Actions
Building blocks for workflows
Actions are individual tasks performed at each step of a Tracecat workflow. You can find all available Actions in the workspace catalog (left sidebar).
Core Actions
There are only 5 core action types, but they can be configured to perform almost any task. For example, a HTTP request can be configured to send a GET request to an API endpoint. See Quickstart for a worked example.
HTTP Request
Make HTTP requests to interact with external APIs.
Data Transform
Transform data in-flight.
Send Email
Send emails to specified recipients.
AI Actions
Perform AI-powered tasks (e.g. summarize, label, translate).
Open Case
Open and prepopulate a case in the case management system.
Extending Actions
Actions are built on top of our user-defined functions (UDF) framework. You can add your own UDFs if you self-host Tracecat and even change the core actions!
In Tracecat enterprise, users will eventually be able to host their own private UDFs for any custom actions or integrations they wish to run.
Control Flow
Every action manages its own control flow logic.
Conditional logic
Every action has a run_if clause that can be used to conditionally run the action.
Any full expression that evaluates to a boolean can be passed to the run_if clause.
actions:
- ref: check_virustotal
action: core.http_request
run_if: ${{ FN.not_null(TRIGGER.hash) }} # TRIGGER.hash != null
args:
url: https://www.virustotal.com/api/v3/files/${{ TRIGGER.hash }}
method: GET
Loops (WIP)
loop clause that can be used to run the action multiple
times.
inputs:
hashes:
- "1234567890"
- "0987654321"
- "5678901234"
actions:
- ref: check_virustotal
action: core.http_request
for_each: ${{ for ENV.curr_hash in INPUTS.hashes }} # Assigns each hash to ENV.curr_hash
args:
url: https://www.virustotal.com/api/v3/files/${{ ENV.curr_hash }}
method: GET
This will hit the urls:
https://www.virustotal.com/api/v3/files/1234567890https://www.virustotal.com/api/v3/files/0987654321https://www.virustotal.com/api/v3/files/5678901234