Functions

Overview
Examples
Related pages

Overview

Tracecat expressions can call built-in functions with the FN.<name>(...) syntax. Function results support bracket indexing such as FN.range(0, 3)[0]. Function results do not support JSONPath wildcards or filters such as FN.range(0, 3)[*]. Use in-line functions for one-line data transforms in action inputs. For more complex logic, use a Python script or a custom UDF instead.

Examples

Build a prompt or short string:

prompt: ${{ FN.format("Investigate alert {0} with severity {1}", TRIGGER.alert_id, TRIGGER.severity) }}

Time manipulation for alert search windows:

start_time: ${{ FN.to_isoformat(FN.now() - FN.minutes(15)) }}
end_time: ${{ FN.to_isoformat(FN.now()) }}

See the Functions cheatsheet for the full function reference and more examples.
See Expressions for expression syntax and contexts.

Variables

JSONPath

⌘I

Overview

Building automations

Building agents

Building custom actions

Self-hosting

Authentication

Overview

Examples

Overview

Building automations

Building agents

Building custom actions

Self-hosting

Authentication

​Overview

​Examples

​Related pages

Overview

Examples

Related pages