The open source Tines / Splunk SOAR alternative

Meet Tracecat, the all-in-one automation platform built for security and IT engineers.

Book a demo

Self-host today

Backed by

Combinator

workflow-ui

Workflows, cases, and lookup tables — no add-ons required.

Automate your playbooks for free. Pay for mission-critical alerting, unlimited workflows, and 99.99% uptime when ready.

Book a demo

Unlimited workflows for all

Trigger workflows via webhook or run them as scheduled cron jobs.

Enrich SIEM alerts

Last run: 30 sec ago

Active

Check inactive sessions

Last run: 20 min ago

Runs every 30 minutes

Update firewall rules

Last run: 14 days ago

Paused

Build workflows in no-code and code

Automate in minutes using Tracecat's click-and-drag builder. Add custom Python and YAML integrations via Git.

Store data and track cases

Tracecat comes out-of-the-box with lookup tables and case management.

Track device

1:10 PM

Insert into devices table

Add to secops/it case custom field

Add IP address

1:14 PM

Upsert into entities table

Did user confirm suspicious login?

2:00 PM

Add link to incident

Send notification to Slack

Open source integrations

Over 100+ integrations. Both Tracecat managed and community-driven.

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR

40+ workflows live 24/7

"Moving off AWS Lambda into Tracecat gave us the same level of resilience but significantly better visibility."

VP security at 1000-person company

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Self-host today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

1200

+10 from last week

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Book a demo

Self-host today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

Tracecat is the open source Tines / Splunk SOAR alternative.

© 2025 Tracecat. All rights reserved

Pages

Home

Pricing

Contact

LinkedIn

GitHub

X