Open-Source SOAR Incident Response Automation FortiSIEM Splunk QRadar

Shuffler SOAR Implementation in India

Shuffler is an open-source Security Orchestration, Automation and Response platform that lets security teams automate repetitive incident response tasks. Ogma implements Shuffler and builds production-ready playbooks for phishing triage, IOC enrichment, firewall policy updates, SIEM alert automation, and vulnerability remediation — integrated with your existing SIEM, ITSM, and threat intelligence tools.

See Playbooks
Open-Source
No per-playbook licensing cost
500+
App integrations in Shuffler ecosystem
< 5 min
Automated incident response vs hours manual
SIEM Integrated
FortiSIEM, Splunk, QRadar, Microsoft Sentinel

Shuffler Playbooks We Build

Production-ready Shuffler playbooks covering the full L1 SOC analyst workflow — from first alert to resolved ticket.

Phishing Response Playbook

Auto-triggered on phishing alert: extract IOCs from email headers, check against VirusTotal and Shodan, block sender domain on FortiGate, quarantine mailbox in Exchange/Gmail, create ITSM ticket, notify user and manager — all within 3 minutes.

Malware Triage Playbook

On endpoint malware alert: query CrowdStrike/FortiEDR for process tree and file hash, submit hash to sandbox (Any.run), isolate endpoint from network, update FortiGate block list, escalate to L2 SOC analyst with full context.

IOC Enrichment Playbook

On any IOC alert (IP, domain, hash): auto-enrich via VirusTotal, AbuseIPDB, Shodan, MISP. Return enrichment data to SIEM and ITSM ticket. Score and classify IOC. Block if score exceeds threshold.

Account Compromise Playbook

On impossible travel or credential stuffing alert: force-reset password in Active Directory, revoke all OAuth tokens, disable MFA bypass, notify user via SMS/email, and create high-priority ITSM incident.

Vulnerability Remediation Playbook

On critical CVE detection: identify affected hosts from asset database, check patch availability, create Jira/ServiceNow ticket with remediation steps, assign to appropriate team, track SLA to closure.

Compliance Evidence Automation

Scheduled playbook: pull firewall rule audit from FortiGate, check CIS Benchmark compliance on servers via Ansible, compile evidence into PDF report, email to CISO and auditor.

Shuffler Integrations

Shuffler connects to your existing security and IT toolstack via API — Ogma configures and tests all integrations as part of the implementation.

SIEM

FortiSIEM Splunk QRadar Microsoft Sentinel Elastic SIEM

Threat Intel

VirusTotal Shodan AbuseIPDB MISP OTX AlienVault

Firewall / Network

FortiGate (API) Cisco ASA Palo Alto Checkpoint

ITSM

ServiceNow Jira Freshservice PagerDuty OpsGenie

Endpoint

CrowdStrike FortiEDR Microsoft Defender SentinelOne

Identity

Active Directory Azure AD Okta PingIdentity

Engagement Models

Tailored scoping — senior engineer responds in 2 business hours.

Starter Implementation
₹1,50,000
One-time

Shuffler deployment, 3 production playbooks (phishing + IOC enrichment + SIEM triage), SIEM integration, 30-day hypercare.

  • Shuffler deployment and hardening
  • 3 production playbooks
  • SIEM integration (1 platform)
  • Runbook documentation
  • 30-day hypercare
MOST POPULAR
Full SOC Automation
₹3,50,000
One-time

8 playbooks covering full SOC L1 automation, all SIEM/ITSM/threat intel integrations, runbook documentation, analyst training, 60-day hypercare.

  • 8 production playbooks
  • All SIEM + ITSM integrations
  • Threat intel connectors (VirusTotal, MISP)
  • Analyst training (2 sessions)
  • Full runbook documentation
  • 60-day hypercare
Managed SOAR
₹1,00,000/month
Ongoing

All above plus new playbook development (2/month), playbook maintenance, app connector updates, monthly automation metrics report.

  • 2 new playbooks per month
  • Existing playbook maintenance
  • App connector updates
  • Monthly automation metrics report
  • Priority support SLA

Frequently Asked Questions

Shuffler (shuffler.io) is an open-source SOAR platform — offering the same orchestration and automation capabilities as commercial platforms like Splunk SOAR or Palo Alto XSOAR, but without per-playbook or per-action licensing costs. This makes Shuffler the preferred SOAR for Indian enterprises looking for cost-effective security automation. Ogma implements and manages Shuffler for production SOC environments.

Shuffler integrates with all major SIEM platforms via API: FortiSIEM, Splunk, IBM QRadar, Microsoft Sentinel, and Elastic SIEM. Ogma configures bi-directional integration — Shuffler is triggered by SIEM alerts and writes enrichment data and response actions back to SIEM cases.

Ogma builds as many playbooks as required. Our standard SOC automation package covers 8 high-value playbooks (phishing, malware triage, IOC enrichment, account compromise, vulnerability tracking, compliance evidence, network block automation, and executive reporting). Additional custom playbooks are developed on a per-playbook or retainer basis.

A Starter implementation (Shuffler deployment + 3 playbooks) takes 2-3 weeks. Full SOC Automation implementation with 8 playbooks and all integrations takes 5-8 weeks. Ogma runs playbooks in test mode against historical SIEM alerts before going live — validating all integrations and response actions in a safe environment.

Automate Your SOC with Shuffler SOAR

Talk to Ogma about implementing Shuffler SOAR — get a scoped quote for your environment and use cases.