Tool

Web Service

Incident Response & Management

tracecat

by TracecatHQ

3.3Kstars

297forks

26watchers

Updated 6 months ago

About

Tracecat is an open source, all-in-one automation platform providing workflows, tables, and case management for security and IT incident response.

All-in-one AI automation platform (workflows, agents, cases, tables) for security, IT, and production engineering teams.

Primary Use Case

Tracecat is designed for security and IT teams to automate incident response and case management workflows using simple YAML-based templates and a no-code UI. It serves as an alternative to platforms like Tines and Splunk SOAR, enabling orchestration of security operations at scale and reliability.

Key Features

Open source alternative to Tines and Splunk SOAR
All-in-one platform with workflows, lookup tables, and case management
Simple YAML-based integration templates with no-code UI
Orchestration powered by Temporal for scalability and reliability
Tracecat Registry with reusable integration and response-as-code templates
Normalization of inputs using Open Cyber Security Schema (OCSF) ontology
Multiple deployment options: Docker Compose, AWS Fargate, Kubernetes (coming soon)
Active community support via Discord

Installation

Deploy a local Tracecat stack using Docker Compose following instructions at https://docs.tracecat.com/self-hosting/deployment-options/docker-compose
For production, deploy on AWS Fargate using Terraform as per https://docs.tracecat.com/self-hosting/deployment-options/aws-ecs
Kubernetes deployment support is coming soon

Usage

>_ docker-compose up

Start a local Tracecat stack using Docker Compose

>_ terraform apply

Deploy a production-ready Tracecat stack on AWS Fargate using Terraform

Security Frameworks

TA0001

Initial Access

TA0002

Execution

TA0003

Persistence

TA0004

Privilege Escalation

TA0040

Impact

Usage Insights

Integrate Tracecat with SIEMs and threat intelligence feeds to automate triage and enrichment workflows.
Leverage the YAML-based no-code templates to rapidly prototype and deploy custom incident response playbooks.
Use Tracecat Registry templates to standardize and share response actions across teams and environments.
Deploy Tracecat in Kubernetes for scalable orchestration of complex multi-step investigations and remediation.
Incorporate Tracecat into purple team exercises to simulate automated attacker behaviors and test detection and response.

Docs Take 2 Hours. AI Takes 10 Seconds.

Ask anything about tracecat. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.

3 free chats per tool • Instant responses • No credit card

Security Profile

Red Team40%

Blue Team85%

Purple Team75%

Details

LicenseGNU Affero General Public License v3.0

LanguagePython

Open Issues170

Topics

automation

security

openapi

fastapi

monitoring

nextjs

pydantic

cybersecurity

workflow-engine

event-driven

Related Tools

mvt

mvt-project/mvt

Tool

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.

12.0K

3 months ago

post-mortems

danluu/post-mortems

Documentation

A collection of postmortems. Sorry for the delay in merging PRs!

11.6K

10 months ago

Detect-It-Easy

horsicq/Detect-It-Easy

Tool

Program for determining types of files for Windows, Linux and MacOS.

10.0K

2 months ago

howtheysre

upgundecha/howtheysre

Documentation

A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE)

9.4K

8 months ago

awesome-incident-response

meirwah/awesome-incident-response

Documentation

A curated list of tools for incident response

8.3K

8 months ago

chainsaw

WithSecureLabs/chainsaw

Tool

Rapidly Search and Hunt through Windows Forensic Artefacts

3.4K

4 months ago