Open source and self-hostable

The modern, scalable security automation platform.

The modern, scalable security automation platform.

The modern, scalable security automation platform.

Meet Tracecat, an open source Tines / Splunk SOAR alternative built for builders. Automate security your way with unlimited workflows and low-code integrations.

Talk to an expert

Talk to an expert

Talk to an expert

Self-host today

Backed by

Combinator

Automate alert triage, enrichment, and response without limit.

Tracecat is the low-code automation platform built for security engineers and practitioners. Automate your playbooks for free. Pay for mission-critical alerting and 99.99% uptime when ready.

Get Enterprise license

Get Enterprise license

Get Enterprise license

Unlimited workflows for all

Trigger workflows via webhook or run them as scheduled cron jobs. Build, reuse, and scale your playbooks without limit.

Enrich SIEM alerts

Last run: 30 sec ago

Active

Check inactive sessions

Last run: 20 min ago

Runs every 30 minutes

Update firewall rules

Last run: 14 days ago

Paused

Build workflows in code and no-code

Automate in minutes using Tracecat's click-and-drag builder. Version control playbooks using YAML. Manage workflows in CICD via REST APIs.

Build integrations that scale

Use pre-built integrations or create your own. Edit, version control, and deploy integrations in a single dashboard.

Wiz

1:00 PM

Google Meet

Crowdstrike

2:00 PM

Figma File

Slack Connect

Actions Registry

32 / 420 used in workflows

API Integrations

Elastic

11:00 AM

Google Docs

Email Thread

Self-host in minutes

Deploy Tracecat remarkably fast with our open-source Docker Compose, Terraform (AWS Fargate), and Kubernetes scripts.

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

Inspired by GitHub Actions

YAML configuration-as-code meets no-code workflow builder.

In-line functions

Manipulate data across workflow steps using Excel-inspired formulas.

Open source AI

Private and secure by design. Use self-hosted LLMs directly in Tracecat.

API health monitors

Get notified of breaking API integrations before it impacts your playbooks.

Multi-tenant workspaces

Build and monitor workflows as a team. Isolate secrets via workspaces.

Self-hostable

Deploy into air-gapped environments via AWS Fargate or Kubernetes.

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR (small-to-mid sized)

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR (small-to-mid sized)

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

  • 40+ workflows live 24/7

    "Tracecat eliminated the problems of flaky integrations and playbook sprawl I faced when scaling legacy SOARs."

    VP security at 1000-person company

  • "It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

    CISO at Public Financial Institution

  • 120k alerts per min

    On Tracecat's single-tenant AWS Fargate deployment

  • "Unlimited workflows enables my team to build reusable automations that best align with our security processes."

    CISO at Public Financial Institution

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration