If you haven’t installed Tracecat yet, please check out our self-hosting docs for step-by-step deployment instructions.

Goals

By the end of this quickstart, you will learn how to:

  • Create a new workflow
  • Add secrets to your workspace
  • Add an action to your workflow (e.g. search a URL with VirusTotal)
  • Manually trigger the workflow

Let’s get started!

Prerequisites

Tutorial

1

Log into Tracecat

The default admin user’s email and password is configured on initial deployment. You can find out more about authentication in our self-hosting docs.

2

Create new workflow

3

Rename workflow

Click onto the canvas to access workflow settings. Rename the workflow and save the changes by clicking on the save button.

4

Add VirusTotal action

From the trigger action, search and select the VirusTotal Search URL with VirusTotal integration.

5

Configure VirusTotal action inputs

Tracecat comes with a powerful templating language called “expressions” and JSONPath syntax to reference results from upstream actions.

Find out more about expressions in our docs.

Pass data from the trigger into the VirusTotal action by filling in the inputs with the following expression:

url: ${{ TRIGGER.url }}

Make sure to save the action inputs by clicking on the Save button at the top right of the action panel.

6

Add secret

Add your VirusTotal API key to workspace secrets. For the integration to work, you’ll need to name the secret virustotal and assign your API token to a VIRUSTOTAL_API_KEY secret key.

Pre-built integrations in Tracecat come configured with a specific secret name and required keys. Find out how integrations and secrets work in our docs.

7

Commit (AKA deploy) workflow

This saves a live version of your workflow. Workflows cannot be run until they are committed.

8

Trigger workflow

Let’s test this workflow with a JSON payload directly from the UI. For this demo, we use the following sample payload:

{"url": "https://crowdstrikebluescreen.com"}

9

View workflow runs

You can monitor workflow runs and action outputs by switching to the Runs tab.

10

Congratulations!

🎉 Congratulations on running your first security workflow in Tracecat!

Next Steps

Learn how to use Tracecat’s most powerful features in four self-paced tutorials:

  • Define if-conditions in your workflows. View the tutorial.
  • Actions Registry to manage integrations. View the tutorial.
  • Secrets to manage sensitive data for actions. View the docs.

Check out the following cheatsheets for a list of Tracecat’s integrations and utilities:

  • Expressions to reference data in action inputs. View the docs.
  • Prebuilt integrations and their required secrets. View the cheatsheet.
  • Functions to manipulate data. View a list of available functions in the cheatsheet.
What is Tracecat?Control Flow