I want Shuffle to spark some excitement in blue teamers, as the red side feels seem to have constant developments, while the blue seems to be lacking. What’s next for ShuffleĪs adoption is a key element, this is written to be an introductory post without much depth. Get in touch, or see the installation guide. It’s currently in the beta stage, with a few testers in production, and we would appreciate if you want to test it too. The choice of Open Source means it can flourish quickly, as long as the baseline is stable and secure.
It makes automation easily available through existing standards like OpenAPI, more fun through the execution views, and last but not least, efficient. With the capability to automate, report, share and duct tape together any information, the platform is in essence built for anyone in operational security roles. This means that in time, there will be a notable repository of readily available workflows to pick from. Further, workflows are defined in JSON, a format that is digestible programmatically. It can also be executed manually.Īctions, webhooks and arguments can be reused, copied and put together to create anything you can think of. If someone sends a POST request to the Trigger “Webhook”, this workflow will execute. “Repeat back to me” takes a single Argument, which in this case is the Variable “Hello world variable” “Hello world” (bottom left) is the Action “Repeat back to me” running the App “Testing”. Hello world example in Shuffle with Triggers, Actions and VariablesĪn App, as described in the previous section, has multiple Actions, which in turn has multiple arguments.
Using Apps, Triggers, and Variables, Shuffle gives you access to all the tools you need to make your platforms talk to each other. Workflows are the part of Shuffle where everything comes together. On top of OpenAPI, we’ve taken the integration approach and structure of WALKOFF, meaning their apps work with Shuffle as well. This means that you will have an existing integration for your product(s) within minutes, rather than days of development time. If you check out this existing integrations website, it shows 11.000+ endpoints with OpenAPI definitions. Shuffle uses OpenAPI, and existing Web API standard, and gives you access to a builder to create apps on the fly as seen in the image on the left. Having a community of supporters and creators doing the heavy lifting over time is good, but we thought farther. To make Shuffle accessible, it needs to have integrations ready out of the box. Virustotal in the App Creator How do integrations work? Just because it can be done, doesn’t mean it should be. This is typically in the form of Threat Intelligence, Tickets, Vulnerability management, Email analysis, Cloud security and you name it. The point of a SOAR platform is to handle an incident end-to-end - automating before, during and after the incident.Īn issue with end-to-end in a single platform is that the views are cluttered and hard to use, as they try to cast too wide a net. SOAR ( Security Orchestration, Automation and Response) has been around for a few years, and been a part of some large acquisitions in the information security industry recently.
Open source siem for free#
I was initially planning to make it a SaaS platform, but decided to give it away for free after seeing the need for an Open Source SOAR platform. I knew there was a better way, and as a developer and security professional, I saw a need for better structure, eventually leading to Shuffle.
Open source siem code#
I was writing the same code over and over to duct tape systems together, which was quite tedious with 30+ systems. Shuffle was started as a hobby project about a year ago (mid 2019).
0 kommentar(er)
