Introduction
A quick overview of Tracecat.
Tracecat is the open workflow automation platform for security and IT engineers. It’s an open source Tines / Splunk SOAR alternative with response-as-code. Tracecat is built on a simple YAML-based DSL for integrations, no-code UI for workflows, and Temporal for scale and reliability.
Why Tracecat?
We’re on a mission to make security and IT automation more accessible through response-as-code. What Sigma rules did for detection, YARA for malware research, and Nuclei did for vulnerabilities, Tracecat is doing for response automation.
Get Started
We highly recommend every user complete the quickstart tutorial. This tutorial covers all the core features of Tracecat, which will save you hours of learning time.
Install
Self-host Tracecat on your own infrastructure.
Users
Log into Tracecat and invite your team.
Quickstart
Get from zero to hero in one tutorial.
Core Actions
HTTP request, data transforms, and workflow actions.
Expressions
Reference and transform data from actions, webhooks, and more.
Secrets
Store and retrieve secrets in workflows.
Tutorials
You can sync custom YAML integrations and Python scripts directly into Tracecat from a private Git repo. Learn more in the custom integrations tutorial.
This is the recommended way to use Tracecat. All reusable integrations should be stored and version controlled in your own GitHub / GitLab repository.
Trigger workflows
Trigger a workflow via the UI, webhook, or schedule.
Child workflows
Build and execute workflows of workflows.
Explode-implode
Loop and process lists of data with child workflows.
Data transforms
Manipulate, filter, and deduplicate data with transform actions.
Custom integrations
Build and sync custom integrations via git.
Alert on failure
Notify your team when a workflow fails.
Integrations
Was this page helpful?