Core Actions
Core action namespaces are prefixed with core.
.
Namespace | Function | Secrets |
---|
core | http_poll | ssl |
core | http_request | ssl |
core | require | - |
core | send_email_smtp | smtp |
core.cases | create_case | - |
core.cases | create_comment | - |
core.cases | get_case | - |
core.cases | list_cases | - |
core.cases | list_comments | - |
core.cases | update_case | - |
core.cases | update_comment | - |
core.cases | search_cases | - |
core.table | delete_row | - |
core.table | insert_row | - |
core.table | lookup | - |
core.table | lookup_many | - |
core.table | update_row | - |
core.transform | apply | - |
core.transform | deduplicate | - |
core.transform | filter | - |
core.transform | is_in | - |
core.transform | map | - |
core.transform | not_in | - |
core.transform | reshape | - |
core.workflow | execute | - |
AI Actions
Namespace | Function | Secrets |
---|
ai | action | - |
ai | agent | - |
ai | slackbot | - |
Integrations
Integration namespaces are prefixed with tools.
.
Namespace | Function | Secrets |
---|
tools.alertmedia | create_trip | alertmedia , ssl |
tools.alertmedia | delete_trip | alertmedia , ssl |
tools.alertmedia | get_travel_events | alertmedia , ssl |
tools.alertmedia | get_user_trip_by_id | alertmedia , ssl |
tools.alertmedia | get_user_trips | alertmedia , ssl |
tools.alertmedia | search_trips | alertmedia , ssl |
tools.alertmedia | search_users | alertmedia , ssl |
tools.alertmedia | update_trip | alertmedia , ssl |
tools.amazon_s3 | download_object | amazon_s3 |
tools.amazon_s3 | parse_uri | amazon_s3 |
tools.ansible | run_playbook | ansible |
tools.aws_boto3 | call_api | aws |
tools.aws_boto3 | call_paginated_api | aws |
tools.crowdsec | lookup_ip_address | crowdsec_cti , ssl |
tools.crowdstrike | list_alerts | crowdstrike |
tools.crowdstrike | list_cases | crowdstrike |
tools.crowdstrike | list_detects | crowdstrike |
tools.datadog | list_security_signals | datadog , ssl |
tools.elastic_security | list_detection_signals | elastic_security , ssl |
tools.falconpy | call_command | crowdstrike |
tools.google_api | get_access_token | google_api |
tools.google_maps | get_location_data | google_maps , ssl |
tools.gophish | create_campaign | gophish |
tools.gophish | create_group | gophish |
tools.gophish | create_landing_page | gophish |
tools.gophish | create_sending_profile | gophish |
tools.gophish | create_template | gophish |
tools.gophish | delete_campaign | gophish |
tools.gophish | delete_group | gophish |
tools.gophish | delete_landing_page | gophish |
tools.gophish | delete_sending_profile | gophish |
tools.gophish | delete_template | gophish |
tools.gophish | get_campaign | gophish |
tools.gophish | get_campaign_results | gophish |
tools.gophish | get_campaign_summary | gophish |
tools.gophish | get_group | gophish |
tools.gophish | get_group_summary | gophish |
tools.gophish | get_landing_page | gophish |
tools.gophish | get_sending_profile | gophish |
tools.gophish | get_template | gophish |
tools.gophish | list_campaigns | gophish |
tools.gophish | list_groups | gophish |
tools.gophish | list_groups_summary | gophish |
tools.gophish | list_landing_pages | gophish |
tools.gophish | list_sending_profiles | gophish |
tools.gophish | list_templates | gophish |
tools.gophish | modify_group | gophish |
tools.gophish | modify_landing_page | gophish |
tools.gophish | modify_sending_profile | gophish |
tools.gophish | modify_template | gophish |
tools.hackerone | get_program | hackerone , ssl |
tools.hackerone | get_programs | hackerone , ssl |
tools.hackerone | get_report | hackerone , ssl |
tools.hackerone | get_reports | hackerone , ssl |
tools.hibp | check_email_breaches | hibp , ssl |
tools.hibp | check_email_pastes | hibp , ssl |
tools.hibp | get_all_breaches | ssl |
tools.hibp | get_breach_details | ssl |
tools.hibp | get_data_classes | ssl |
tools.hibp | get_latest_breach | ssl |
tools.ipinfo | lookup_ip_address | ipinfo , ssl |
tools.jamf | get_access_token | jamf |
tools.jamf | list_computers | jamf , ssl |
tools.jamf | lock_device | jamf , ssl |
tools.jira | add_issue_comment | jira , ssl |
tools.jira | assign_issue | jira , ssl |
tools.jira | create_issue | jira , ssl |
tools.jira | get_fields | jira , ssl |
tools.jira | get_issue | jira , ssl |
tools.jira | get_priorities | jira , ssl |
tools.jira | get_priority_schemes | jira , ssl |
tools.jira | get_projects | jira , ssl |
tools.jira | get_transitions | jira , ssl |
tools.jira | get_user_id | jira , ssl |
tools.jira | search_issues | jira , ssl |
