Tracecat is the open workflow automation platform for security and IT engineers. It’s an open source Tines / Splunk SOAR alternative with response-as-code. Tracecat is built on a simple YAML-based DSL for integrations, no-code UI for workflows, and Temporal for scale and reliability.

Why Tracecat?

We’re on a mission to make security and IT automation more accessible through response-as-code. What Sigma rules did for detection and Nuclei did for vulnerability scanning, Tracecat is doing for response automation.

Get Started

We highly recommend every user complete the quickstart tutorial. This tutorial covers all the core features of Tracecat, which will save you hours of learning time.

Install

Self-host Tracecat on your own infrastructure.

Users

Log into Tracecat and invite your team.

Quickstart

Get from zero to hero in one tutorial.

Core Actions

HTTP request, data transforms, and workflow actions.

Expressions

Reference action outputs, webhook payloads, secrets, and more.

Secrets

Store and retrieve secrets in workflows.

Tutorials

One of the most powerful features of Tracecat is the ability to sync custom YAML templates and Python scripts from your private GitHub / GitLab repo. Learn more in the custom integrations tutorial.

This is the recommended way to use Tracecat. All custom API calls and reusable actions should eventually be stored and version controlled in your repository.

Trigger workflows

Trigger a workflow via the UI, webhook, or schedule.

Custom integrations

Build and sync custom integrations via git.

Child workflows

Build and execute workflows of workflows.

Explode-implode

Loop and process lists of data with child workflows.

Data transforms

Filter and manipulate data with transform actions and inline functions.

Alert on failure

Notify your team when a workflow fails.

Data Manipulation

JSON

Manipulate and select data from JSON objects.

Arrays

Filter and iterate through lists of data.

Datetimes

Handle datetimes, deltas, and timestamps.

Strings

Transform and regex match strings.

Booleans

Work with truthy and falsely values.

Cryptography

Hash, encrypt, and decrypt data.

Integrations

Detect

Ingest and analyze alerts and incidents.

Notify

Add tickets, interact with users, and track cases.

Isolate

Isolate, networks, devices, and users.

Evict

Remove unhealthy or malicious actors.

Model

Build asset, IoC, and vulnerability inventories.

Harden

Update assets, configs, and policies.

Was this page helpful?

Installation