Shuffle Security is the open source incident response and security operations frontend for Shuffle — built for and by security professionals. It brings alerts, cases, observables, assets and AI-driven response into a single workspace, designed to work well for SOC teams, MSSPs and service providers.
Key Features — Community & Support — Documentation — Getting Started — Set up a demo call
Follow us on Twitter at @shuffleio.
 Handle incidents from any source One unified view for alerts, cases and tickets across every tool. |
 Set up host monitors For compliance, vulnerabilities and response across your fleet. |
 Be in control of the automation Visual ingest and forward pipelines you can shape end-to-end. |
 Track and manage vulnerabilities Stay on top of risk over time across every asset and user. |
- Cloud: Register at https://security.shuffler.io/register and get cooking
- Self-hosted: see Install below
git clone https://github.com/shuffle/shuffle-security
cd shuffle-security
docker compose up -dThat is it. Open http://localhost:3002. Defaults in .env work out of the box — edit them only for production.
- Shuffle (core platform): https://github.com/shuffle/shuffle
- OpenAPI apps: https://github.com/shuffle/security-openapis
- Documentation: https://github.com/shuffle/shuffle-docs
- Workflows: https://github.com/shuffle/shuffle-workflows
- Python apps: https://github.com/shuffle/python-apps
- Unified Incidents view (OCSF 2005) for alerts and cases
- Observables, assets and IOC correlation with threat intel enrichment
- AI Agent for triage, response suggestions and approvals
- Automation pipelines for ingest and forwarding
- Multi-tenant / sub-organization support for MSSPs
- 3,000+ integrations via the Apps catalog
Documentation can be found on https://shuffler.io/docs and is written here: https://github.com/shuffle/shuffle-docs.
npm install
npm run devConfigure the API target via a .env file in the project root:
VITE_SHUFFLE_API_URL=https://shuffler.io