tools.jira | update_issue_description | jira , ssl |
tools.jira | update_issue_fields | jira , ssl |
tools.jira | update_issue_status | jira , ssl |
tools.jira | upload_attachment | jira , ssl |
tools.ldap | add_entry | ldap |
tools.leakcheck | search_domain_leak | leakcheck_api |
tools.leakcheck | search_email_leak | leakcheck_api |
tools.ldap | delete_entry | ldap |
tools.ldap | modify_entry | ldap |
tools.ldap | search_entries | ldap |
tools.okta | activate_user | okta , ssl |
tools.okta | add_to_group | okta , ssl |
tools.okta | assign_group_to_app | okta , ssl |
tools.okta | clear_user_sessions | okta , ssl |
tools.okta | create_user | okta , ssl |
tools.okta | expire_password | okta , ssl |
tools.okta | expire_password_with_temporary_password | okta , ssl |
tools.okta | get_group_members | okta , ssl |
tools.okta | get_groups_assigned_to_user | okta , ssl |
tools.okta | get_user | okta , ssl |
tools.okta | list_groups_in_org | okta , ssl |
tools.okta | list_users | okta , ssl |
tools.okta | lookup_user_by_email | okta , ssl |
tools.okta | remove_from_group | okta , ssl |
tools.okta | reset_password | okta , ssl |
tools.okta | revoke_sessions | okta , ssl |
tools.okta | search_users | okta , ssl |
tools.okta | suspend_user | okta , ssl |
tools.okta | unsuspend_user | okta , ssl |
tools.okta_oar | create_message | okta , ssl |
tools.okta_oar | get_requests | okta , ssl |
tools.okta_oar | get_specific_request | okta , ssl |
tools.okta_oar | get_user | okta , ssl |
tools.pagerduty | acknowledge_event | - |
tools.pagerduty | get_all_schedules | pagerduty |
tools.pagerduty | get_contact_methods | pagerduty |
tools.pagerduty | get_incident_data | pagerduty |
tools.pagerduty | get_incidents | pagerduty |
tools.pagerduty | get_user_notification_rules | pagerduty |
tools.pagerduty | get_users_on_call | pagerduty |
tools.pagerduty | resolve_event | pagerduty |
tools.pagerduty | trigger_event | - |
tools.phishlabs | get_case_data | phishlabs |
tools.phishlabs | get_feed_data | phishlabs |
tools.phishlabs | get_threat_data | phishlabs |
tools.pymongo | execute_operation | mongodb |
tools.sentinel_one | list_threats | sentinel_one , ssl |
tools.slack | ask_text_input | slack |
tools.slack | lookup_user_by_email | slack |
tools.slack | post_message | slack |
tools.slack | post_notification | slack |
tools.slack | post_update | slack |
tools.slack | revoke_sessions | slack |
tools.slack_sdk | call_method | slack |
tools.slack_sdk | call_paginated_method | slack |
tools.splunk | add_kv_fields | splunk , ssl |
tools.splunk | create_kv_collection | splunk , ssl |
tools.splunk | create_kv_entry | splunk , ssl |
tools.splunk | delete_kv_collection | splunk , ssl |
tools.splunk | delete_kv_entry | splunk , ssl |
tools.splunk | discover_fields | splunk , ssl |
tools.splunk | get_kv_collection | splunk , ssl |
tools.splunk | get_kv_entry | splunk , ssl |
tools.splunk | list_data_models | splunk , ssl |
tools.splunk | list_field_extractions | splunk , ssl |
tools.splunk | list_indexes | splunk , ssl |
tools.splunk | list_kv_collections | splunk , ssl |
tools.splunk | list_kv_entries | splunk , ssl |
tools.splunk | list_sourcetypes | splunk , ssl |
tools.splunk | search_events | splunk , ssl |
tools.splunk | submit_hec_event | splunk_hec , ssl |
tools.splunk | update_kv_entry | splunk , ssl |
tools.threatstream | lookup_domain | ssl , threatstream |
tools.threatstream | lookup_email | ssl , threatstream |
tools.threatstream | lookup_file_hash | ssl , threatstream |
tools.threatstream | lookup_ip_address | ssl , threatstream |
tools.threatstream | lookup_url | ssl , threatstream |
tools.urlscan | lookup_url | ssl , urlscan |
tools.virustotal | lookup_domain | ssl , virustotal |
tools.virustotal | lookup_file_hash | ssl , virustotal |
tools.virustotal | lookup_ip_address | ssl , virustotal |
tools.virustotal | lookup_url | ssl , virustotal |
tools.wazuh | active_response | ssl , wazuh_wui |
tools.wazuh | get_access_token | wazuh_wui |
tools.wazuh | update_agents | ssl , wazuh_wui |
tools.zendesk | get_group_users | zendesk , ssl |
tools.zendesk | get_groups | zendesk , ssl |
tools.zendesk | get_ticket | zendesk , ssl |
tools.zendesk | get_ticket_attachments | zendesk , ssl |
tools.zendesk | get_ticket_comments | zendesk , ssl |
tools.zendesk | get_twilio_recordings | zendesk , ssl |
tools.zendesk | search_tickets | zendesk , ssl |
Credentials
Tracecat uses secret keys associated with each integration for 3rd-party
authentication. Find out more about how secrets work in Tracecat
here.
Secret Name | Required Keys | Optional Keys |
---|
alertmedia | ALERTMEDIA_API_KEY | - |
amazon_s3 | - | AWS_ACCESS_KEY_ID AWS_PROFILE AWS_REGION AWS_ROLE_ARN AWS_ROLE_SESSION_NAME AWS_SECRET_ACCESS_KEY |
ansible | ANSIBLE_SSH_KEY | ANSIBLE_PASSWORDS |
aws | - | AWS_ACCESS_KEY_ID AWS_PROFILE_NAME AWS_REGION AWS_ROLE_ARN AWS_ROLE_SESSION_NAME AWS_SECRET_ACCESS_KEY |
check_point_infinity | CHECKPOINT_ACCESS_KEY CHECKPOINT_CLIENT_ID | - |
crowdsec_cti | CTI_API_KEY | - |
crowdstrike | CROWDSTRIKE_CLIENT_ID CROWDSTRIKE_CLIENT_SECRET | - |
datadog | DATADOG_API_KEY DATADOG_APP_KEY | - |
elastic_security | ELASTIC_API_KEY | - |
gophish | GOPHISH_API_KEY | - |
google_api | GOOGLE_API_CREDENTIALS | - |
google_maps | GOOGLE_MAPS_API_KEY | - |
hackerone | HACKERONE_API_USERNAME HACKERONE_API_TOKEN | - |
hibp | HIBP_API_KEY | - |
ipinfo | IPINFO_API_TOKEN | - |
jamf | JAMF_CLIENT_ID JAMF_CLIENT_SECRET | - |
jira | JIRA_API_TOKEN JIRA_USEREMAIL | - |
kubernetes | KUBECONFIG_BASE64 | - |
ldap | LDAP_HOST LDAP_PASSWORD LDAP_PORT LDAP_USER | - |
microsoft_graph | MICROSOFT_GRAPH_CLIENT_ID MICROSOFT_GRAPH_CLIENT_SECRET | - |
mongodb | MONGODB_CONNECTION_STRING | - |
okta | OKTA_API_TOKEN | - |
openai | OPENAI_API_KEY | - |
opencti | OPENCTI_API_TOKEN | - |
pagerduty | PAGERDUTY_API_TOKEN | - |
phishlabs | PL_CLIENT_ID PL_CLIENT_SECRET PL_CUSTOMER_ID PL_PASSWORD PL_USERNAME | - |
sentinel_one | SENTINEL_ONE_API_TOKEN | - |
slack | SLACK_BOT_TOKEN | - |
smtp | SMTP_HOST SMTP_PASS SMTP_PORT SMTP_USER | - |
splunk | SPLUNK_API_KEY | - |
splunk_hec | SPLUNK_HEC_TOKEN | - |
ssl | - | SSL_CLIENT_CERT SSL_CLIENT_KEY SSL_CLIENT_PASSWORD |
thehive | THEHIVE_API_KEY | - |
threatstream | ANOMALI_API_KEY ANOMALI_USERNAME | - |
urlscan | URLSCAN_API_KEY | - |
virustotal | VIRUSTOTAL_API_KEY | - |
wazuh_wui | WAZUH_WUI_PASSWORD WAZUH_WUI_USERNAME | - |
wiz | WIZ_CLIENT_ID WIZ_CLIENT_SECRET | - |
zendesk | ZENDESK_EMAIL ZENDESK_API_TOKEN | - |