TracecatHQ/tracecat

The open source Tines / Splunk SOAR alternative.

Tracecat is an open-source Tines / Splunk SOAR alternative for security engineers. We're building the features of Tines using enterprise-grade open-source tools.

• Hosted Temporal workflows
• No-code workflow builder
• Automations-as-code
  • GitHub Actions-like YAML syntax. Docs
  • Python-to-no-code compiler. Docs
  • Version control
  • VSCode extension (coming soon)
• Actions (HTTP requests, if-else, etc.). Docs
• Case Management. Docs
• Dashboard UI
• Command-line interface
• Integrations

Tracecat is not a 1-to-1 Tines / Splunk SOAR equivalent. We designed Tracecat to be the simplest way for modern security teams to build, scale, and maintain workflows. Tracecat enables security practitioners to build automations using both:

• No-code drag-and-drop UI
• Configuration-as-code (e.g. Ansible / GitHub Actions)

No-code workflows are automatically synced into code, and vice versa. Tracecat extends the classic no-code Security Orchestration, Automation and Response (SOAR) experience with DevOps best-practices.

Why Tracecat?

• Security Operations (SecOps): Unify workflow development across security engineering and SOC teams
• Security Engineers (SecEng): Build and maintain complex automations using open source integrations, configuration-as-code, and a powerful templating language
• Managed Detection & Response (MDR): Rapidly embed scalable workflow applications into any security product

Getting Started

The easiest way to get started is to meet one of our cofounders on an open-source onboarding call. We'll help you install Tracecat self-hosted via docker compose and run your first workflow in 30 minutes.

More of a DIY hacker? Check out the self-serve installation guide here.

Community & Support

• Discord: seeking support, sharing new feature or integration ideas, and hanging out with the community.
• GitHub issues: bugs and errors you encounter with Tracecat.
• Security: reporting security concerns and vulnerabilities.

Documentation

• For full documentation, visit https://docs.tracecat.com.
• For developers looking to create custom security apps, check out our API Reference.
• Quickstart: Deploy the classic threat intel workflow with VirusTotal in 15 minutes.

Partner With Us

Tracecat is now open to MDRs and MSSPs. Sign up over at our website or book a call with one of our cofounders.