About Shuffle

Shuffle started as a project in mid-2019 because of a few automation related problems that needed more attention in the CERT/SIRT community. Available automation solutions in the security industry are trying to do everything at once; handle tickets, indicators, threat intel and much more in a single platform, while our goal is to build the best solution to fit all your existing tools following the Unix philosophy: "Do One Thing and Do It Well".


To make every security operations center share their processes, automations and detections in a standardized way. Cybersecurity is not a competiton between companies, and shouldn't treated as such.

Open Source

Focus for Shuffle has moved to an entirely open ecosystem. This includes, but is not limited to; the Shuffle product, open workflows, open apps, open standards (OpenAPI, Swagger).


This roadmap is meant more as a guide than as the exact order of operations. Current version: 0.8.56

  • 0.1 - 0.5: Created basic features for automation, as well as use cases and frontend. This was before the project was open sourced.
  • 0.6 - Usability: High focus on the workflow and app editor, as well as bugfixing after open sourcing.
  • 0.7 - Improve: First larger release of Shuffle. Focus on users, schedules, app authentication and a better overview in general through the admin view.
  • 0.8 - Integrate (current): Hybrid cloud features and file control
  • 0.9 - Features: Search engine for apps, workflows, executions etc. AWS (S3 & Lambda), GCP (Storage & Functions) integrations.
  • 1.0 - Launch: Categorized apps, proper use-cases, dashboard control and a real tutorial.
  • 1.1 - Business: Reporting, Risk transparency (manager focus)
  • 1.2 - OSS: Open Source tool expansion


Problems Shuffle solves

These included, but were not limited to (no specific order):

  • Alert fatigue by giving analysts the tools to automate most alerts
  • Remove menial tasks, decreasing employee turnover
  • Quick integrations with new tools - OpenAPI
  • Giving you a clear overview of your environment by tracking integration usage


Fredrik Ødegårdstuen - @frikkylikeme - frikky@shuffler.io