What you’ll learn

By the end of this tutorial, you’ll learn how to:

  • Call REST APIs via the core.http_request action
  • Trigger workflows manually via the UI
  • Add secrets to your workflows
  • Define if-conditions in your workflows
  • Define any / all conditions in your workflows
  • Run actions in a loop

Prerequisites

Your first workflow

Tracecat uses YAML to define inputs and configurations for actions and workflows. YAML is a human-readable configuration language that is easy to write and read. It is also more concise than JSON and more customizable than HTML forms.

If you’re new to YAML, you can learn more here. YAML is also widely used in DevOps tools like Ansible, GitHub Actions, and Docker Compose.

If-conditions

View all supported binary operators (e.g. ==, >,in) in the functions cheatsheet.

Every action can be turned into a conditional action. Under the If condition / Loops tab, you can specify a condition that determines whether the action should be executed.

For example, to run the Get result action only if the URL submission was successful, go to the If condition / Loops tab and specify the following in the Run if input:

${{ ACTIONS.scan_url.result.data.message == "Submission successful" }}

Examples

Conditional expressions are one of the most powerful features in Tracecat. Combine binary operators and in-line functions to express complex conditions with ease.

Here are examples of commonly used conditional expressions:

You can also combine multiple conditions using the && and || operators:

Combined Conditions
# Check if user is admin and CPU usage is high
${{ ACTIONS.user_role.result == "admin" && ACTIONS.cpu_usage.result >= 90 }}

# Check if either memory or CPU usage is critical
${{ ACTIONS.memory_usage.result >= 95 || ACTIONS.cpu_usage.result >= 95 }}

Any / All Conditions

Consider the case where you have multiple upstream actions that connect to one downstream joining node. You can control whether the joining node should run if all or any of the upstream actions succeed or fail.

Configure this by going to the If condition / Loops tab of the joining node and setting the join_strategy option to all or any.

Loops

Every action can be turned into a looped action. Under the If condition / Loops tab, you can specify loop expressions to iterate over a list of items and run the action for each item.

You can loop over any list of items in your workflow context. For example, it can be a list of file hashes in a previous action ACTIONS.some_intel_feed.result.data.malware_samples or a list of items received via webhook in TRIGGER.

Example

1

Define the loop

Define a loop expression using the ${{ for var.some_variable_name in some_list }} syntax. The variable name can be anything you want, but we recommend using a name that makes sense for the items in the list.

In this example, we iterate through a list of numbers send via webhook in TRIGGER.

${{ for var.number in TRIGGER.numbers }}

2

Use the loop variable

Go back to the action’s Inputs tab. You can now use the loop variable in the action’s inputs using the ${{ var.some_variable_name }} syntax. During the workflow run, each var.some_variable_name in the loop expression is replaced with the current item in the list.

In this example, we use the loop variable in core.transform.reshape action to iterate through a list of numbers and add one to each number.

value: ${{ var.number + 1 }}

3

Run workflow

Run the workflow via UI with the payload {"numbers": [1, 2, 3]} to see the loop in action.

The core.transform.reshape action will be executed three times with var.number being 1, 2, and 3 respectively and the output will be [2, 3, 4].

What next?

  • Learn how to trigger workflows via webhooks and schedules here.
  • Learn how to build your own custom integrations and templates here.
  • Join our Discord community for ideas and support.

Was this page helpful?

Admins and users
Previous
Core Actions
Next