Tracecat
Book a demo

Tracecat is a purpose-built platform for enterprise AI agents and workflows.

Built for operations, security, and reliability teams.
Open source for builders.

Book a demoSign up free
/
Adaline
Create sessionInbox
Workspace
WorkflowsTicketsAgentsToolsTables
MembersVariablesConnections
Review required 2

Isolate Gmail account from Slack request

now
Awaiting approval

Investigate Q4 metrics

2m
Found 3 anomalies
In progress 1

Handle IT request

5m
IT Requests · Processing...
Completed 2

Customer: API rate limits

15m
Resolved

Draft weekly report

1h
Report generated
Isolate Gmail account from Slack request

Trigger

Slack request

Lookup Gmail account

gmail.find_user

Isolate Gmail account

gmail.isolate

⌘N⌘Y

Isolate Gmail account given Slack request

• What Slack signal should trigger the workflow?

• Which Gmail account fields are required for isolation?

I can wire this to a Slack request and then isolate the matching Gmail account. Which Slack request type should trigger this?

Security request: Isolate Gmail account

SlackSlack (OAuth connected)
GmailGmail (OAuth connected)

I found a single action for this request: Isolate Gmail account. It will disable the account and revoke active sessions.

Trigger: Slack request received
Lookup Gmail account by email
Isolate Gmail account

Ready to add the Isolate Gmail account action to your workflow.

Trusted by builders in mission-critical environments

Saronic
Wealthsimple
MITRE
SANS
Depop
Acumen
DEVCOM
CyberUp

Turn simple prompts into secure and scalable AI workflows.

Learn about Workflows in Tracecat →
Enterprise integrations

Over 100 connectors for IT, observability, infrastructure, and security tools.

Sandboxed by default

All actions and agents are run in a sandbox, isolated from secrets.

Limitless control flow

Run loops, if-conditions, parallel subflows, and scripts (Python, Bash, Javascript).

Human-in-the-loop agents

Run agents in workflows with explicit tool approvals.

SaaS drift remediation
Drag to pan

Trigger

SaaS drift alert

@alert.type == 'iam'
@alert.type == 'other'

Scatter

Split by account

Close alert

No drift found

For loop

IAM analyst agent

AI Agent

OktaIsolate user
OktaIsolate device
SlackNotify owner

Run subflow

Access quarantine

The best way to productionize agents.

Build agents through chat
Runbooks/Incident response agent

Incident response agent

SIEM
Log search
Asset inventory
On-call

Goal

Triage security alerts, enrich with context, and recommend containment steps.

Instructions

1. Pull related alerts from SIEM and on-call logs.

2. Correlate with auth and network telemetry.

3. Propose containment and rollback steps.

Deploy agents as bots
SRE AssistantIncident 421
Latency spiked on the payments API after the latest deploy.
Detected p95 regression in us-east-1
Rollout window aligns with spike

I recommend pausing the rollout and checking the new cache invalidation path.

  • Compare latency before/after release `v2.7.1`
  • Inspect DB connection pool saturation
Can you draft a rollback checklist and page the on-call?

Drafting now. I’ll also pull the last successful deploy notes and summarize impact.

  • Rollback to `v2.7.0` in us-east-1
  • Verify error budget burn rate normalization
Give agents data securely

Tables

incidents
SRE • incident timeline
Active
alerts
Infra • paging history
Active
access_reviews
Security • quarterly audits
Active
change_requests
IT • approvals and rollbacks
Active

Build agents that work with your team.

Learn about Tickets in Tracecat →
CasesCASE-234966
Created 1 month agoLast edited 3 days ago
Status
In progress
Priority: High
Assignee: Unassigned
TTA 12m
TTR 4h 32m
Severity: High
phishing
credential compromise
marketing
email gateway

Phishing attack with successful credential compromise - marketing department user

MFA enforcedYes
Impact scopeSingle user
Data exfiltrationUnknown
Containment completeNo

Employee sarah.chen@company.com reported a suspicious email impersonating IT requesting a password verification. The phishing email compromised corporate credentials and enabled lateral movement attempts.

Detection details

  • User report at 09:42 UTC, gateway alert at 12:15 UTC
  • 2.5 hour detection delay
  • Initial access via spoofed domain email link

Indicators of compromise

  • Sender: itsupport@company-verify.net
  • Reply-to: support.verify@protonmail.com
  • Login IP: 185.220.101.45 (Tor exit node)

Recommended actions: reset credentials, revoke sessions, and run targeted mailbox audit for related phishing campaigns.

Ticket copilot
Ready

Summary drafted from the ticket description.

Suggested next steps

  • Disable compromised IAM and corporate email accounts
  • Run mailbox search for the spoofed sender
  • Check for lateral movement attempts
Can you generate a timeline and recommend containment steps?

I can generate a timeline and pre-fill containment actions based on the IOC list.

Ask the copilot for containment guidance...

Tracecat is mission ready.

Learn about the Enterprise Edition →
Access controls
Open source audit logs
Self-hostable anywhere
Sandboxed by default
SOC2 Type II
SLAs
Reserved compute and autoscaling
Git sync for workflows
Bring-your-own-LLMs

Build for free

Sign up to Tracecat

Continue

By signing up, you accept our Terms of Use and confirm that you have taken note of our Privacy Policy.

Already have an account? Sign in

Loved by modern automation teams worldwide

CNLRER
+3

@marty

"From what I can see there are other 'agent builder' solutions but none quite as elegant and useful as what we get with Tracecat"

@anon

"Just worked on an incident using case chat and it felt magical. I love how easy it's going to make end user communication"

@keyboard_warrior03

"Literally such a goated platform and I love that is more than just a workflow builder definitely a more than worthy competitor to N8N"

@festhesten

"I've tested enough products to see that the advantages here are strong enough to stay around and lobby for the enterprise license! I haven't found anything that comes close to Tracecat's full suite of features."