Intermediate Pro

Open Source SOAR Home-Lab using Shuffle

Build an Open-Source SOAR Lab integrating Shuffle with Wazuh, Suricata IDS, Splunk Enterprise, and AWS GuardDuty, including integrations with VirusTotal, Slack, ServiceNow, Outlook, and OTX for automated detection, enrichment, and response.

Self-Paced by Rajneesh Gupta

Overview

Deploy an open-source SOAR platform using Shuffle integrated directly with AWS GuardDuty for automated cloud threat response.
Combine on-premises monitoring from Splunk, Wazuh, and Suricata to achieve full visibility across environments.
Use Shuffle workflows to automate enrichment, notifications, and incident response actions.
Integrate ServiceNow, Slack, Outlook, VirusTotal, and OTX for real-time alerting and threat intelligence.
Build a complete SOC automation lab to simulate, detect, and respond to attacks end-to-end.

What You'll Learn

  • Building an Open-Source SOAR Platform

    Learn to deploy and configure Shuffle SOAR using Docker on Ubuntu.

  • AWS GuardDuty Automation

    Integrate AWS GuardDuty directly with Shuffle using API and EventBridge for automatic incident ingestion and playbook execution.

  • SOC Workflow Integration

    Connect Wazuh, Suricata, Splunk, and external services (ServiceNow, Slack, Outlook, VirusTotal, OTX) to create an automated incident response pipeline.

Prerequisites

  • Basic knowledge of **Linux administration** (Ubuntu/CentOS)
  • **AWS account** with permissions to enable GuardDuty and Security Hub
  • Familiarity with **Docker, APIs, and security automation tools**

Lab Environment

Experience hands-on learning with our carefully designed lab environment that mirrors real-world scenarios.

  • Real-world tools and interfaces
  • Step-by-step guided instructions
  • Interactive lab environment
  • Hands-on practice with live systems
Lab Environment Preview

About Trainer

Rajneesh Gupta

Rajneesh Gupta

Rajneesh Gupta is a seasoned cybersecurity professional with over 11 years of industry experience. With a remarkable career focused on incident response, penetration testing, security compliance, and risk management, Rajneesh has established himself as a leading expert in the field. He is also an accomplished author, having penned the book "Hands-on with Blockchain and Cybersecurity". As a dedicated educator, Rajneesh has made a significant impact on the cybersecurity community by training over 60,000 students globally.

LinkedIn YouTube GitHub

Related Projects

Wazuh + n8n + Anyrun: Automated Malware Analysis
Pro Intermediate

Wazuh + n8n + Anyrun: Automated Malware Analysis

Automate malware analysis by sending Wazuh-detected suspicious files into ANY.RUN, retrieving detailed reports and IOCs, and integrating results back into your SOC workflow.

Threat Hunting Home-Lab(using Velociraptor)
Pro Beginner

Threat Hunting Home-Lab(using Velociraptor)

Deploy, Configure, and Hunt Threats with Velociraptor Forensics Platform

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption
Pro Intermediate

AWS GuardDuty Findings Ingestion in Splunk using S3 and KMS Encryption

Build a secure pipeline to export GuardDuty security findings to an encrypted S3 bucket and automatically ingest them into Splunk for centralized threat monitoring and analysis.