Building blocks of Tracecat workflows and action templates.
core.transform.reshape
, core.http_request
, core.http_poll
, and core.script.run_python
.To learn about the other core actions, check out the following tutorials:core
namespace.
They are distinct from pre-built integrations in the tools
namespace, which are pre-configured for specific 3rd-party tools.
There are five sub-namespaces under core
:
core
core.transform
core.workflow
core.require
core.script
core
actions are the most commonly used actions in Tracecat.
They include:
Name | Display Name | Description |
---|---|---|
core.transform.reshape | Reshape | Reshape and manipulate data. |
core.transform.scatter | Scatter | Split a list of data into individual items. |
core.transform.gather | Gather | Merge scattered data back into a single list. |
core.http_request | HTTP Request | Make a HTTP request. |
core.http_poll | HTTP Polling | Poll a REST API until a condition is met. |
core.script.run_python | Run Python script | Execute custom Python code in a secure sandbox. |
value
(e.g. a string, number, or object),
evaluates any expressions and functions, and returns the result.
Reshape
action.
Reshape
action to:url
(HttpUrl, required): The destination of the HTTP request.method
(Literal[“GET”, “POST”, “PUT”, “PATCH”, “DELETE”], required): HTTP request method.headers
(dict[str, str], optional): HTTP request headers.params
(dict[str, Any], optional): URL query parameters.payload
(dict[str, Any] | list[Any], optional): JSON serializable data in request body (POST, PUT, and PATCH).form_data
(dict[str, Any], optional): Form encoded data in request body (POST, PUT, and PATCH).files
(dict[str, str | FileUploadData], optional): Files to upload using multipart/form-data.
"file"
, "attachment1"
).form_field_name
will also be used as the filename in the Content-Disposition
header.FileUploadData
) with the following keys:filename
(str): The actual filename to be sent in the Content-Disposition
header (e.g., "mydocument.pdf"
). If not provided or empty, the form_field_name
will be used.content_base64
(str, required): The base64 encoded string of the file content.content_type
(str, optional): The MIME type of the file (e.g., "application/pdf"
, "image/png"
). If not provided, httpx
will attempt to guess it.auth
(dict[str, str], optional): Basic auth credentials with username
and password
keys.timeout
(float, optional, default: 10.0): Timeout in seconds.follow_redirects
(bool, optional, default: False): Follow HTTP redirects.max_redirects
(int, optional, default: 20): Maximum number of redirects.verify_ssl
(bool, optional, default: True): Verify SSL certificates.files
parameter):
FileUploadData
dict):
HTTPResponse
(dict):
status_code
(int)headers
(dict)data
(str | dict | list | None)core.http_request
except for the files
parameter. core.http_poll
does not support file uploads.poll_retry_codes
(int | list[int], optional): Status codes on which the action will retry. If not specified, poll_condition
must be provided.poll_interval
(float, optional): Interval in seconds between polling attempts. If not specified, defaults to polling with exponential wait.poll_max_attempts
(int, optional, default: 10): Maximum number of polling attempts. If set to 0, the action will poll indefinitely (until timeout).poll_condition
(str, optional): User defined condition that determines whether to retry. The condition is a Python lambda function string. If not specified, poll_retry_codes
must be provided.HTTPResponse
(dict) - same as core.http_request
.
/scan
endpoint to submit the URL for scanning./result
endpoint repeatedly until the status code changes from 404
to 200
.Create URLScan secret
Credentials
.
Call /scan endpoint
core.http_request
action to your workflow.
Rename it to Submit URL
and configure it with the following inputs:Poll /result endpoint
core.http_poll
action to your workflow.
Rename it to Get result
and configure it with the following inputs:Get final verdict
Run workflow
Get result
calls the /result
endpoint repeatedly until the status code is 200
.