https://github.com/TracecatHQ/tracecat Skip to content Toggle navigation Sign in * Product + Actions Automate any workflow + Packages Host and manage packages + Security Find and fix vulnerabilities + Codespaces Instant dev environments + Copilot Write better code with AI + Code review Manage code changes + Issues Plan and track work + Discussions Collaborate outside of code Explore + All features + Documentation + GitHub Skills + Blog * Solutions For + Enterprise + Teams + Startups + Education By Solution + CI/CD & Automation + DevOps + DevSecOps Resources + Learning Pathways + White papers, Ebooks, Webinars + Customer Stories + Partners * Open Source + GitHub Sponsors Fund open source developers + The ReadME Project GitHub community articles Repositories + Topics + Trending + Collections * Pricing Search or jump to... Search code, repositories, users, issues, pull requests... Search [ ] Clear Search syntax tips Provide feedback We read every piece of feedback, and take your input very seriously. [ ] [ ] Include my email address so I can be contacted Cancel Submit feedback Saved searches Use saved searches to filter your results more quickly Name [ ] Query [ ] To see all available qualifiers, see our documentation. Cancel Create saved search Sign in Sign up You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session. Dismiss alert {{ message }} TracecatHQ / tracecat Public * Notifications * Fork 19 * Star 645 * The AI-native, open source alternative to Tines / Splunk SOAR. tracecat.com License Apache-2.0 license 645 stars 19 forks Branches Tags Activity Star Notifications * Code * Issues 1 * Pull requests 1 * Discussions * Actions * Projects 0 * Security * Insights Additional navigation options * Code * Issues * Pull requests * Discussions * Actions * Projects * Security * Insights TracecatHQ/tracecat This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository. main BranchesTags Go to file Code Folders and files Last Last Name Name commit commit message date Latest commit History 484 Commits .github .github .vscode .vscode aws aws docs docs frontend frontend img img nginx nginx scripts scripts supabase supabase tests tests tracecat tracecat .all-contributorsrc .all-contributorsrc .gitignore .gitignore .pre-commit-config.yaml .pre-commit-config.yaml CODE_OF_CONDUCT.md CODE_OF_CONDUCT.md Dockerfile Dockerfile LICENSE LICENSE README.md README.md SECURITY.md SECURITY.md aws_cdk_app.py aws_cdk_app.py docker-compose.self-host.yaml docker-compose.self-host.yaml docker-compose.yaml docker-compose.yaml pyproject.toml pyproject.toml requirements-cdk.txt requirements-cdk.txt requirements-dev.txt requirements-dev.txt requirements-lint.txt requirements-lint.txt requirements.txt requirements.txt View all files Repository files navigation * README * Code of conduct * Apache-2.0 license * Security Open source Tines / Splunk SOAR alternative tracecat License Commit Activity Docs Next.js FastAPI Pydantic v2 Discord Disclaimer: Tracecat is currently in public alpha. If you'd like to use Tracecat in production, please reach out to us on Discord or founders@tracecat.com! Want to take Tracecat for a spin? Try out our tutorials with Tracecat Cloud or self-hosted. Tracecat is an open source automation platform for security teams. We're building the features of Tines / Splunk SOAR with: * Enterprise-grade open source tools * Open source AI infra and GPT models * Practitioner-obsessed UI/UX It's designed to be simple but powerful. Security automation should be accessible to everyone, [DEL:including:DEL] especially understaffed small-to-mid sized teams. Check out our quickstart and build your first AI workflow in 15 minutes. The easiest way to get started is to sign-up for Tracecat Cloud. We also support self-hosted Tracecat. autocomplete_gif Getting started Let's automate a phishing email investigation, collect evidence, and generate a remediation plan using AI. You can follow the tutorial here. phishing.mov Features Build AI-assisted workflows, enrich alerts, and close cases fast. * Workflows + [*] Drag-and-drop builder + [*] Core primitives (webhook, HTTP, if-else, send email, etc.) + [*] AI Actions (label, summarize, enrich etc.) + [*] Secrets + [ ] Batch-stream data transforms (expected April 2024) + [ ] Formulas (expected May 2024) + [ ] Versioning (expected June 2024) * Case management + [*] SMAC (status, malice, action, context) + [*] Suppression + [ ] Deduplication (expected 1st week April) + [*] AI-assisted labelling (e.g. MITRE ATT&CK) + [ ] Metrics + [ ] Analytics dashboard * Event logs + [*] Unlimited logs storage + [*] Logs search + [ ] Visual