title
, description
, and display group
namespace
(e.g. tools.falconpy
) and name
(e.g. call_command
) for the actionexpects
sectionsteps
sectionsecrets
sectioncore.http_request
, configured to call an external API.
These steps are also parameterized with the inputs defined in the expects
section.
returns
field of the template is logged in Tracecat workflows.
Outputs between steps are not logged unless specified in returns
.Example templates
core.http_request
and tools.falconpy.call_command
, can all be used in templates by specifying the steps.action
field.
inputs
: Reference inputs into the action as defined in the expects
section.steps
: Reference results from previous steps in the same template.SECRETS
: Reference secrets.FN
: Reference functions.inputs
and steps
are expressions specific to templates.
SECRETS
and FN
are used in the same way as in workflows.
This means that templates have full support for Tracecat’s powerful inline functions.
For example:
secrets
section.
You must specify the secret’s name
, key
, and (if applicable) optional_keys
.
Secrets stored in the secrets manager can be accessed using the SECRETS
context: ${{ SECRETS.<name>.<key> }}
.
For example:
tools.microsoft_graph.get_access_token
, which retrieves the token.
The second step is then typically a core.http_request
action that uses the token to make a request to the API.
get_access_token
Python integrations on GitHub for examples.core.http_request
.Even if a client library is not available, different vendors implement OAuth 2.0 flows slightly differently.
A Python UDF allows you to abstract the underlying implementation details of the OAuth 2.0 flow.Example templates with OAuth 2.0