What you’ll learn

By the end of this tutorial, you’ll learn how to:

  • Call REST APIs via the core.http_request action
  • Trigger workflows manually via the UI
  • Add secrets to your workflows
  • Define if-conditions in your workflows
  • Define any / all conditions in your workflows
  • Run actions in a loop

Prerequisites

Your first workflow

Tracecat uses YAML to define inputs and configurations for actions and workflows. YAML is a human-readable configuration language that is easy to write and read. It is also more concise than JSON and more customizable than HTML forms.

If you’re new to YAML or need a refresher, check out our YAML syntax cheatsheet. YAML is also widely used in DevOps tools like Ansible, GitHub Actions, and Docker Compose.

Actions and integrations

Actions are the building blocks of Tracecat workflows. Tracecat has two main types of actions:

  • core actions for core functionality (e.g. HTTP request, AI action, and data transforms).
  • tools actions for integrations to 3rd-party services.

Find out more in Tracecat’s core actions and tools docs.

Tracecat uses JSONPath and dot notation to select outputs from previous actions. JSONPath can also be used to filter and transform nested JSONs.

Both ACTIONS and TRIGGER expression contexts support JSONPath syntax. If you are new to JSONPath or need a refresher, check out our JSONPath syntax cheatsheet.

Search for integrations

Search for pre-built integrations in the actions dropdown menu. Do this by right clicking on the workflow canvas or dragging it out from an existing node.

Fill in inputs

Fill in the required and optional inputs in the Inputs section.

View schema and metadata

Expand the Input schema section to view all supported inputs and required secrets.

View template

Click on the View template tab to view the YAML code for Action Template integrations. You can also view the integration’s action type, origin, and documentation URL at the top of the action’s settings panel.

If-conditions

View all supported binary operators (e.g. ==, >,in) in the functions cheatsheet.

Every action can be turned into a conditional action. Under the If condition / Loops tab, you can specify a condition that determines whether the action should be executed.

For example, to run the Get result action only if the URL submission was successful, go to the If condition / Loops tab and specify the following in the Run if input:

${{ ACTIONS.scan_url.result.data.message == "Submission successful" }}

Examples

Conditional expressions are one of the most powerful features in Tracecat. Combine binary operators and in-line functions to express complex conditions with ease.

Here are examples of commonly used conditional expressions:

# Equal to
${{ ACTIONS.user_role.result == "admin" }}

# Not equal to
${{ ACTIONS.environment.result != "production" }}

# Greater than
${{ ACTIONS.failed_attempts.result > 5 }}

# Less than
${{ ACTIONS.response_time.result < 1000 }}

# Greater than or equal to
${{ ACTIONS.cpu_usage.result >= 90 }}

# Less than or equal to
${{ ACTIONS.memory_usage.result <= 80 }}

You can also combine multiple conditions using the && and || operators:

Combined Conditions
# Check if user is admin and CPU usage is high
${{ ACTIONS.user_role.result == "admin" && ACTIONS.cpu_usage.result >= 90 }}

# Check if either memory or CPU usage is critical
${{ ACTIONS.memory_usage.result >= 95 || ACTIONS.cpu_usage.result >= 95 }}

Any / All Conditions

Consider the case where you have multiple upstream actions that connect to one downstream joining node. You can control whether the joining node should run if all or any of the upstream actions succeed or fail.

Configure this by going to the If condition / Loops tab of the joining node and setting the join_strategy option to all or any.

Loops

Every action can be turned into a looped action. Under the If condition / Loops tab, you can specify loop expressions to iterate over a list of items and run the action for each item.

You can loop over any list of items in your workflow context. For example, it can be a list of file hashes in a previous action ACTIONS.some_intel_feed.result.data.malware_samples or a list of items received via webhook in TRIGGER.

Example

1

Define the loop

Define a loop expression using the ${{ for var.some_variable_name in some_list }} syntax. The variable name can be anything you want, but we recommend using a name that makes sense for the items in the list.

In this example, we iterate through a list of numbers send via webhook in TRIGGER.

${{ for var.number in TRIGGER.numbers }}

2

Use the loop variable

Go back to the action’s Inputs tab. You can now use the loop variable in the action’s inputs using the ${{ var.some_variable_name }} syntax. During the workflow run, each var.some_variable_name in the loop expression is replaced with the current item in the list.

In this example, we use the loop variable in core.transform.reshape action to iterate through a list of numbers and add one to each number.

value: ${{ var.number + 1 }}

3

Run workflow

Run the workflow via UI with the payload {"numbers": [1, 2, 3]} to see the loop in action.

The core.transform.reshape action will be executed three times with var.number being 1, 2, and 3 respectively and the output will be [2, 3, 4].

What next?

Was this page helpful?

Admins and users
Previous
Core Actions
Next