How do I migrate from Tines to Kestra?

Tines Stories are built visually and exported as JSON. In Kestra, you replicate the same flow in declarative YAML, replacing each Tines action with the equivalent Kestra plugin (HTTP requests, script execution, Slack notifications, and more). The API calls, data transforms, and notification steps map directly to Kestra plugins. Most teams migrate incrementally, running Kestra for new workflows while keeping Tines for existing security playbooks during the transition.

Can Kestra handle security workflows like Tines does?

Yes. Kestra handles webhook-triggered incident response, API enrichment, alert routing, and Slack or PagerDuty notifications natively. The difference is that Kestra workflows are defined in YAML and require an engineer to build them. There's no visual drag-and-drop builder for security analysts. If your security team needs to build and modify workflows independently without engineering involvement, Tines is better suited for that workflow.

Does Kestra integrate with security tools like SIEMs and EDRs?

Kestra's HTTP plugin can call any REST API, and Script tasks run Python or Bash against any SDK or CLI tool. So integrations with tools like Splunk, CrowdStrike, Okta, and PagerDuty are possible, but you write the integration logic rather than selecting a pre-built connector. Tines ships with 1,000+ security-specific connectors out of the box. If your primary need is rapid connection to security tooling without custom code, that library gives Tines an edge.

What's the difference between Tines Stories and Kestra Flows?

Tines Stories are built in a visual canvas, stored as JSON, and designed for operators who don't write code. Kestra Flows are written in YAML, stored in Git, and designed for engineers who want their workflows to follow software development practices. Both support triggers, conditional logic, and external API calls. Tines optimizes for speed of building; Kestra optimizes for maintainability and auditability over time.

Can Kestra and Tines run in parallel?

Yes. Many teams use both: Tines for security playbooks built by analysts, Kestra for data pipelines and infrastructure workflows built by engineers. The two tools don't overlap functionally enough to cause conflicts. You can run them in parallel indefinitely, or use Kestra as the central orchestrator that calls Tines via webhook when a security workflow needs to be triggered.

How does Kestra handle event-driven triggers like Tines does?

Kestra is event-driven at its core. It supports webhook triggers, scheduled triggers, file arrival triggers (S3, GCS, SFTP), Kafka and Pulsar message queue triggers, database change triggers, and API polling. These are all native capabilities defined in YAML alongside the rest of the workflow. Tines' trigger model is similar but designed around the security operations use case, with tighter integration into SIEM and EDR event streams.

Kestra vs. Tines: Universal Orchestration vs. Security Automation

Tines is a no-code workflow platform built for security and IT operations teams. It excels at SOC automation, incident response, and alert triage. Kestra is a general-purpose orchestration platform for engineering teams that need data pipelines, infrastructure automation, and business processes at production scale.

Get Started Book a Demo

Two Platforms, Two Audiences

Engineering-Grade Orchestration for Any Workflow

Declarative YAML orchestration platform for engineering teams. Define data pipelines, infrastructure automation, and business workflows in version-controlled YAML. Any language, self-hosted or on Kestra Cloud, with GitOps and full audit trails.

"How do I build production workflows my engineering team can version, deploy, and operate?"

Security and IT Workflow Automation

No-code visual workflow platform purpose-built for security operations and IT teams. Drag-and-drop story builder lets analysts automate threat response, alert triage, and IT incident handling without writing code.

"How do I automate our SOC playbooks without needing an engineer?"

Playbook Automation Protects Teams.
Workflow Orchestration Runs Your Business.

Production-Grade Workflow Orchestration

Automate data pipelines, infrastructure, and business processes in one platform
Self-hosted or cloud, with full data residency control
GitOps-native version control, CI/CD, and Terraform for all workflows
RBAC, audit logs, and multi-tenancy for enterprise compliance
Handles 100,000+ concurrent tasks across any language or tool

Security and IT Playbook Automation

No-code visual builder for security analysts and IT operators
1,000+ pre-built security and IT integrations
Community tier limited to 3 workflows and 1,000 story runs per month
Cloud-first SaaS (self-hosting requires vendor coordination)
$125M Series C raised in 2025, unicorn valuation

For security and IT teams automating SOC playbooks and incident response without writing code, Tines is the right tool. When you need data pipelines, infrastructure provisioning, cross-functional business workflows, or engineering-grade GitOps, Kestra is built for that scope.

