Shuffle · jenilv-icpl · Mar 25, 2025 · Mar 28, 2025 · Mar 28, 2025 · Mar 28, 2025
diff --git a/.gitbook/assets/image.png b/.gitbook/assets/image.png
diff --git a/.gitbook/assets/singul_poster.jpg b/.gitbook/assets/singul_poster.jpg
diff --git a/Document/SUMMARY.md b/Document/SUMMARY.md
@@ -0,0 +1,19 @@
+---
+icon: table
+---
+
+# Table of contents
+
+* [Singul](../)
+* [Quickstart](getting-started.md)
+* [Category](category/)
+  * [Case Management](category/case-management.md)
+  * [SIEM Integration](category/siem-integration.md)
+  * [Asset Management](category/asset-management.md)
+  * [Identity & Access Management](category/identity-and-access-management.md)
+  * [Eradication Module](category/eradication-module.md)
+  * [Threat Intelligence (Intel)](category/threat-intelligence-intel.md)
+  * [Network Module](category/network-module.md)
+  * [Communication Module](category/communication-module.md)
+  * [Other Module](category/other-module.md)
+* [Test Case Execution & Benchmarking Guide](tests.md)
diff --git a/Document/category/README.md b/Document/category/README.md
@@ -0,0 +1,93 @@
+---
+icon: layer-group
+---
+
+# Category
+
+
+
+#### [Case Management](case-management.md)
+
+Manage tickets across tools like **Jira**, **GitHub**, and **TheHive**. Actions include:
+
+* Create, update, or close tickets
+* Add comments
+* Search or retrieve issues
+
+***
+
+#### [SIEM Integration](siem-integration.md)
+
+Fetch and manage security events from platforms like **Wazuh**, **Splunk**, **Elastic**, and **Microsoft Sentinel**. Supports:
+
+* List and search alerts
+* Close events
+* Isolate endpoints
+
+***
+
+#### [Asset Management](asset-management.md)
+
+Query and enrich asset data from tools like **Axonius**, **Device42**, and **Rapid7**.
+
+* List, search, and retrieve assets
+* Search users, endpoints, and vulnerabilities
+
+***
+
+#### [Identity & Access Management](identity-and-access-management.md)
+
+Control user access via **Active Directory**, **Azure AD**, **Vault**, etc.
+
+* Enable/disable users
+* Reset passwords
+* Search identities
+
+***
+
+#### [Eradication Module](eradication-module.md)
+
+Act quickly on threats by connecting to **EDR** platforms like **SentinelOne**, **Bitdefender**, or **Huntress**.
+
+* Isolate/unisolate hosts
+* Block malicious hashes
+* Trigger host scans
+
+***
+
+#### [Threat Intelligence (Intel)](threat-intelligence-intel.md)
+
+Integrate with platforms like **VirusTotal**, **GreyNoise**, **Shodan**, and **MISP**.
+
+* Get, search, create, or delete IOCs
+* Centralize threat enrichment
+
+***
+
+#### [Network Module](network-module.md)
+
+Work with firewall tools like **Palo Alto**, **FortiGate**, **OPNsense**, and more.
+
+* Retrieve and manage firewall rules
+* Allow or block IPs
+
+***
+
+#### [Communication Module](communication-module.md)
+
+Send, receive, or manage messages through **Slack**, **Gmail**, **Teams**, **Telegram**, and more.
+
+* Send messages
+* Search or list messages
+* Get attachments and contacts
+
+***
+
+#### [Other Module with Singul](other-module.md)
+
+A catch-all utility module for system tools like **Wazuh**, **HTTP**, **Veeam**, and **Webroot**.
+
+* Get health/config/status
+* Run scripts remotely
+* Audit configurations
+
diff --git a/Document/category/asset-management.md b/Document/category/asset-management.md
@@ -0,0 +1,138 @@
+---
+icon: computer
+---
+
+# Asset Management
+
+The `Assets` module in Singul enables you to query, retrieve, and search for information about assets, users, endpoints, and vulnerabilities across various connected platforms like **Active Directory**, **Vicarius**, **Snipe-IT**, **Rapid7**, **Device42**, **Axonius**, **AWS**, and more.
+
+Singul provides a unified API layer that abstracts all asset-related actions, so you don't need to write platform-specific code.
