Getting Started
What is Tracecat?
An introduction to the Tracecat security automation platform.
Tracecat is the open-source Tines / Splunk SOAR alternative built for security engineers.
Who uses Tracecat?
- Security Operations (SecOps): Unify playbook development across security analysts and security engineers
- Security Engineers (SecEng): Build and maintain complex playbooks using open source integrations and configuration-as-code (YAML)
- Managed Detection & Response (MDR): Rapidly self-host, embed, and scale multi-tenant playbooks into any security service or product
New to Tracecat?
Install
Learn how to self-host Tracecat on your own infrastructure.
Quickstart
Build and deploy the classic VirusTotal enrichment playbook in 15 minutes.
Core Features
Workflows
Automated event-driven workflows
Actions
Core building blocks for automations
Secrets
Built-in secrets manager
Webhooks
Trigger playbooks given external events
Schedules
Run workflows at regular intervals
Expressions
Powerful templating language and formulas
Case Management
Manage cases directly in Tracecat
Developer Features
Develop and scale playbooks headlessly (without the UI) using configuration-as-code. Write custom integrations in code that automatically convert to no-code.