Time to First Workflow

Tines offers both a managed cloud service and a self-hosted deployment. This comparison uses their cloud onboarding path—sign up at tines.com and build in the visual editor—which is their recommended getting-started experience.

~5

Minutes

curl -o docker-compose.yml \
https://raw.githubusercontent.com/kestra-io/kestra/develop/docker-compose.yml
docker compose up

# Open localhost:8080
# Pick a Blueprint, run it. Done.

Download the Docker Compose file, spin it up, and you're ready (database and config included). Open the UI, pick a Blueprint, run it. No vendor coordination, no infrastructure prerequisites beyond Docker.

~30

Minutes

# Cloud: sign up at tines.com, build visually
# Self-hosted: coordinate with Tines account team,
# then provision infrastructure:

# Requirements: Linux, Docker, PostgreSQL 14+, Redis 7.x
# Minimum: 8 GB RAM, 60 GB HDD, 2 CPUs
docker pull tines/rails:latest
docker pull tines/worker:latest

Sign up for Tines Cloud and build your first story in the visual editor. Self-hosting requires a Linux server with Docker, PostgreSQL 14+, Redis 7.x, 8 GB RAM, and access granted by your Tines account team.

Built for Engineers vs. Built for Analysts

Kestra: Readable by your whole team

id: daily_report
namespace: analytics

triggers:
  - id: daily
    type: io.kestra.plugin.core.trigger.Schedule
    cron: "0 8 * * *"

tasks:
  - id: run_dbt
    type: io.kestra.plugin.dbt.cli.DbtCLI
    commands:
      - dbt run --select reporting

  - id: notify
    type: io.kestra.plugin.notifications.slack.SlackIncomingWebhook
    url: "{{ secret('SLACK_WEBHOOK') }}"
    messageText: "Daily report ready"

YAML is readable on day 1. Our docs are embedded in the UI for easy reference, the AI Copilot writes workflows for you, or start with our library of Blueprints. No special training required.

Tines: Visual stories, no code required

{
  "name": "Daily Report",
  "agents": [
    {
      "type": "Agents::TriggerAgent",
      "name": "Daily Schedule",
      "schedule": [{"cron": "0 8 * * *", "timezone": "UTC"}]
    },
    {
      "type": "Agents::HTTPRequestAgent",
      "name": "Run dbt via API",
      "options": {
        "url": "{{.CREDENTIAL.dbt_api_url}}",
        "method": "POST",
        "headers": {
          "Authorization": "Bearer {{.CREDENTIAL.dbt_token}}"
        }
      }
    },
    {
      "type": "Agents::SlackAgent",
      "name": "Notify",
      "options": { "message": "Daily report ready" }
    }
  ]
}

Tines workflows (called Stories) are built by dragging actions onto a canvas. No code required for most integrations. Complex logic uses inline expressions and templates. Exported stories are JSON.

One Platform for Your Entire Technology Stack

Orchestrate data pipelines, infrastructure provisioning, business processes, and event-driven automations in one platform. Self-host with full control or use Kestra Cloud.

Purpose-built for security operations and IT automation. Excellent at SOC playbooks, incident response, and alert triage. Not designed for data pipelines, infrastructure provisioning, or engineering-team workflows.

