Tracecat is a modern, open source automation platform built for security and IT engineers. It’s an open source Tines / Splunk SOAR alternative. Tracecat comes with a no-code / low-code UI for workflows, out-of-the-box integrations, lookup tables, and case management. Workflows are orchestrated using Temporal for scale and reliability.

​
Get Started

We highly recommend every user complete the quickstart tutorial. This tutorial covers all the core features of Tracecat, which will save you hours of learning time.

Install

Self-host Tracecat on your own infrastructure.

Users

Log into Tracecat and invite your team.

Quickstart

Get from zero to hero in one tutorial.

Core Actions

HTTP request, data transforms, and workflow actions.

Script Actions

Execute custom Python scripts in secure sandbox.

Control Flow

If-conditions, looped actions, and branching logic.

Expressions

Get and transform data from actions and webhooks.

Secrets

Store and retrieve secrets in workflows.

​
Tutorials

You can sync custom YAML integrations and Python scripts directly into Tracecat from a private Git repo. Learn more in the custom integrations tutorial.

This is the recommended way to use Tracecat. All reusable integrations should be stored and version controlled in your own GitHub / GitLab repository.

Trigger workflows

Trigger a workflow via the UI, webhook, or schedule.

Child workflows

Build and execute workflows of workflows.

Data transforms

Manipulate, filter, and deduplicate data with transform actions.

Scatter-gather

Split, transform, and merge data with scatter and gather actions.

Wait, require, and retry until

Define wait until, require, and retry until logic in workflows.

Custom integrations

Build and sync custom integrations via git.

Alert on failure

Notify your team when a workflow fails.

​
Cheatsheets

Integrations

Out-of-the-box tools and integrations in Tracecat.

Functions

Utility functions for data manipulation and transformation.