Configs2026年7月8日·1 分钟阅读

Shuffle — Open Source Security Automation and SOAR Platform

A self-hosted security orchestration, automation, and response (SOAR) platform that connects security tools through visual workflows, enabling teams to automate incident response at scale.

Agent 就绪

Agent 可直接安装

这个资产可安装;Agent 先选择当前运行时、检查安装计划,再运行匹配命令。

Native · 98/100策略:允许
Agent 入口
任意 MCP/CLI Agent
类型
Skill
安装
Single
信任
信任等级:Established
入口
Shuffle SOAR Platform
直接安装命令
npx -y tokrepo@latest install 031f3991-7a65-11f1-9bc6-00163e2b0d79 --target codex

先 dry-run 确认安装计划,再运行此命令。

Introduction

Shuffle is an open-source security orchestration, automation, and response (SOAR) platform designed to help security teams automate repetitive tasks and streamline incident response. It provides a visual workflow builder that connects security tools, APIs, and data sources into automated playbooks without requiring extensive coding.

What Shuffle Does

  • Connects security tools through a visual drag-and-drop workflow builder
  • Automates incident response playbooks such as alert triage, enrichment, and containment
  • Integrates with SIEM, EDR, ticketing, and threat intelligence platforms via a library of pre-built apps
  • Supports custom app creation using OpenAPI specifications or Python scripts
  • Provides multi-tenant capabilities for managed security service providers

Architecture Overview

Shuffle runs as a set of Docker containers including a Go-based backend, a React frontend, an OpenSearch database for storage, and Orborus as the workflow execution engine. Each workflow step runs as an isolated Docker container, providing sandboxed execution of third-party integrations. The app framework uses OpenAPI specifications to auto-generate integration connectors, and custom Python apps can be built and shared through the Shuffle app store.

Self-Hosting & Configuration

  • Deploy with Docker Compose using the official repository for a single-server setup
  • Configure environment variables for admin credentials, database settings, and TLS
  • Install pre-built apps from the Shuffle app store or create custom integrations
  • Set up webhooks and schedules to trigger workflows from external alerts or on a timer
  • Scale horizontally by running additional Orborus workers for workflow execution

Key Features

  • Visual workflow builder with conditional logic, loops, and parallel execution paths
  • Over 1000 pre-built app integrations for security tools and cloud services
  • OpenAPI-based app framework for rapid integration development
  • Workflow sharing and collaboration through a public app and workflow library
  • Role-based access control and audit logging for compliance

Comparison with Similar Tools

  • Tines — commercial SOAR with a polished UI; Shuffle is fully open source and self-hosted
  • Splunk SOAR (Phantom) — enterprise platform with Splunk lock-in; Shuffle is vendor-neutral
  • n8n — general workflow automation; Shuffle is purpose-built for security operations
  • TheHive — case management platform; Shuffle provides the automation layer and integrates with TheHive
  • StackStorm — event-driven automation for DevOps; Shuffle targets security teams with a visual builder

FAQ

Q: Does Shuffle require coding knowledge to build workflows? A: Basic workflows can be built entirely through the visual editor. Advanced use cases may involve writing Python for custom app integrations or data transformations.

Q: Can Shuffle handle high-volume alert processing? A: Yes, Shuffle supports parallel workflow execution and can scale with additional worker containers to handle thousands of alerts per hour.

Q: What databases does Shuffle use? A: Shuffle uses OpenSearch for workflow data, execution logs, and app configurations. No additional database setup is required.

Q: Is Shuffle suitable for small security teams? A: Yes, Shuffle is designed to be accessible for teams of any size. Small teams benefit from automating repetitive tasks like alert enrichment and ticket creation.

Sources

讨论

登录后参与讨论。
还没有评论,来写第一条吧。