+
+***
+
+### Available Actions
+
+Singul currently supports the following asset-related actions:
+
+| Action                   | Description                                       |
+| ------------------------ | ------------------------------------------------- |
+| `list_assets`            | List all available assets from the connected app  |
+| `get_asset`              | Fetch detailed information about a specific asset |
+| `search_assets`          | Search for assets based on filters                |
+| `search_users`           | Search for user-related assets                    |
+| `search_endpoints`       | Search for endpoint assets or host machines       |
+| `search_vulnerabilities` | Search for asset vulnerabilities                  |
+
+***
+
+### Core Parameters
+
+Each method accepts the following parameters:
+
+| Parameter | Description                                                                     |
+| --------- | ------------------------------------------------------------------------------- |
+| `app`     | Name of the app (e.g. `"snipeit"`, `"device42"`, `"rapid7_insightvm"`)          |
+| `auth_id` | The app's authentication ID from your [Shuffle](https://shuffler.io/) dashboard |
+| `fields`  | List of key-value pairs specific to the action                                  |
+| `org_id`  | _(Optional)_ Your organization ID if required by the app                        |
+
+***
+
+### Usage Examples
+
+#### List All Assets
+
+```python
+response = singul.assets.list_assets(
+    app="snipeit",
+    auth_id="YOUR_AUTH_ID"
+)
+print(response)
+```
+
+***
+
+#### Get a Specific Asset
+
+```python
+response = singul.assets.get_asset(
+    app="snipeit",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "asset_id", "value": "123"}
+    ]
+)
+print(response)
+```
+
+***
+
+#### Search Assets
+
+```python
+response = singul.assets.search_assets(
+    app="device42",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "hostname", "value": "db-server"}
+    ]
+)
+print(response)
+```
+
+***
+
+#### Search Users
+
+```python
+response = singul.assets.search_users(
+    app="activedirectory",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "username", "value": "jdoe"}
+    ]
+)
+print(response)
+```
+
+***
+
+#### Search Endpoints
+
+```python
+response = singul.assets.search_endpoints(
+    app="axonius",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "ip_address", "value": "10.0.0.15"}
+    ]
+)
+print(response)
+```
+
+***
+
+#### Search Vulnerabilities by CVE, Vendor & Model
+
+```python
+response = singul.assets.search_vulnerabilities(
+    app="rapid7_insightvm",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "cve", "value": "CVE-2023-12345"},
+        {"key": "vendor", "value": "Cisco"},
+        {"key": "model", "value": "RV340"}
+    ]
+)
+print(response)
+```
+
+> You can use any combination of `cve`, `vendor`, and `model` to narrow your vulnerability search.
+
+***
+
+### Best Practices
+
+* Use `search_*` methods with targeted filters to limit result sizes.
+* Match field names to what the app expects — you can find these in Shuffle's app schema.
+* Test actions with known asset IDs or usernames before full automation.
diff --git a/Document/category/case-management.md b/Document/category/case-management.md
@@ -0,0 +1,145 @@
+---
+icon: folders
+---
+
+# Case Management
+
+The **`Cases` module** in Singul allows you to manage tickets across supported tools such as **Jira**, **GitHub**, **TheHive**, and more — using unified API calls.
+
+Whether you're creating, updating, or searching for tickets, the logic is the same: you pass a few parameters, and Singul handles the rest.
+
+***
+
+### Available Actions
+
+Singul currently supports the following case/ticket actions:
+
+| Action           | Description                            |
+| ---------------- | -------------------------------------- |
+| `list_tickets`   | List all tickets in a project or org   |
+| `get_ticket`     | Fetch details for a single ticket      |
+| `create_ticket`  | Create a new ticket or issue           |
+| `update_ticket`  | Update ticket fields (summary, status) |
+| `close_ticket`   | Mark a ticket as closed/resolved       |
+| `add_comment`    | Add a comment to a specific ticket     |
+| `search_tickets` | Search tickets using custom filters    |
+
+***
+
+### Usage Examples
+
+Each method requires the following core parameters:
+
+* `app`: Name of the connected tool (e.g. `"jira"`)
+* `auth_id`: The app’s **authentication ID** from your [Shuffle dashboard](https://shuffler.io/)
+* `fields`: A list of key-value dictionaries (custom inputs for each action)
+* `org_id`: _(Optional)_ Your organization ID (only needed for some apps)
+
+***
+
+#### List Tickets
+
+```python
+response = singul.cases.list_tickets(
+    app="jira",
+    auth_id="YOUR_AUTH_ID"
+)
+```
+
+***
+
+#### Get Ticket Details
+
+```python
+response = singul.cases.get_ticket(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "issueIdOrKey", "value": "SNT-14"}
+    ]
+)
+```
+
+***
+
+#### Create Ticket
+
+```python
+response = singul.cases.create_ticket(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "project", "value": "SNT"},
+        {"key": "summary", "value": "Created via Singul"},
+        {"key": "issuetype", "value": "Task"}
+    ]
+)
+```
+
+***
+
+#### Update Ticket
+
+```python
+response = singul.cases.update_ticket(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "issueIdOrKey", "value": "SNT-14"},
+        {"key": "summary", "value": "Updated via API"},
+        {"key": "description", "value": "Details changed"}
+    ]
+)
+```
+
+***
+
+#### Add Comment to Ticket
+
+```python
+response = singul.cases.add_comment(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "issueIdOrKey", "value": "SNT-14"},
+        {"key": "comment", "value": "This comment was added using Singul."}
+    ]
+)
+```
+
+***
+
+#### Close Ticket
+
+```python
+response = singul.cases.close_ticket(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "issueIdOrKey", "value": "SNT-14"},
+        {"key": "resolution", "value": "Done"}
+    ]
+)
+```
+
+***
+
+#### Search Tickets
+
+```python
+response = singul.cases.search_tickets(
+    app="jira",
+    auth_id="YOUR_AUTH_ID",
+    fields=[
+        {"key": "jql", "value": "project = SNT AND status = Open"}
+    ]
+)
+```
+
+***
+
+### Best Practices
+
+* Always test your action with known test tickets before running on production data.
+* Use `search_tickets()` when you need filtered data instead of listing everything.
+* Each integration (Jira, GitHub, TheHive, etc.) may expect different fields — refer to the app-specific documentation inside [Shuffle](https://shuffler.io/search?tab=apps).