Seamless Security Automation: Integrating Amazon Quick Suite and Tines for Enhanced User Account Protection

Unlocking Fast and Effective Security Insights through Automation

Use Case: Orchestrated Security Investigation and Remediation

Solution Overview

Prerequisites

Creating an MCP Server in Tines

Connecting Quick Suite to Tines MCP Server

Querying and Visualizing Data in Quick Suite

Clean Up

Conclusion

About the Authors

Automate Security Investigations and Remediation with Quick Suite and Tines

In today’s digital landscape, organizations face an increasing number of challenges when it comes to swiftly detecting and responding to user account security events. Repeated login attempts from unusual locations are just one example that illustrates the need for effective and automated security measures. While valuable security data exists across various applications, manually correlating information often delays prompt corrective actions. Fortunately, Amazon Quick Suite and Tines provide a powerful solution for automating the investigation and remediation processes.

Introduction to Quick Suite and Tines

What is Quick Suite?

Quick Suite is a digital workspace equipped with agentic AI capabilities designed to empower business users to answer questions quickly and transform insights into actions. By integrating AI-powered research, business intelligence (BI), and automation, it allows users to build automated workflows where multiple AI assistants collaborate using company data and the internet, resulting in faster, more accurate answers.

The Role of Tines

Tines is an intelligent workflow platform featuring a built-in Model Context Protocol (MCP) Server Builder. This server exposes the capabilities of applications via a standardized protocol, allowing AI assistants to interact seamlessly with various tools. With Tines, users can define MCP tools to retrieve or write data to internal or third-party applications, while maintaining a full audit trail for visibility and governance.

Automating Security Investigations

In this blog, we’ll explore how to connect Quick Suite with Tines to securely retrieve, analyze, and visualize enterprise data from any IT or security system. We will walk through the example of using an MCP server in Tines to pull data from various tools, such as AWS CloudTrail, Okta, and VirusTotal, to remediate security events through Quick Suite.

Use Case: Orchestrated Security Investigation and Remediation

As a member of a security team, regular reviews of account security data are essential for staying ahead of potential security threats. Traditionally, this involves manually collecting and triaging information from multiple sources, which can be time-consuming and error-prone. However, with Quick Suite and Tines, you can streamline this process using natural language and automated workflows, enabling faster decision-making without the need for custom scripts.

After establishing a connection to Quick Suite and various security tools, Tines can effectively:

• Analyze IP addresses in VirusTotal to assess the risk of an event.
• Retrieve account details from Okta and BambooHR.
• Review authentication logs and user activity in CloudTrail.
• Flag suspicious IP addresses and, upon analyst approval, block them in CrowdStrike.

With Quick Suite, you can visualize the data to derive immediate insights, such as:

• Geographic mapping of login attempts with risk scoring.
• Timeline of user activity before and after suspicious logins.
• Correlation between accounts and affected systems.
• Status tracking of remediation actions for security events.

This integrated approach empowers users to pose natural language queries like:

• "Show all login attempts from high-risk countries in the last 24 hours."
• "Display user activity timeline."
• "List all systems accessed by the user."
• "Generate a report of remediation actions taken."

Feel free to explore additional use cases in the Tines story library!

Solution Overview

Tines enables integration with services that expose an API, automating the retrieval and transformation of that data and presenting the workflow as an MCP server. Quick Suite can seamlessly connect to the Tines MCP server to access defined tools.

Key Benefits of This Integration:

• Simplified Integration: A governed layer between Quick Suite and internal/external tools.
• API Connectivity: Connects systems that lack an existing MCP server.
• Custom Tool Creation: Easily create new MCP tools for custom data sources without complex coding.
• Consistent Connectivity: Secure and reliable integration without cumbersome scripts.

The workflow consists of four core components:

1. Quick Suite connects to the Tines MCP server, retrieves data, and facilitates analysis.
2. Tines MCP Server exposes workflows as MCP tools.
3. Security or IT API—any REST API returning data on network, endpoints, assets, or configurations.
4. Tines Workflow—a series of actions to retrieve, normalize, or enhance the data.

Getting Started

Prerequisites

To deploy this solution, ensure you have:

1. A Quick Suite account within your AWS account, equipped with a Professional subscription and an Author or higher user role.
2. A Tines tenant (all plans, including the free Community Edition, support MCP server creation).
3. API credentials for your chosen security or IT system.

Creating an MCP Server in Tines

1. Create a new Story in Tines.
2. Open the Templates browser and search for MCP.
3. Drag the MCP action to the storyboard and choose "MCP Server" in the right pane.
4. Add the necessary tools for your workflow and connect them using standard authentication methods.

Connecting Quick Suite to Tines

Follow the steps below to connect Quick Suite to the Tines MCP server:

1. Navigate to Integrations under Connections in the Quick Suite console.
2. Select the Actions tab under Existing integrations.
3. Click the plus sign next to Model Context Protocol.
4. Fill in the details for your Tines integration and configure the authentication settings.

Querying and Visualizing Data in Quick Suite

Once connected, you can leverage Quick Suite’s chat assistant to query and analyze data in real-time, generate visual dashboards, and integrate additional AWS datasets. Quick Suite will intelligently retrieve data based on the content of your queries, providing a straightforward way to operationalize security and IT data analytics.

Conclusion

By connecting Quick Suite and Tines through the Model Context Protocol (MCP), organizations can fundamentally transform how they analyze security and IT data. This integration reduces the reliance on custom code, centralizes governance, and enhances operational visibility. Security and IT teams can extend their analytical capabilities across any API-enabled system through a standardized, auditable layer.

Start with Quick Suite to create your instance in AWS and visit Tines to register for a Community Edition account. Once set up, you can create your first MCP server and connect your existing tools. Get ready to harness the power of AI-driven queries for deeper insights and faster actions in your security workflows.

About the Authors

Yannick Gloster

Software Engineer based in Dublin, Ireland, with a master’s degree in computer science from Trinity College Dublin. Yannick works on AI features at Tines, focusing on scalable infrastructure.

Jonah Craig

Startup Solutions Architect in Dublin, Ireland, specializing in AI/ML solutions. Jonah is a speaker at AWS conferences and enjoys creating music in his free time.

Ashok Mahajan

Senior Solutions Architect at AWS, focused on security startups and helping design innovative solutions within AWS’s breadth of services.

Bobby Williams

Senior Solutions Architect at AWS, experienced in designing enterprise software solutions with a passion for creating delightful user experiences.

Embark on your journey toward seamless security integration and enhanced operational efficiency today!