Open source and self-hostable
Meet Tracecat, an open source Tines / Splunk SOAR alternative built for builders. Automate security your way with unlimited workflows and low-code integrations.
Backed by
Combinator
Automate alert triage, enrichment, and response without limit.
Tracecat is the low-code automation platform built for security engineers and practitioners. Automate your playbooks for free. Pay for mission-critical alerting and 99.99% uptime when ready.
Unlimited workflows for all
Trigger workflows via webhook or run them as scheduled cron jobs. Build, reuse, and scale your playbooks without limit.
Enrich SIEM alerts
Last run: 30 sec ago
Active
Check inactive sessions
Last run: 20 min ago
Runs every 30 minutes
Build workflows in code and no-code
Automate in minutes using Tracecat's click-and-drag builder. Version control playbooks using YAML. Manage workflows in CICD via REST APIs.
Build integrations that scale
Use pre-built integrations or create your own. Edit, version control, and deploy integrations in a single dashboard.
Wiz
1:00 PM
Google Meet
Crowdstrike
2:00 PM
Figma File
Slack Connect
Actions Registry
32 / 420 used in workflows
API Integrations
Elastic
11:00 AM
Google Docs
Email Thread
Self-host in minutes
Deploy Tracecat remarkably fast with our open-source Docker Compose, Terraform (AWS Fargate), and Kubernetes scripts.
Inspired by GitHub Actions
YAML configuration-as-code meets no-code workflow builder.
In-line functions
Manipulate data across workflow steps using Excel-inspired formulas.
Open source AI
Private and secure by design. Use self-hosted LLMs directly in Tracecat.
API health monitors
Get notified of breaking API integrations before it impacts your playbooks.
Multi-tenant workspaces
Build and monitor workflows as a team. Isolate secrets via workspaces.
Self-hostable
Deploy into air-gapped environments via AWS Fargate or Kubernetes.