Disclaimer: Tracecat is currently in public beta. If you'd like to use Tracecat in production, please reach out to us on Discord or founders@tracecat.com! Want to take Tracecat for a spin? Try out our tutorials with Tracecat Cloud or self-hosted.
Tracecat is an open source automation platform for security teams. We're building the features of Tines / Splunk SOAR with enterprise-grade open source tools.
It's designed to be simple but powerful. Security automation should be accessible to everyone, including especially understaffed small-to-mid sized teams.
Check out our quickstart and build your first AI workflow in 15 minutes. The easiest way to get started is to sign-up for Tracecat Cloud. We also support self-hosted Tracecat.
Note
SOAR (Security Orchestration, Automation and Response) refers to technologies that enable organizations to automatically collect and respond to alerts across different security tooling (e.g. Crowdstrike, Microsoft Defender, SIEM) and data sources (e.g. AWS CloudTrail, Okta system logs).
Let's automate a phishing email investigation, collect evidence, and generate a remediation plan using AI. You can follow the tutorial here.
phishing.mov
Build AI-assisted workflows, enrich alerts, and close cases fast.
- Workflows
- Drag-and-drop builder
- Core primitives (webhook, HTTP, if-else, send email, etc.)
- AI Actions (label, summarize, enrich etc.)
- Secrets
- Integrations
- Playbooks
- Formulas (expected May 2024)
- Versioning (expected June 2024)
- Case management
- SMAC (status, malice, action, context)
- Suppression
- Deduplication
- AI-assisted labelling (e.g. MITRE ATT&CK)
- Metrics dashboard
- Data validation
- Pydantic V2 for fast data model and input / output validation in the backend
- Zod for fast form and input / output validation in the frontend
- Teams
- Single-tenancy
- Collaboration
- AI infrastructure
- VectorDB for alert contextualization / enrichment
- LLM evaluation security
- Bring-your-own LLM (OpenAI, Mistral, Anthropic etc.)
Tracecat is not a 1-to-1 mapping of Tines / Splunk SOAR. Our aim is to give technical teams a Tines-like experience, but with a focus on open source, alerts triage, unified APIs, and AI features.
Tracecat is Cloud agnostic and deploys anywhere that supports Docker. Learn how to install Tracecat locally.
- Docker Compose
- AWS
- Azure
- GCP
- Public Alpha: Anyone can sign up over at tracecat.com but go easy on us, there are kinks and we are just getting started.
- Public Beta: Stable enough for most non-enteprise use-cases
- Public: Production-ready
We're currently in Public Alpha.
Join us in building a newer, more open, kind of security automation platform.
- Tracecat Discord for hanging out with the community
- GitHub issues
New integrations and out-of-the-box playbooks will be prioritized according to user feedback. If you've got any suggestions, please let us know on Discord ๐ฆพ.
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
Tracecat takes security issues very seriously. If you have any concerns about Tracecat or believe you have uncovered a vulnerability, please get in touch via the e-mail address security@tracecat.com. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.
Note that this security address should be used only for undisclosed vulnerabilities. Please report any security problems to us before disclosing it publicly.
Copyright (c) 2024 Tracecat
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}