Skip to main content

Core Actions

Core action namespaces are prefixed with core..
NamespaceFunctionSecrets
corehttp_pollssl
corehttp_requestssl
corerequire-
coresend_email_smtpsmtp
core.casescreate_case-
core.casescreate_comment-
core.casesget_case-
core.caseslist_cases-
core.caseslist_comments-
core.casesupdate_case-
core.casesupdate_comment-
core.casessearch_cases-
core.tabledelete_row-
core.tableinsert_row-
core.tablelookup-
core.tablelookup_many-
core.tableupdate_row-
core.transformapply-
core.transformdeduplicate-
core.transformfilter-
core.transformis_in-
core.transformmap-
core.transformnot_in-
core.transformreshape-
core.workflowexecute-

AI Actions

NamespaceFunctionSecrets
aiaction-
aiagent-
aislackbot-

Integrations

Integration namespaces are prefixed with tools..
NamespaceFunctionSecrets
tools.alertmediacreate_tripalertmedia, ssl
tools.alertmediadelete_tripalertmedia, ssl
tools.alertmediaget_travel_eventsalertmedia, ssl
tools.alertmediaget_user_trip_by_idalertmedia, ssl
tools.alertmediaget_user_tripsalertmedia, ssl
tools.alertmediasearch_tripsalertmedia, ssl
tools.alertmediasearch_usersalertmedia, ssl
tools.alertmediaupdate_tripalertmedia, ssl
tools.amazon_s3download_objectamazon_s3
tools.amazon_s3parse_uriamazon_s3
tools.ansiblerun_playbookansible
tools.aws_boto3call_apiaws
tools.aws_boto3call_paginated_apiaws
tools.crowdseclookup_ip_addresscrowdsec_cti, ssl
tools.crowdstrikelist_alertscrowdstrike
tools.crowdstrikelist_casescrowdstrike
tools.crowdstrikelist_detectscrowdstrike
tools.datadoglist_security_signalsdatadog, ssl
tools.elastic_securitylist_detection_signalselastic_security, ssl
tools.falconpycall_commandcrowdstrike
tools.google_apiget_access_tokengoogle_api
tools.google_mapsget_location_datagoogle_maps, ssl
tools.gophishcreate_campaigngophish
tools.gophishcreate_groupgophish
tools.gophishcreate_landing_pagegophish
tools.gophishcreate_sending_profilegophish
tools.gophishcreate_templategophish
tools.gophishdelete_campaigngophish
tools.gophishdelete_groupgophish
tools.gophishdelete_landing_pagegophish
tools.gophishdelete_sending_profilegophish
tools.gophishdelete_templategophish
tools.gophishget_campaigngophish
tools.gophishget_campaign_resultsgophish
tools.gophishget_campaign_summarygophish
tools.gophishget_groupgophish
tools.gophishget_group_summarygophish
tools.gophishget_landing_pagegophish
tools.gophishget_sending_profilegophish
tools.gophishget_templategophish
tools.gophishlist_campaignsgophish
tools.gophishlist_groupsgophish
tools.gophishlist_groups_summarygophish
tools.gophishlist_landing_pagesgophish
tools.gophishlist_sending_profilesgophish
tools.gophishlist_templatesgophish
tools.gophishmodify_groupgophish
tools.gophishmodify_landing_pagegophish
tools.gophishmodify_sending_profilegophish
tools.gophishmodify_templategophish
tools.hackeroneget_programhackerone, ssl
tools.hackeroneget_programshackerone, ssl
tools.hackeroneget_reporthackerone, ssl
tools.hackeroneget_reportshackerone, ssl
tools.hibpcheck_email_breacheshibp, ssl
tools.hibpcheck_email_pasteshibp, ssl
tools.hibpget_all_breachesssl
tools.hibpget_breach_detailsssl
tools.hibpget_data_classesssl
tools.hibpget_latest_breachssl
tools.ipinfolookup_ip_addressipinfo, ssl
tools.jamfget_access_tokenjamf
tools.jamflist_computersjamf, ssl
tools.jamflock_devicejamf, ssl
tools.jiraadd_issue_commentjira, ssl
tools.jiraassign_issuejira, ssl
tools.jiracreate_issuejira, ssl
tools.jiraget_fieldsjira, ssl
tools.jiraget_issuejira, ssl
tools.jiraget_prioritiesjira, ssl
tools.jiraget_priority_schemesjira, ssl
tools.jiraget_projectsjira, ssl
tools.jiraget_transitionsjira, ssl
tools.jiraget_user_idjira, ssl
