and replay.
Pricing has two anchors. The Community Edition is free for individuals and small teams, with limits on story complexity and concurrent runs but no time limit. Enterprise plans are quote-based; ShadowGen's view across multiple procurement cycles is that annual contracts typically land between $50,000 and $180,000 depending on seats, story volume, and SSO/SAML requirements. Tines does not bill per action, which is the main pricing differentiator from incumbent SOAR vendors (Splunk SOAR, Palo Alto XSOAR) where per-event consumption can dominate the bill.
In 2024 Tines added an AI workbench (Workbench), which lets analysts query stories and run common SOC tasks through an LLM front-end constrained to the customer's Tines tenant. The platform is SOC 2 Type II certified and is used in production by Box, Canva, Databricks, Mars, Reddit, and McKesson among others; the company website lists 500+ security teams as customers as of Q2 2026.
flowchart LR
A[SIEM alert] -->|Webhook| B[Tines Story]
B --> C{Severity?}
C -- High --> D[Page on-call via PagerDuty]
C -- Medium --> E[Open Jira ticket]
C -- Low --> F[Auto-close, log to S3]
D --> G[Enrich via VirusTotal]
E --> G
G --> H[Post summary to Slack]
Editor's Note: A 110-person fintech client moved phishing triage from a 9-step Splunk Phantom playbook to a 6-action Tines story in 2025; mean-time-to-disposition fell from 14 minutes to 2 minutes 40 seconds across 3,200 sampled emails, and false-positive auto-closures stayed below 0.4%. Where it bites: the no-code abstraction tempts non-engineers to build stories without a second-pair review, and one client shipped a story that auto-acknowledged any alert containing the word "test", which an attacker can trivially set. Treat Tines stories as production code: peer review, staging tenant, signed exports. — Rafal Fila, ShadowGen
Integrations (6)
Other Workflow Automation Tools
Activepieces
No-code workflow automation with self-hosting and AI-powered features
Workflow AutomationAutomatisch
Open-source Zapier alternative
Workflow AutomationBardeen
AI-powered browser automation via Chrome extension
Workflow AutomationCalendly
Scheduling automation platform for booking meetings without email back-and-forth, with CRM integrations and routing forms for lead qualification.
Workflow AutomationSee How It Ranks
Best Durable Workflow Engines for Production in 2026
A ranked list of the best durable workflow engines for production deployments in 2026. Durable workflow engines persist execution state to a database so that long-running workflows survive process restarts, deployments, and infrastructure failures. The ranking covers Temporal, Prefect, Apache Airflow, Camunda, Windmill, and n8n. Tools were evaluated on production reliability, developer experience, scalability, open-source health, and documentation quality. The shortlist intentionally mixes code-first engines (Temporal, Prefect, Airflow) with hybrid visual platforms (Camunda, Windmill, n8n) to reflect how production teams actually choose workflow engines in 2026.
Best No-Code Automation Platforms in 2026
A ranked list of no-code automation platforms in 2026. The ranking covers visual workflow builders that allow non-engineering teams to connect SaaS apps, route data, and add conditional logic without writing code. Entries cover proprietary cloud platforms (Zapier, Make, Pipedream, IFTTT) and open-source visual builders (n8n, Activepieces). Scoring reflects integration breadth, pricing accessibility, visual editor ease, reliability and error handling, and self-hosting availability.
Questions About Tines
What are the best automation tools for support engineers in 2026?
Support engineers in 2026 typically combine Zendesk or Intercom (ticketing automation and macros), Tines or n8n (incident and runbook automation), and PagerDuty plus Jira (escalation and engineering handoff). The split between customer-facing automation and internal incident automation matters more than picking a single tool.
What is SOAR and which platforms lead in 2026?
SOAR (Security Orchestration, Automation and Response) is a category of platforms that connect security tools and automate analyst workflows like triage, enrichment, and containment. As of May 2026, market leaders include Tines, Torq, Swimlane, Splunk SOAR (formerly Phantom), and Palo Alto Cortex XSOAR (formerly Demisto), with vendor-bundled options inside Microsoft Sentinel and Google Chronicle filling the SIEM-attached segment.
Tines vs Torq vs Swimlane: which SOAR fits in 2026?
Tines is the strongest pick for mid-market SOCs that want low-code playbooks and lightweight case management. Torq fits cloud-native SecOps teams that need deep integration breadth and per-execution pricing. Swimlane suits regulated enterprises that need built-in case management, FedRAMP-authorised hosting, and code-level extensibility, as of May 2026.
Torq vs Tines: which SOAR platform is better in 2026?
Torq (founded 2020, NYC/Tel Aviv) is a hyper-automation SOAR with 350+ integrations and quote-based enterprise pricing, suited to cloud-native security operations. Tines (founded 2018, Dublin/Boston) is a no-code workflow platform with 500+ integrations, a free Community Edition, and self-host options, suited to teams that prefer HTTP-first integration and gradual ramp-up.
Learn More
How to Choose an SOAR Platform in 2026: Decision Framework
A six-step decision framework for selecting an SOAR (Security Orchestration, Automation and Response) platform in 2026. Covers SecOps maturity, integration inventory, case management style, pricing models, deployment options, and low-code vs code build preferences, with shortlist guidance for both mid-market and enterprise SOCs.
Torq vs Tines 2026: SOAR Platforms Compared
Torq (2020, NYC/Tel Aviv) is a hyper-automation SOAR with 350+ integrations and quote-based enterprise pricing. Tines (2018, Dublin/Boston) is a no-code workflow platform with 500+ integrations, a free Community Edition, and self-host options. This 2026 comparison covers founders, pricing, integrations, deployment, and target verticals.