Cyber Tool Stack
All tools
SOAROpen source · AGPL-3.0

Shuffle

By Shuffle

A self-hosted, AGPL-licensed SOAR workflow engine with a visual editor and an app library built from OpenAPI specifications. The company also sells hosted cloud and enterprise support tiers.

Verified Source: 1

Product type
Software
Deployment
On-premSaaS
Organization size
SMBMid-market
Pricing tier
Free

Capability checklist

SOAR

How Shuffle measures up against the full Security Orchestration, Automation & Response taxonomy.

Playbook / workflow automation — supported
Runs automated multi-step response actions triggered by an alert.
Case management — not supported
Tracks an incident from alert to closure with notes, evidence, and assignments.
Integration & connector library — supported
Connects to SIEM, EDR, ticketing, and other tools to take action across the stack.
Alert triage & enrichment — not supported
Automatically gathers context on an alert before an analyst sees it.
No-code / low-code playbook builder — supported
Lets analysts build automation without writing custom scripts.
Metrics & SLA reporting — not supported
Reports response times and automation impact against team SLAs.

Alternatives

Other Security Orchestration, Automation & Response tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Shuffle.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.