Tracecat is the open workflow automation platform for security and IT engineers. It’s an open source Tines / Splunk SOAR alternative with response-as-code. Tracecat is built on a simple YAML-based DSL for integrations, no-code UI for workflows, and Temporal for scale and reliability.

Why Tracecat?

We’re on a mission to make security and IT automation more accessible through response-as-code. What Sigma rules did for detection and Nuclei did for vulnerability scanning, Tracecat is doing for response automation.

Get Started

We highly recommend every user complete the quickstart tutorial. This tutorial covers all the core features of Tracecat, which will save you hours of learning time.

Tutorials

One of the most powerful features of Tracecat is the ability to sync custom YAML templates and Python scripts from your private GitHub / GitLab repo. Learn more in the custom integrations tutorial.

This is the recommended way to use Tracecat. All custom API calls and reusable actions should eventually be stored and version controlled in your repository.

Data Manipulation

Integrations

Was this page helpful?