Skip to content

Tines integration

Tines is a security orchestration, automation, and response (SOAR) platform for building investigation and response workflows. The Have I Been Squatted integration provides Tines templates that call the Have I Been Squatted application programming interface (API) from a Tines story.

Use this integration when domain intelligence needs to run inside an existing automation flow, such as alert enrichment, phishing triage, threat-feed review, or periodic brand-monitoring checks.

The Tines integration includes templates for common Have I Been Squatted API workflows:

  • Look up typosquatted permutations for a domain: Generate and evaluate likely lookalike domains for a monitored domain.
  • Look up unregistered permutations for a domain: Find plausible permutations that currently return NXDOMAIN (no such domain exists).
  • Analyze a domain for infrastructure and threat signals: Enrich one domain with registration, Domain Name System (DNS), Hypertext Transfer Protocol (HTTP), screenshot, classification, and related signal data.
  • Retrieve usage totals and hourly breakdown: Pull usage data for reporting or workflow control.
  1. In Have I Been Squatted, open Settings > API Keys and create an API key.
  2. In Tines, open the Have I Been Squatted product page.
  3. Add the Have I Been Squatted templates needed for the story.
  4. Store the API key as a Tines credential.
  5. Run a test action against a known domain before connecting the story to production alerts.

The Tines card on the Have I Been Squatted Integrations page opens the Tines product page directly.

A suspicious domain from a security information and event management (SIEM) alert, phishing report, or case-management system can be passed into the Analyze template. The story can route the case based on returned infrastructure, classification, and enrichment data.

A scheduled story can run a lookup against priority brand domains, collect newly registered or unregistered permutations, and route only the results that meet internal review criteria.

Domains from an external feed can be enriched in Tines before a ticket is opened, escalated, or closed as low risk.

Treat the Have I Been Squatted API key as a production credential:

  • Store it in Tines credentials rather than hard-coding it in actions.
  • Scope access to the Tines tenant and story owners that need it.
  • Rotate the key if it is exposed in logs, story exports, tickets, or chat messages.