Describes the features included with Shuffle.
Contact us for more info
With the problems described in our about page in mind, this document describes the features we have and will be implementing to ensure anyone can build on the Shuffle platform. Shuffle is not to only be used by developers, but by anyone curious about automation.
Our app creator is how we can promise to build apps within hours and days, rather than weeks. It's a easy to use, but yet powerful way to easily interact with other platforms' API's. It allows for app creation based on Swagger/OpenAPI, and can handle authentication for any HTTP method. The best part? You can export those apps as OpenAPI, meaning our apps aren't tied to Shuffle itself.
Our goal with the App Creator is to incentives as many security companies as possible to share their API's, and to keep the largest repository of integrations out there.
Our workflow designer is the part of Shuffle that makes it all fit together. Together with the App creator and our default apps (HTTP & Shuffle Toolbox), it gives you access to unlimited automation possibilities, ensuring anyone can learn to automate anything with just a few hours of practice.
Shuffle comes pre-packaged with a large amount of apps and workflows, making it both easy to start using and extend. This, together with our Marketplace is what will bring security to new heights.
Shuffle's focus has and will always be on Open Source and collaboration. With this in mind, we are tirelessly building out features and fixing bugs for the Open Source, before testing, migrating and deploying it across our user- and customerbase.
Shuffle allows for a user to have multiple Organizations associated with a User and vice versa. Organizations have logical barriers, making users able to easily swap between them. Shuffle is further extended for MSSP's needs, allowing for Sub-organizations to be controlled from a Parent-organization.
Have multiple datacenters with physical barriers for connections? No problem - we've built a way for a single workflow to run scripts in multiple locations. Environments are divided by Organization, but still allowing for resource sharing if necessary.
What is a security system that can't handle files? Not very useful. The good news? We can. If you want to connect Shuffle to your favorite sandbox, or upload and analyze an email with Yara - we can do it all.
What more? We also support namespaces, allowing for the download of a full namespace as a single bundle. What does this mean? You can e.g. control all your rules from a single place.
We've extended Shuffle with the possibility of storing data for all your needs. This is called the "Shuffle Cache" and can be used for e.g. Pagination, timestamp management, IOC lists and anything else you want. Not to worry! This is permanent storage if you want it.
What more? It's easy to use, and accessing the data can be done directly from $shuffle_cache, while setting values can be done with the Shuffle Toolbox.
Having a good storage solution isn't enough. What if the server itself gets breached? Worry not! All your treasures are safely encrypted, and decrypted ONLY in real time for an app that needs to use them.
What is a system that isn't documented well? A not so useful system. That's why we've ensured that our apps get documented, which is available at the click of a button from within the Workflow UI - right next to the authentication process.
Automation wouldn't be automation if you had to do manual work. That's why Shuffle has implemented 4 core triggers:
Extension triggers (not exhaustive): AWS Lambda, AWS S3, Elastalert, Kafka, Pub/Sub
SSO and other required authentication mechanisms are already in play, and available to anyone who wants to use them rather than normal signin. Our main supported platforms are the following, with more platforms to come (ask us!):
Anything below here is alpha stages
The Shuffle marketplace is where you can go and find the integrations and workflows you want. As more users Publish their workflows and apps, we will move a lot of our focus here.
Mitre Att&ck is more an more important. That's why we're working on a mechanism for auto-tagging data with Mitre Att&ck techniques based on what the data is from an endpoint. This is a self-built model, and will be improved over time as more people get to use it.
We're developing technology to allow for apps and workflows to be built based on text. This is based on OpenAPI's GPT-3 model, and can make it even easier for anyone to automate long-term.
RBA is planned for the 1.1 release. Our current authentication system is easily extendible for RBA, but the focus hasn't been here yet.
Dashboards are planned for 1.0 release. There are a few standard ones in place, but these will become customizable.
Reporting is necessary to any organization. That's why our focus is on having a reporting mechanism on launch, built directly into Workflows themselves.