WWHF @ Mile High 2025

A wise person once said, “If you must do something more than 3 times in the SOC, automate it.” Automation minimizes mistakes while allowing analysts to focus more on high-level things. Use cases can range from data enrichment (imagine no more copying and pasting IP addresses or SHA 256 into Virus Total) to unique needs such as creating Elastic alert tickets in Teams.   Shuffle is a no-coding problem-solving automation tool that can reduce alert fatigue and employee burnout while quickly integrating with new tools using OpenAPI   In my talk, I will demonstrate two use cases in Shuffle from what we call the crawl, walk, run process to track the progress of the use case. The first milestone, crawling, denotes that data is reaching Teams to create a ticket. The Run milestone is completed when an alert is created in Teams with all the needed and enriched alert data.