tools.jirasearch_issuesjira, ssl
tools.jiraupdate_issue_descriptionjira, ssl
tools.jiraupdate_issue_fieldsjira, ssl
tools.jiraupdate_issue_statusjira, ssl
tools.jiraupload_attachmentjira, ssl
tools.ldapadd_entryldap
tools.leakchecksearch_domain_leakleakcheck_api
tools.leakchecksearch_email_leakleakcheck_api
tools.ldapdelete_entryldap
tools.ldapmodify_entryldap
tools.ldapsearch_entriesldap
tools.oktaactivate_userokta, ssl
tools.oktaadd_to_groupokta, ssl
tools.oktaassign_group_to_appokta, ssl
tools.oktaclear_user_sessionsokta, ssl
tools.oktacreate_userokta, ssl
tools.oktaexpire_passwordokta, ssl
tools.oktaexpire_password_with_temporary_passwordokta, ssl
tools.oktaget_group_membersokta, ssl
tools.oktaget_groups_assigned_to_userokta, ssl
tools.oktaget_userokta, ssl
tools.oktalist_groups_in_orgokta, ssl
tools.oktalist_usersokta, ssl
tools.oktalookup_user_by_emailokta, ssl
tools.oktaremove_from_groupokta, ssl
tools.oktareset_passwordokta, ssl
tools.oktarevoke_sessionsokta, ssl
tools.oktasearch_usersokta, ssl
tools.oktasuspend_userokta, ssl
tools.oktaunsuspend_userokta, ssl
tools.okta_oarcreate_messageokta, ssl
tools.okta_oarget_requestsokta, ssl
tools.okta_oarget_specific_requestokta, ssl
tools.okta_oarget_userokta, ssl
tools.pagerdutyacknowledge_event-
tools.pagerdutyget_all_schedulespagerduty
tools.pagerdutyget_contact_methodspagerduty
tools.pagerdutyget_incident_datapagerduty
tools.pagerdutyget_incidentspagerduty
tools.pagerdutyget_user_notification_rulespagerduty
tools.pagerdutyget_users_on_callpagerduty
tools.pagerdutyresolve_eventpagerduty
tools.pagerdutytrigger_event-
tools.phishlabsget_case_dataphishlabs
tools.phishlabsget_feed_dataphishlabs
tools.phishlabsget_threat_dataphishlabs
tools.pymongoexecute_operationmongodb
tools.sentinel_onelist_threatssentinel_one, ssl
tools.slackask_text_inputslack
tools.slacklookup_user_by_emailslack
tools.slackpost_messageslack
tools.slackpost_notificationslack
tools.slackpost_updateslack
tools.slackrevoke_sessionsslack
tools.slack_sdkcall_methodslack
tools.slack_sdkcall_paginated_methodslack
tools.splunkadd_kv_fieldssplunk, ssl
tools.splunkcreate_kv_collectionsplunk, ssl
tools.splunkcreate_kv_entrysplunk, ssl
tools.splunkdelete_kv_collectionsplunk, ssl
tools.splunkdelete_kv_entrysplunk, ssl
tools.splunkdiscover_fieldssplunk, ssl
tools.splunkget_kv_collectionsplunk, ssl
tools.splunkget_kv_entrysplunk, ssl
tools.splunklist_data_modelssplunk, ssl
tools.splunklist_field_extractionssplunk, ssl
tools.splunklist_indexessplunk, ssl
tools.splunklist_kv_collectionssplunk, ssl
tools.splunklist_kv_entriessplunk, ssl
tools.splunklist_sourcetypessplunk, ssl
tools.splunksearch_eventssplunk, ssl
tools.splunksubmit_hec_eventsplunk_hec, ssl
tools.splunkupdate_kv_entrysplunk, ssl
tools.threatstreamlookup_domainssl, threatstream
tools.threatstreamlookup_emailssl, threatstream
tools.threatstreamlookup_file_hashssl, threatstream
tools.threatstreamlookup_ip_addressssl, threatstream
tools.threatstreamlookup_urlssl, threatstream
tools.urlscanlookup_urlssl, urlscan
tools.virustotallookup_domainssl, virustotal
tools.virustotallookup_file_hashssl, virustotal
tools.virustotallookup_ip_addressssl, virustotal
tools.virustotallookup_urlssl, virustotal
tools.wazuhactive_responsessl, wazuh_wui
tools.wazuhget_access_tokenwazuh_wui
tools.wazuhupdate_agentsssl, wazuh_wui
tools.zendeskget_group_userszendesk, ssl
tools.zendeskget_groupszendesk, ssl
tools.zendeskget_ticketzendesk, ssl
tools.zendeskget_ticket_attachmentszendesk, ssl
tools.zendeskget_ticket_commentszendesk, ssl
tools.zendeskget_twilio_recordingszendesk, ssl
tools.zendesksearch_ticketszendesk, ssl

