😼 The open source alternative to Tines / Splunk SOAR. Build AI-assisted workflows, orchestrate alerts, and close cases fast.
Disclaimer: Tracecat is currently in public alpha. If you'd like to use Tracecat in production, please reach out to us on Discord or [email protected]! Want to take Tracecat for a spin? Try out our tutorials with Tracecat Cloud or self-hosted.
Tracecat is an open source automation platform for security teams. We're building the features of Tines / Splunk SOAR with:
It's designed to be simple but powerful. Security automation should be accessible to everyone, including especially understaffed small-to-mid sized teams.
SOAR (Security Orchestration, Automation and Response) refers to technologies that enable organizations to automatically collect and respond to alerts across different tooling. Though Tracecat is built for security, it's workflow automation and case management system can be applied to other alerting environments (e.g. site reliability engineering, DevOps, and physical systems monitoring).
Check out our quickstart and build your first AI workflow in 15 minutes. The easiest way to get started is to sign-up for Tracecat Cloud. We also support self-hosted Tracecat.
Let's automate a phishing email investigation, collect evidence, and generate a remediation plan using AI. You can follow the tutorial here.
https://github.com/TracecatHQ/tracecat/assets/46541035/580149cf-624b-4815-a62a-e59bbf61280e
Build AI-assisted workflows, enrich alerts, and close cases fast.
Tracecat is not a 1-to-1 mapping of Tines / Splunk SOAR. Our aim is to give technical teams a Tines-like experience, but with a focus on open source and AI features. What do we mean by AI-native?.
Tracecat is Cloud agnostic and deploys anywhere that supports Docker. Learn how to install Tracecat locally.
We're currently in Public Alpha.
Join us in building a newer, more open, kind of automation platform.
We are working hard to reach core feature parity with Tines. Integrations and out-of-the-box automations will be prioritized according to user feedback. If you've got any suggestions, please let us know on Discord 🦾.
Here are a few integrations on our roadmap:
Please do not file GitHub issues or post on our public forum for security vulnerabilities, as they are public!
Tracecat takes security issues very seriously. If you have any concerns about Tracecat or believe you have uncovered a vulnerability, please get in touch via the e-mail address [email protected]. In the message, try to provide a description of the issue and ideally a way of reproducing it. The security team will get back to you as soon as possible.
Note that this security address should be used only for undisclosed vulnerabilities. Please report any security problems to us before disclosing it publicly.
Core features, user-interfaces, and day-to-day workflows are based on existing best-practices from best-in-class security teams. We won't throw in a Clippy chatbot just for the sake of it.
We believe the most useful AI is "boring AI" (e.g. summarization, semantic search, data enrichment, labelling) that integrates with existing workflows, but with modern UI/UX and robust data engineering.
Whether it's big or small, we love contributions. There's plenty of opportunity for new integrations and bug fixes. The best way to get started is to ping us on Discord!
The Tracecat codebase is 100% open source under Apache-2.0. This includes (soon-to-be-built) enterprise features such as SSO and multi-tenancy. We offer a paid Cloud version for small-to-mid sized teams. Moreover, we plan to charge service fees to enterprises that want to deploy and maintain a self-hosted distributed version of Tracecat.