Tracecat is the open-source Tines / Splunk SOAR alternative built for security engineers.

Who uses Tracecat?

  • Security Operations (SecOps): Unify playbook development across security analysts and security engineers
  • Security Engineers (SecEng): Build and maintain complex playbooks using open source integrations and configuration-as-code (YAML)
  • Managed Detection & Response (MDR): Rapidly self-host, embed, and scale multi-tenant playbooks into any security service or product

New to Tracecat?

Install

Learn how to self-host Tracecat on your own infrastructure.

Quickstart

Build and deploy the classic VirusTotal enrichment playbook in 15 minutes.

Core Features

Workflows

Automated event-driven workflows

Actions

Core building blocks for automations

Secrets

Built-in secrets manager

Webhooks

Trigger playbooks given external events

Schedules

Run workflows at regular intervals

Expressions

Powerful templating language and formulas

Case Management

Manage cases directly in Tracecat

Developer Features

Develop and scale playbooks headlessly (without the UI) using configuration-as-code. Write custom integrations in code that automatically convert to no-code.

Workflow Definitions

Build repeatable playbooks using YAML

User-Defined Functions

Add custom integrations with a single Python decorator

Command Line Interface

Manage workflows and secrets from the terminal

Quickstart