{"id":13454410,"url":"https://github.com/TracecatHQ/tracecat","last_synced_at":"2025-03-24T05:33:52.443Z","repository":{"id":227365014,"uuid":"763923484","full_name":"TracecatHQ/tracecat","owner":"TracecatHQ","description":"The open source Tines / Splunk SOAR alternative for security and IT engineers. Built on simple YAML templates for integrations and response-as-code.","archived":false,"fork":false,"pushed_at":"2025-03-17T15:22:23.000Z","size":42904,"stargazers_count":2547,"open_issues_count":24,"forks_count":196,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-03-17T15:46:41.999Z","etag":null,"topics":["automation","cybersecurity","event-driven","fastapi","incident-response","llm","low-code","monitoring","nextjs","openapi","orchestration","pydantic","security","temporalio","workflow-engine"],"latest_commit_sha":null,"homepage":"https://tracecat.com","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/TracecatHQ.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-27T06:48:32.000Z","updated_at":"2025-03-17T13:23:32.000Z","dependencies_parsed_at":"2024-05-21T02:39:55.636Z","dependency_job_id":"5366e6de-7106-453d-b2c6-cf9c2b139d74","html_url":"https://github.com/TracecatHQ/tracecat","commit_stats":{"total_commits":2164,"total_committers":16,"mean_commits":135.25,"dds":0.416358595194085,"last_synced_commit":"81105c8949efa675629bd3bb9dfe43ead9fe52bb"},"previous_names":["tracecathq/tracecat"],"tags_count":124,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TracecatHQ%2Ftracecat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TracecatHQ%2Ftracecat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TracecatHQ%2Ftracecat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/TracecatHQ%2Ftracecat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/TracecatHQ","download_url":"https://codeload.github.com/TracecatHQ/tracecat/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245217434,"owners_count":20579291,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","cybersecurity","event-driven","fastapi","incident-response","llm","low-code","monitoring","nextjs","openapi","orchestration","pydantic","security","temporalio","workflow-engine"],"created_at":"2024-07-31T08:00:53.830Z","updated_at":"2025-03-24T05:33:52.437Z","avatar_url":"https://github.com/TracecatHQ.png","language":"Python","readme":"\u003cdiv align=\"center\"\u003e\n  \u003cimg src=\"img/banner.svg\" alt=\"The workflow automation platform for security and IT response engineering.\"\u003e\n\u003c/div\u003e\n\n\u003c/br\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n![Commits](https://img.shields.io/github/commit-activity/m/TracecatHQ/tracecat?style=for-the-badge\u0026logo=github)\n![License](https://img.shields.io/badge/License-AGPL%203.0-blue?style=for-the-badge\u0026logo=agpl)\n[![Discord](https://img.shields.io/discord/1212548097624903681.svg?style=for-the-badge\u0026logo=discord\u0026logoColor=white)](https://discord.gg/H4XZwsYzY4)\n\n\u003c/div\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n\u003ca href=\"https://docs.tracecat.com\"\u003e\u003cimg src=\"https://img.shields.io/badge/Documentation-%23000000.svg?style=for-the-badge\u0026logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyNCIgaGVpZ2h0PSIyNCIgdmlld0JveD0iMCAwIDI0IDI0IiBmaWxsPSJub25lIiBzdHJva2U9IiNmZmZmZmYiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIiBjbGFzcz0ibHVjaWRlIGx1Y2lkZS1ib29rLW9wZW4iPjxwYXRoIGQ9Ik0xMiA3djE0Ii8+PHBhdGggZD0iTTMgMThhMSAxIDAgMCAxLTEtMVY0YTEgMSAwIDAgMSAxLTFoNWE0IDQgMCAwIDEgNCA0IDQgNCAwIDAgMSA0LTRoNWExIDEgMCAwIDEgMSAxdjEzYTEgMSAwIDAgMS0xIDFoLTZhMyAzIDAgMCAwLTMgMyAzIDMgMCAwIDAtMy0zeiIvPjwvc3ZnPg==\u0026logoColor=white\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/TracecatHQ/tracecat/tree/main/registry/tracecat_registry/templates\"\u003e\u003cimg src=\"https://img.shields.io/badge/Templates%20Library-%23000000.svg?style=for-the-badge\u0026logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgdmlld0JveD0iMCAwIDI0IDI0IiBmaWxsPSJub25lIiBzdHJva2U9IiNmZmZmZmYiIHN0cm9rZS13aWR0aD0iMS41IiBzdHJva2UtbGluZWNhcD0icm91bmQiIHN0cm9rZS1saW5lam9pbj0icm91bmQiIGNsYXNzPSJsdWNpZGUgbHVjaWRlLXNoaWVsZCI+PHBhdGggZD0iTTIwIDEzYzAgNS0zLjUgNy41LTcuNjYgOC45NWExIDEgMCAwIDEtLjY3LS4wMUM3LjUgMjAuNSA0IDE4IDQgMTNWNmExIDEgMCAwIDEgMS0xYzIgMCA0LjUtMS4yIDYuMjQtMi43MmExLjE3IDEuMTcgMCAwIDEgMS41MiAwQzE0LjUxIDMuODEgMTcgNSAxOSA1YTEgMSAwIDAgMSAxIDF6Ii8+PC9zdmc+\u0026logoColor=white\"\u003e\u003c/a\u003e\n\n\u003c/div\u003e\n\n[Tracecat](https://tracecat.com) is a modern, open source workflow automation platform built for security and IT engineers. Simple YAML-based templates for integrations with a no-code UI for workflows.\nExecuted using Temporal for scale and reliability.\n\nWe're on a mission to make security and IT automation more accessible through **response-as-code**. What Sigma rules did for detection, YARA for malware research, and Nuclei did for vulnerabilities, Tracecat is doing for response automation.\n\n## Getting Started\n\n\u003e [!IMPORTANT]\n\u003e Tracecat is in active development. Expect breaking changes with releases. Review the release [changelog](https://github.com/TracecatHQ/tracecat/releases) before updating.\n\n### Run Tracecat locally\n\nDeploy a local Tracecat stack using Docker Compose. View full instructions [here](https://docs.tracecat.com/self-hosting/deployment-options/docker-compose).\n\n```bash\n# Download Tracecat\ngit clone https://github.com/TracecatHQ/tracecat.git\n\n# Generate .env file\n./env.sh\n\n# Run Tracecat\ndocker compose up -d\n```\n\nGo to [http://localhost](http://localhost) to access the UI. Sign-up with your email and password (min 12 characters). The first user to sign-up and login will be the superadmin for the instance. The API docs is accessible at [http://localhost/api/docs](http://localhost/api/docs).\n\n### Run Tracecat on AWS Fargate\n\n**For advanced users:** deploy a production-ready Tracecat stack on AWS Fargate using Terraform. View full instructions [here](https://docs.tracecat.com/self-hosting/deployment-options/aws-ecs).\n\n```bash\n# Download Terraform files\ngit clone https://github.com/TracecatHQ/tracecat.git\ncd tracecat/deployments/aws\n\n# Create and add encryption keys to AWS Secrets Manager\n./scripts/create-aws-secrets.sh\n\n# Run Terraform to deploy Tracecat\nterraform init\nterraform apply\n```\n\n### Run Tracecat on Kubernetes\n\nComing soon.\n\n## Community\n\nHave questions? Feedback? New integration ideas? Come hang out with us in the [Tracecat Community Discord](https://discord.gg/H4XZwsYzY4).\n\n## Tracecat Registry\n\n![Tracecat Registry](img/tracecat-template.svg)\n\nTracecat Registry is a collection of integration and response-as-code templates.\nResponse actions are organized into [MITRE D3FEND](https://d3fend.mitre.org/) categories (`detect`, `isolate`, `evict`, `restore`, `harden`, `model`) and Tracecat's own ontology of capabilities (e.g. `list_alerts`, `list_cases`, `list_users`). Template inputs (e.g. `start_time`, `end_time`) are normalized to fit the [Open Cyber Security Schema (OCSF)](https://schema.ocsf.io/) ontology where possible.\n\nThe future of response automation should be self-serve, where teams rapidly link common capabilities (e.g. `list_alerts` -\u003e `enrich_ip_address` -\u003e `block_ip_address`) into workflows.\n\n**Examples**\n\nVisit our documentation on Tracecat Registry for use cases and ideas.\nOr check out existing open source templates in [our repo](https://github.com/TracecatHQ/tracecat/tree/main/registry/tracecat_registry/templates).\n\n## Open Source vs Enterprise\n\nThis repo is available under the AGPL-3.0 license with the exception of the `ee` directory. The `ee` directory contains paid enterprise features requiring a Tracecat Enterprise license.\n\nTracecat Enteprise builds on top of Tracecat OSS, optimized for mixed ETL and network workloads at enterprise scale.\nPowered by serverless workflow execution (AWS Lambda and Knative) and S3-compatible object storage.\n\n*If you are interested in Tracecat's Enterprise self-hosted or managed Cloud offering, check out [our website](https://tracecat.com) or [book a meeting with us](https://cal.com/team/tracecat).*\n\n## Security\n\nSSO, audit logs, and IaaC deployments (Terraform, Kubernetes / Helm) will always be free and available. We're working on a comprehensive list of Tracecat's threat model, security features, and hardening recommendations. For immediate answers to these questions, please reach to us on [Discord](https://discord.gg/H4XZwsYzY4).\n\nPlease report any security issues to [security@tracecat.com](mailto:founders+security@tracecat.com) and include `tracecat` in the subject line.\n\n## Contributors\n\nThank you all our amazing contributors for contributing code, integrations, and support. Open source is only possible because of you. ❤️\n\n\u003ca href=\"https://github.com/TracecatHQ/tracecat/graphs/contributors\"\u003e\n  \u003cimg src=\"https://contrib.rocks/image?repo=TracecatHQ/tracecat\" /\u003e\n\u003c/a\u003e\n\n\u003cbr\u003e\n\u003cbr\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n  \u003csub\u003e**`Tracecat`** is distributed under [**AGPL-3.0**](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE)\u003c/sub\u003e\n\n\u003c/div\u003e\n","funding_links":[],"categories":["automation","TypeScript","Python","Repos","其他_安全与渗透","security"],"sub_categories":["资源传输下载"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTracecatHQ%2Ftracecat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FTracecatHQ%2Ftracecat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FTracecatHQ%2Ftracecat/lists"}