Tracecat is the open-source Tines / Splunk SOAR alternative built for security engineers.

Why Tracecat?

  • Security Operations (SecOps): Unify playbook development across security analysts and security engineers
  • Security Engineers (SecEng): Build and maintain complex playbooks using open source integrations and configuration-as-code (YAML)
  • Managed Detection & Response (MDR): Rapidly self-host, embed, and scale multi-tenant playbooks into any security service or product

New to Tracecat?

Install

Self-host Tracecat on your own infrastructure (Docker Compose, AWS, Kubernetes).

15-Minute Quickstart

Learn the basics of Tracecat by building a VirusTotal enrichment playbook.

Integrations

Pre-built integrations and their required secrets.

Tutorials

Self-guided tutorials to go from zero-to-hero in Tracecat.

Control Flow

Learn how to use if-conditions in your workflows.

Actions Registry

Learn how to use pre-built integrations in your workflows.

Child Workflows

Learn how to combine smaller workflows into a single workflow.

Triggers

Learn how to trigger workflows via webhooks or schedules.

Custom Integrations

Learn how to add custom integrations to the Actions Registry.

Updating

Learn how to update Tracecat to the latest version.

Core Features

Check out the following docs for more details on Tracecat’s core features.

Actions

Building blocks for automations and integrations.

Secrets

Store and retrieve sensitive data.

Expressions

Reference action results and workflow metadata.

Functions

Powerful utility functions for automations.

Quickstart