Kestra vs Tines at a Glance


Primary use case	Universal workflow orchestration	Security and IT operations automation
Workflow definition	Declarative YAML	Visual no-code story builder
Target user	Engineers, data teams, platform teams	Security analysts and IT operators
Languages supported	Agnostic (Python, R, Bash, Node.js, SQL & more)	No-code (inline expressions for logic)
Data pipeline support	Native support (ETL, dbt, Spark, Airbyte)	Not designed for data workloads
Infrastructure automation	Native support	Not designed for this
GitOps and CI/CD	Native Git sync, Terraform provider	Story export/import (no GitOps)
Self-service for non-engineers	Kestra Apps	✓ Visual builder for analysts
Multi-tenancy and RBAC	Enterprise namespace isolation	Enterprise plan only
Open source	Open source (Apache 2.0)	Closed source SaaS

We replaced Rundeck after it dropped jobs in HA mode and gave us no visibility. Kestra handles our entire incident automation pipeline—from PagerDuty alert to ITSM closure—with full audit trails and approval gates.

SRE Lead @ Private Healthcare

100%Audit coverage for incident workflows

0Dropped jobs since migration

3xFaster mean time to resolution

Kestra Is Built for Engineering Teams, Not Just Operations

Code as infrastructure, not just automation

Kestra workflows live in Git, deploy via Terraform, and go through the same CI/CD pipeline as application code. Every change is tracked, reviewed, and auditable. No manual canvas exports, no copy-paste to move a workflow between environments.

Data pipelines and infrastructure in one platform

dbt models, Spark jobs, Kubernetes deployments, and custom scripts all run from the same declarative YAML. Kestra handles compute-intensive workloads that run for minutes or hours, across data pipelines, infrastructure automation, and business processes in one platform.

Language-agnostic execution at scale

Run tasks in Python, SQL, R, Bash, or any language in isolated containers. No wrappers, no decorators, no framework-specific syntax. Bring your existing scripts and orchestrate them without rewriting anything.

The Right Tool for the Right Job

Choose Kestra When

Your team needs data pipelines, ETL, or infrastructure automation alongside event-driven workflows.
Workflows should live in version control and deploy through CI/CD like any other infrastructure.
Your engineers write the workflows. You want YAML and Git, not a visual canvas.
You need self-hosting that doesn't require vendor coordination or a dedicated account team.
Non-engineers need to trigger and monitor workflows through Kestra Apps, not build them.

Choose Tines When

Your primary use case is SOC automation: alert triage, incident response, threat enrichment.
Your team is security analysts or IT operators who need to build workflows without engineering support.
You want pre-built playbook templates for SIEM, EDR, and threat intelligence tools.
No-code matters more than GitOps. Your team won't write or review YAML.
You're already invested in the Tines ecosystem and security-specific integrations.

Getting Started with Declarative Orchestration

See how Kestra can simplify your security workflows—and scale beyond SOC automation.

Book a Demo

Kestra vs. Tines: Universal Orchestration vs. Security Automation

Two Platforms, Two Audiences

Engineering-Grade Orchestration for Any Workflow

Security and IT Workflow Automation

Playbook Automation Protects Teams.Workflow Orchestration Runs Your Business.

Production-Grade Workflow Orchestration

Security and IT Playbook Automation

Time to First Workflow

~5

Minutes

~30

Minutes

Built for Engineers vs. Built for Analysts

Kestra: Readable by your whole team

Tines: Visual stories, no code required

One Platform for Your Entire Technology Stack

Kestra vs Tines at a Glance

Kestra Is Built for Engineering Teams, Not Just Operations

Code as infrastructure, not just automation

Data pipelines and infrastructure in one platform

Language-agnostic execution at scale

The Right Tool for the Right Job

Choose Kestra When

Choose Tines When

Frequently asked questions

How do I migrate from Tines to Kestra?

Can Kestra handle security workflows like Tines does?

Does Kestra integrate with security tools like SIEMs and EDRs?

What's the difference between Tines Stories and Kestra Flows?

Can Kestra and Tines run in parallel?

How does Kestra handle event-driven triggers like Tines does?

Getting Started with Declarative Orchestration

Playbook Automation Protects Teams.
Workflow Orchestration Runs Your Business.