Quickstart
Everything you need to know to get started with Tracecat.
What you’ll learn
By the end of this tutorial, you’ll learn how to:
- Call REST APIs via the
core.http_request
action - Trigger workflows manually via the UI
- Add secrets to your workflows
- Define if-conditions in your workflows
- Define any / all conditions in your workflows
- Run actions in a loop
Prerequisites
Your first workflow
Tracecat uses YAML to define inputs and configurations for actions and workflows. YAML is a human-readable configuration language that is easy to write and read. It is also more concise than JSON and more customizable than HTML forms.
If you’re new to YAML or need a refresher, check out our YAML syntax cheatsheet. YAML is also widely used in DevOps tools like Ansible, GitHub Actions, and Docker Compose.
Actions and integrations
Actions are the building blocks of Tracecat workflows. Tracecat has two main types of actions:
core
actions for core functionality (e.g. HTTP request, AI action, and data transforms).tools
actions for integrations to 3rd-party services.
Find out more in Tracecat’s core actions and tools docs.
Tracecat uses JSONPath and dot notation to select outputs from previous actions. JSONPath can also be used to filter and transform nested JSONs.
Both ACTIONS
and TRIGGER
expression contexts support JSONPath syntax.
If you are new to JSONPath or need a refresher, check out our JSONPath syntax cheatsheet.
Search for integrations
Search for pre-built integrations in the actions dropdown menu. Do this by right clicking on the workflow canvas or dragging it out from an existing node.
Fill in inputs
Fill in the required and optional inputs in the Inputs
section.
View schema and metadata
Expand the Input schema
section to view all supported inputs and required secrets.
View template
Click on the View template
tab to view the YAML code for Action Template integrations.
You can also view the integration’s action type, origin, and documentation URL at the top of the action’s settings panel.
If-conditions
View all supported binary operators (e.g. ==
, >
,in
) in the functions cheatsheet.
Every action can be turned into a conditional action.
Under the If condition / Loops
tab, you can specify a condition that determines whether the action should be executed.
For example, to run the Get result
action only if the URL submission was successful, go to the If condition / Loops
tab and specify the following in the Run if
input:
Examples
Conditional expressions are one of the most powerful features in Tracecat. Combine binary operators and in-line functions to express complex conditions with ease.
Here are examples of commonly used conditional expressions:
You can also combine multiple conditions using the &&
and ||
operators:
Any / All Conditions
Consider the case where you have multiple upstream actions that connect to one downstream joining node.
You can control whether the joining node should run if all
or any
of the upstream actions succeed or fail.
Configure this by going to the If condition / Loops
tab of the joining node and setting the join_strategy
option to all
or any
.
Loops
Every action can be turned into a looped action.
Under the If condition / Loops
tab, you can specify loop expressions to iterate over a list of items and run the action for each item.
You can loop over any list of items in your workflow context.
For example, it can be a list of file hashes in a previous action ACTIONS.some_intel_feed.result.data.malware_samples
or a list of items received via webhook in TRIGGER
.
Example
Define the loop
Define a loop expression using the ${{ for var.some_variable_name in some_list }}
syntax.
The variable name can be anything you want, but we recommend using a name that makes sense for the items in the list.
In this example, we iterate through a list of numbers send via webhook in TRIGGER
.
Use the loop variable
Go back to the action’s Inputs
tab.
You can now use the loop variable in the action’s inputs using the ${{ var.some_variable_name }}
syntax.
During the workflow run, each var.some_variable_name
in the loop expression is replaced with the current item in the list.
In this example, we use the loop variable in core.transform.reshape
action to iterate through a list of numbers and add one to each number.
Run workflow
Run the workflow via UI with the payload {"numbers": [1, 2, 3]}
to see the loop in action.
The core.transform.reshape
action will be executed three times with var.number
being 1
, 2
, and 3
respectively and the output will be [2, 3, 4]
.
What next?
- Learn about Tracecat’s core actions.
- Learn how to trigger workflows via webhooks and schedules.
- Learn how to reference data from actions and webhooks using expressions.
- Learn how to build and sync your own custom integrations from a private Git repository.
- Join our Discord community for ideas and support.
Was this page helpful?