Actions
Building blocks for automations
Check out the Actions Registry tutorial for a hands-on guide.
Actions are steps in your workflows. Connect them together to create automations. Outputs from upstream actions can be referenced as inputs for downstream actions.
Success / Error Paths
Action Results
Actions results are referenced using JSONPath syntax.
To retrieve the output from an action, use the following expression syntax:
The action reference is a sluggified version of the action’s name. You can quickly copy the reference for an action by clicking the
icon next to the action’s name in the node:Action Types
There are two types of actions:
- User-Defined Function (UDF): A Python function turned into a referencable action.
- Action Template: A YAML template of referencable actions (UDFs and other action templates). These can also be cloned and edited to create new actions.
Action Templates
Action templates are YAML configuration-as-code templates similar to GitHub Actions workflows. We recommend using Action Templates over Python UDFs whenever possible.
- Templates are easier to maintain and update across workflows
- Templates, unlike UDFs, can be cloned and editted directly in the UI.
For example, the action template for the Search URL with VirusTotal integration is as follows:
We open sourced action templates for every pre-built integration. Check them out in Tracecat’s public repository here.
User-Defined Functions
User-defined functions (UDFs) are Python functions that are automatically converted into no-code actions. Find out how to create your own UDFs in the Custom Integrations tutorial.
Integrations
Tracecat comes with pre-built integrations for many popular security tools. A list of supported tools can be found in the integrations cheatsheet.
Integrations are not automatically updated when you update the Tracecat version. You will need to manually sync the Tracecat registry repository from the Action Registry page.