Skip to content

Instantly share code, notes, and snippets.

@satti-hari-krishna-reddy

satti-hari-krishna-reddy/Work.md

Last active May 21, 2025 17:33
Show Gist options
  • Save satti-hari-krishna-reddy/c0ff22d6a79c2b6016bea2aa5980f4a0 to your computer and use it in GitHub Desktop.
Save satti-hari-krishna-reddy/c0ff22d6a79c2b6016bea2aa5980f4a0 to your computer and use it in GitHub Desktop.
Download ZIP
My Work at Shuffle
Raw
Work.md

🔧 Contributions to Shuffle (Open Source @ Internship)

👉 Jump to the PRs ↘️

My journey at Shuffle began by diving into backend development — crafting APIs, refining logic, and building pieces that connected the frontend to the core of the product and optimizing flows, and understanding the product’s core architecture. As I got deeper, I picked up frontend tasks too: with polishing the frontend — squashing UI bugs, improving usability, and contributing small yet impactful features that elevated the overall user experience.

The real turning point came when I led the effort to integrate Tenzir, a powerful streaming data pipeline engine, into Shuffle’s ecosystem. This work wasn't just feature development — it was infrastructure-level. I helped architect a system where data from Kafka, Syslog, and other sources could be ingested, processed in real-time, and trigger Shuffle workflows — effectively expanding the platform’s automation reach far beyond its native capabilities.

This experience spanned full-stack development, system orchestration, containerization, and real-time data handling — giving me deep exposure to building extensible, production-grade systems.

🔗 Integrating Tenzir with Shuffle for Real-Time Sigma-Based Event Detection

🧠 Overview

This integration enables Shuffle (SOAR) to ingest external data (Kafka, Syslog, etc.) using Tenzir's pipeline engine. It applies Sigma rules in real time and automatically triggers workflows based on detections.

Shuffle x Tenzir Integration

💼 What I Did

  • ✅ Integrated Tenzir pipelines into Shuffle as a new type of trigger
  • ✅ Wrote TQL pipelines to:
    • Ingest external data (from kafka/syslog)
    • Apply live Sigma detection
    • Forward matches to Shuffle via HTTP
  • ✅ Enabled deployment + management of Tenzir containers via Orborus
  • ✅ Added frontend controls in Shuffle to configure and monitor pipelines
  • ✅ Modular setup with mountable volumes for:
    • Sigma rules per pipeline
    • Persistent Tenzir state

🛠️ Tech Stack

  • Tenzir – pipeline engine & Sigma detection
  • Shuffle – frontend/backend (React + Go)
  • Orborus – container orchestration for pipelines
  • Docker – containerization and rule volume management

Infra / Tenzir / Pipelines Enhancements

  • #1381
    Adopted lazy initialization for Tenzir nodes
    Impact: Optimized resource usage by deploying Tenzir nodes on-demand, reducing unnecessary load.

  • #1383
    Added caching for container status checks
    Impact: Reduced repeated overhead and improved system responsiveness by caching status data.

  • #1375
    Implemented initial Tenzir deployment logic
    Impact: Introduced deployment controls with environment flags and a one-pipeline-per-trigger rule, ensuring nodes are activated only when needed.

  • #1398
    Enhanced pipeline trigger modal and overall stability
    Impact: Improved UI interactions for pipeline triggers, resulting in a smoother user experience.

  • #1402
    Fixed pipelines display in the triggers UI
    Impact: Ensured that pipelines appear correctly in the UI, making them selectable as trigger options.

  • #1372
    Added webhook support in the trigger view for pipelines
    Impact: Enabled external systems to trigger pipeline events, facilitating integration and automation.

Sigma Detection System

  • #1459
    Built the complete Sigma detection UI and integrated backend logic
    Impact: Enabled full sigma rule management by adding functions for fetching metadata, toggling rules, integrating with Tenzir, and parsing JSON logs. This overhaul significantly improved security event tracking.

Backend & API Enhancements

  • #51
    Implemented Get Child Organizations
    Impact: Developed a backend handler for retrieving sub-organizations based on role-based access, clarifying hierarchical structures.

  • #52
    Developed GetUserApps endpoint
    Impact: Provided precise filtering of apps based on user ownership/contributor status, enhancing data accessibility.

  • #53
    Introduced New Endpoint Action (Python Code Generation)
    Impact: Laid the groundwork for dynamic API generation by automatically producing Python code, setting up a future-proof extensible architecture.

  • #94
    Established Sigma Rule Backend (Tenzir Integration)
    Impact: Delivered comprehensive backend functionality for sigma rule management, including rule toggling, remote file download, and SIEM connectivity, bolstering overall security management.

  • #60
    Developed All Triggers endpoint
    Impact: Aggregated various workflow triggers (schedules, webhooks, pipelines) for faster real-time status updates via efficient map lookups.

  • #62
    Enhanced Pipeline Support
    Impact: Improved pipeline creation and execution by saving pipeline info to the database pre-queue, refining ID parsing, and adding handlers for deployment status tracking.

  • #64
    Implemented Active Webhooks retrieval
    Impact: Developed HandleGetHooks to return active webhooks cleanly by processing and stripping unwanted prefixes.

  • #65
    Extended Endpoint Action Features
    Impact: Enhanced dynamic endpoint creation by implementing functions (GetCustomActionCode and AddCustomAction) to generate YAML configurations and Python code, refining backend automation.

  • #68
    Enabled Pipelines as Triggers
    Impact: Allowed pipelines to be treated as triggerable entities with support for CRUD operations and integrated conditional logic, enhancing workflow automation.

  • #75
    Made pipelines show up in the UI
    Impact: Updated backend logic to include pipelines in the list of available trigger types, ensuring they appear in the UI dropdown for user selection.

Feature Implementation

  • #1342
    Added support for viewing sub-organizations
    Impact: Modified the admin panel (Admin.jsx) to conditionally display sub-orgs based on user roles, enhancing organizational data management.

Frontend Fixes

  • #1336
    Fixed text overflow in Conditions UI
    Impact: Added CSS properties (textOverflow: ellipsis, whiteSpace: nowrap) to clearly indicate truncated text, improving readability.

  • #1339
    Resolved Cancel button bug in modal
    Impact: Created local copies of shared objects to prevent unintended modifications, ensuring a stable and consistent UI experience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment