Introduction
A quick overview of Tracecat.
Tracecat is the open workflow automation platform for security and IT engineers. It’s an open source Tines / Splunk SOAR alternative with response-as-code. Tracecat is built on a simple YAML-based DSL for integrations, no-code UI for workflows, and Temporal for scale and reliability.
Why Tracecat?
We’re on a mission to make security and IT automation more accessible through response-as-code. What Sigma rules did for detection and Nuclei did for vulnerability scanning, Tracecat is doing for response automation.
Get Started
We highly recommend every user complete the quickstart tutorial. This tutorial covers all the core features of Tracecat, which will save you hours of learning time.
Install
Self-host Tracecat on your own infrastructure.
Users
Log into Tracecat and invite your team.
Quickstart
Get from zero to hero in one tutorial.
Core Actions
HTTP request, data transforms, and workflow actions.
Expressions
Reference and transform data from actions, webhooks, and more.
Secrets
Store and retrieve secrets in workflows.
Tutorials
One of the most powerful features of Tracecat is the ability to sync custom YAML templates and Python scripts from your private GitHub / GitLab repo. Learn more in the custom integrations tutorial.
This is the recommended way to use Tracecat. All custom API calls and reusable actions should eventually be stored and version controlled in your repository.
Trigger workflows
Trigger a workflow via the UI, webhook, or schedule.
Child workflows
Build and execute workflows of workflows.
Explode-implode
Loop and process lists of data with child workflows.
Data transforms
Manipulate, filter, and deduplicate data with transform actions.
Custom integrations
Build and sync custom integrations via git.
Alert on failure
Notify your team when a workflow fails.
Integrations
Was this page helpful?