Credentials

Tracecat uses secret keys associated with each integration for 3rd-party authentication. Find out more about how secrets work in Tracecat here.
Secret NameRequired KeysOptional Keys
alertmediaALERTMEDIA_API_KEY-
amazon_s3-AWS_ACCESS_KEY_ID AWS_PROFILE AWS_REGION AWS_ROLE_ARN AWS_ROLE_SESSION_NAME AWS_SECRET_ACCESS_KEY
ansibleANSIBLE_SSH_KEYANSIBLE_PASSWORDS
aws-AWS_ACCESS_KEY_ID AWS_PROFILE_NAME AWS_REGION AWS_ROLE_ARN AWS_ROLE_SESSION_NAME AWS_SECRET_ACCESS_KEY
check_point_infinityCHECKPOINT_ACCESS_KEY CHECKPOINT_CLIENT_ID-
crowdsec_ctiCTI_API_KEY-
crowdstrikeCROWDSTRIKE_CLIENT_ID CROWDSTRIKE_CLIENT_SECRET-
datadogDATADOG_API_KEY DATADOG_APP_KEY-
elastic_securityELASTIC_API_KEY-
gophishGOPHISH_API_KEY-
google_apiGOOGLE_API_CREDENTIALS-
google_mapsGOOGLE_MAPS_API_KEY-
hackeroneHACKERONE_API_USERNAME HACKERONE_API_TOKEN-
hibpHIBP_API_KEY-
ipinfoIPINFO_API_TOKEN-
jamfJAMF_CLIENT_ID JAMF_CLIENT_SECRET-
jiraJIRA_API_TOKEN JIRA_USEREMAIL-
kubernetesKUBECONFIG_BASE64-
ldapLDAP_HOST LDAP_PASSWORD LDAP_PORT LDAP_USER-
microsoft_graphMICROSOFT_GRAPH_CLIENT_ID MICROSOFT_GRAPH_CLIENT_SECRET-
mongodbMONGODB_CONNECTION_STRING-
oktaOKTA_API_TOKEN-
openaiOPENAI_API_KEY-
openctiOPENCTI_API_TOKEN-
pagerdutyPAGERDUTY_API_TOKEN-
phishlabsPL_CLIENT_ID PL_CLIENT_SECRET PL_CUSTOMER_ID PL_PASSWORD PL_USERNAME-
sentinel_oneSENTINEL_ONE_API_TOKEN-
slackSLACK_BOT_TOKEN-
smtpSMTP_HOST SMTP_PASS SMTP_PORT SMTP_USER-
splunkSPLUNK_API_KEY-
splunk_hecSPLUNK_HEC_TOKEN-
ssl-SSL_CLIENT_CERT SSL_CLIENT_KEY SSL_CLIENT_PASSWORD
thehiveTHEHIVE_API_KEY-
threatstreamANOMALI_API_KEY ANOMALI_USERNAME-
urlscanURLSCAN_API_KEY-
virustotalVIRUSTOTAL_API_KEY-
wazuh_wuiWAZUH_WUI_PASSWORD WAZUH_WUI_USERNAME-
wizWIZ_CLIENT_ID WIZ_CLIENT_SECRET-
zendeskZENDESK_EMAIL ZENDESK_API_TOKEN-
I