Module 14: Security Automation — Work Smarter

Automate the repetitive. Focus on what requires a human.

Tools:Shuffle
3
Lessons
3
Hands-on Labs

Lessons

1

Security Automation & SOAR Fundamentals

SOAR concepts, automation vs orchestration, Shuffle architecture, what to automate vs keep manual

2

Building Automated Playbooks

Playbook design principles, Shuffle workflow builder, phishing response playbook, error handling

3

Integration & Orchestration

Connecting Wazuh/TheHive/MISP/Velociraptor, API integrations, enrichment pipelines, automated containment

Labs

Lab 14.1 — Your First Shuffle Playbook

Set up Shuffle, create alert-to-enrichment workflow: Wazuh alert → VirusTotal lookup → TheHive case.

Intermediate

Lab 14.2 — Phishing Response Playbook

Build end-to-end phishing playbook: extract IOCs → enrich → check MISP → create case → notify.

Advanced

Lab 14.3 — Multi-Tool Orchestration

Full SOC pipeline: Wazuh alert → MISP enrichment → TheHive case → Velociraptor containment.

Expert