The open source Tines / Splunk SOAR alternative

The open source Tines / Splunk SOAR alternative

The open source Tines / Splunk SOAR alternative

Meet Tracecat, the open automation platform built for security and IT engineers. Unlimited workflows, flexible integrations, no-code and low-code.

Meet Tracecat, the open automation platform built for security and IT engineers. Unlimited workflows, flexible integrations, no-code and low-code.

Book a demo

Book a demo

Book a demo

Self-host today

Backed by

Combinator

workflow-ui

Automate alert triage, enrichment, and response without limit.

Automate alert triage, enrichment, and response without limit.

Automate your playbooks for free. Pay for mission-critical alerting, unlimited workflows, and 99.99% uptime when ready.

Automate your playbooks for free. Pay for mission-critical alerting, unlimited workflows, and 99.99% uptime when ready.

Book a demo

Book a demo

Book a demo

Unlimited workflows for all

Trigger workflows via webhook or run them as scheduled cron jobs. Build, reuse, and scale your playbooks without limit.

Enrich SIEM alerts

Last run: 30 sec ago

Active

Check inactive sessions

Last run: 20 min ago

Runs every 30 minutes

Update firewall rules

Last run: 14 days ago

Paused

Build workflows in code and no-code

Automate in minutes using Tracecat's click-and-drag builder. Version control playbooks using YAML. Manage workflows in CICD via REST APIs.

Build integrations that scale

Use pre-built integrations or create your own. Edit, version control, and deploy integrations in a single dashboard.

Wiz

1:00 PM

Google Meet

Crowdstrike

2:00 PM

Figma File

Slack Connect

Actions Registry

32 / 420 used in workflows

API Integrations

Elastic

11:00 AM

Google Docs

Email Thread

Self-host in minutes

Deploy Tracecat remarkably fast with our open-source Docker Compose, Terraform (AWS Fargate), and Kubernetes scripts.

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

Inspired by GitHub Actions

YAML configuration-as-code meets no-code workflow builder.

Out-of-the-box functions

Manipulate data across workflow steps using Excel-inspired formulas.

On-prem AI

Private and secure by design. Use self-hosted LLMs directly in Tracecat.

Lookup tables

Store and fetch data from workflows. Upload CSVs directly into Tracecat.

Multi-tenant workspaces

Build and monitor workflows as a team. Isolate secrets via workspaces.

Self-hostable

Deploy into air-gapped environments via AWS Fargate or Kubernetes.

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR (small-to-mid sized)

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR (small-to-mid sized)

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

  • 40+ workflows live 24/7

    "Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

    VP security at 1000-person company

  • "It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

    CISO at Public Financial Institution

  • 120k alerts per min

    On Tracecat's single-tenant AWS Fargate deployment

  • "Unlimited workflows enables my team to build reusable automations that best align with our security processes."

    CISO at Public Financial Institution

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration