https://github.com/tracecathq/tracecat

Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.
https://github.com/tracecathq/tracecat

automation cybersecurity event-driven fastapi incident-response llm low-code monitoring nextjs openapi orchestration pydantic security temporalio workflow-engine

Last synced: 10 days ago
JSON representation

Open source Tines / Splunk SOAR alternative. All-in-one automation platform (workflows, tables, cases) for security and IT teams.

• Host: GitHub
• URL: https://github.com/tracecathq/tracecat
• Owner: TracecatHQ
• License: agpl-3.0
• Created: 2024-02-27T06:48:32.000Z (almost 2 years ago)
• Default Branch: main
• Last Pushed: 2025-05-10T02:28:58.000Z (8 months ago)
• Last Synced: 2025-05-10T03:36:44.889Z (8 months ago)
• Topics: automation, cybersecurity, event-driven, fastapi, incident-response, llm, low-code, monitoring, nextjs, openapi, orchestration, pydantic, security, temporalio, workflow-engine
• Language: Python
• Homepage: https://tracecat.com
• Size: 49.6 MB
• Stars: 2,627
• Watchers: 24
• Forks: 203
• Open Issues: 31
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

          


  





![Commits](https://img.shields.io/github/commit-activity/m/TracecatHQ/tracecat?style=for-the-badge&logo=github)

![License](https://img.shields.io/badge/License-AGPL%203.0-blue?style=for-the-badge&logo=agpl)

[![Discord](https://img.shields.io/discord/1212548097624903681.svg?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/H4XZwsYzY4)











[Tracecat](https://tracecat.com) is a modern, open source automation platform built for security and IT engineers.

Simple YAML-based templates for integrations with a no-code UI for workflows.

Built-in lookup tables and case management.

Orchestrated using Temporal for scale and reliability.

![Tracecat workflow](/img/workflow.png)

## Getting Started

> [!IMPORTANT]

> Tracecat is in active development. Expect breaking changes with releases. Review the release [changelog](https://github.com/TracecatHQ/tracecat/releases) before updating.

### Run Tracecat locally

Deploy a local Tracecat stack using Docker Compose. View full instructions [here](https://docs.tracecat.com/self-hosting/deployment-options/docker-compose).

### Run Tracecat on AWS Fargate

**For advanced users:** deploy a production-ready Tracecat stack on AWS Fargate using Terraform. View full instructions [here](https://docs.tracecat.com/self-hosting/deployment-options/aws-ecs).

### Run Tracecat on Kubernetes

Coming soon.

## Community

Have questions? Feedback? New integration ideas? Come hang out with us in the [Tracecat Community Discord](https://discord.gg/H4XZwsYzY4).

## Tracecat Registry

![Tracecat Action template](img/action-template.svg)

Tracecat Registry is a collection of ready-to-use integration templates for common security and IT workflows.

Templates are organized around the real-world capabilities they automate (e.g. `list_alerts`, `list_cases`, `list_users`) so you can plug them straight into your playbooks.

Template inputs (e.g. `start_time`, `end_time`) use consistent naming across integrations to simplify reuse.

**Examples**

Visit our documentation on Tracecat Registry for use cases and ideas.

Or check out existing open source templates in [our repo](https://github.com/TracecatHQ/tracecat/tree/main/packages/tracecat-registry/tracecat_registry/templates).

## Open Source vs Enterprise

This repo is available under the AGPL-3.0 license with the exception of the `ee` directory. The `ee` directory contains paid enterprise features requiring a Tracecat Enterprise license.

The purpose of the Enterprise Edition is to provide additional and powerful features which require specific investments in research and development.

You can enable the Enterprise Edition directly in the settings of the platform.

*If you are interested in Tracecat's Enterprise self-hosted or managed Cloud offering, check out [our website](https://tracecat.com) or [book a meeting with us](https://cal.com/team/tracecat).*

## Security

SSO, audit logs, and IaaC deployments (Terraform, Kubernetes / Helm) will always be free and available. We're working on a comprehensive list of Tracecat's threat model, security features, and hardening recommendations. For immediate answers to these questions, please reach to us on [Discord](https://discord.gg/H4XZwsYzY4).

Please report any security issues to [security@tracecat.com](mailto:founders+security@tracecat.com) and include `tracecat` in the subject line.

## Contributors

Thank you all our amazing contributors for contributing code, integrations, and support. Open source is only possible because of you. ❤️



  











  **`Tracecat`** is distributed under [**AGPL-3.0**](https://github.com/TracecatHQ/tracecat/blob/main/LICENSE)