detection rules + [ ] Piped query language * Data validation + [*] Pydantic V2 for fast data model and input / output validation in the backend + [*] Zod for fast form and input / output validation in the frontend * Teams + [ ] Collaboration + [ ] Tenants * AI infrastructure + [*] Vector database for RAG + [ ] LLM evaluation and security + [ ] Bring-your-own LLM (OpenAI, Mistral, Anthropic etc.) Tracecat is not a 1-to-1 mapping of Tines / Splunk SOAR. Our aim is to give technical teams a Tines-like experience, but with a focus on open source and AI features. What do we mean by AI-native?. Installation Tracecat is Cloud agnostic and deploys anywhere that supports Docker. Learn how to install Tracecat locally. * [*] Authentication + [*] Supabase + [ ] Auth.js + [ ] Supertokens * [ ] Deployment + [*] Docker Compose + [ ] AWS + [ ] Azure + [ ] GCP Is Tracecat enterprise ready? We are currently in Public Alpha. We don't recommend using Tracecat for production until Public Beta is out! Nevertheless, we are building remarkably fast and expect to get there in the next 3-4 months. There are two "flavors" of Tracecat. Tracecat Embedded, which runs on a single instance and scales vertically, and Tracecat Distributed, which scales horizontally with self-healing / resillience. Tracecat Embedded is designed to run automation workflows, store event logs, and run search queries with extreme efficiency on a single instance (e.g. EC2, laptop). Embedded Tracecat should already scale beyond Tines' free tier (3 workflows, 500 workflow runs daily) given sufficient memory, cpu, and network capacity. With Tracecat on Quickwit, you can also store events logs in S3 at unlimited scale and time length. For enterprise use-cases that require 99.99% SLAs, however, we recommend waiting for Tracecat Distributed! * [*] Embedded architecture + [*] Flunk: homegrown workflow engine based on Flink + [*] LanceDB + [*] Polars + [*] Tantivy * [ ] Distributed architecture + [ ] Apache Flink + [ ] LanceDB / Lantern + [ ] Quickwit If you'd like to stress test Tracecat, please ping us on Discord and we can help you get started! Status * [*] Public Alpha: Anyone can sign up over at tracecat.com but go easy on us, there are kinks and we are just getting started. * [ ] Public Beta: Stable enough for most non-enteprise use-cases * [ ] Public: Production-ready We're currently in Public Alpha. Community & Support Join us in building a newer, more open, kind of automation platform. * Tracecat Discord for hanging out with the community * GitHub issues Integrations and pre-built workflows We are working hard to reach core feature parity with Tines. Integrations and out-of-the-box automations will be prioritized according to user feedback. If you've got any suggestions, please let us know on Discord . Here are a few integrations on our roadmap: * [ ] Slack * [ ] Microsoft Teams * [ ] GitHub * [ ] CrowdStrike * [ ] Terraform * [ ] AWS CloudTrail * [ ] Vanta Security Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our SECURITY.md file. FAQ What does it mean to be "practitioner-obsessed"? Core features, user-interfaces, and day-to-day workflows are based on existing best-practices from best-in-class security teams. We won't throw in a Clippy chatbot just for the sake of it. Does the world really need another SOAR? * Big enterprise SOARs are too expensive. They also lack transparency regarding their AI features. * Open source SOARs were popular two years ago, but failed to mature from side-projects into enterprise-ready software. * Most SIEMs are bundled with a SOAR, but lack flexibility for security teams (e.g. MSSPs) that work across multiple SIEMs or no SIEM at all. Why build open source? * We love using and building open source tools. * Existing "AI" security products hide behind demo-ware, sales calls, and white papers. We want to build in the open: open community, open tutorials, and open vision. * Create a safe space for practitioners to experiment with open source AI models in their own isolated environments. What does AI-native mean? We believe the most useful AI is "boring AI" (e.g. summarization, semantic search, data enrichment, labelling) that integrates with existing workflows, but with modern UI/UX and robust data engineering. Contributing Whether it's big or small, we love contributions. There's plenty of opportunity for new integrations and bug fixes. The best way to get started is to ping us on Discord! Open source vs paid The Tracecat codebase is 100% open source under Apache-2.0. This includes (soon-to-be-built) enterprise features such as SSO and multi-tenancy. We offer a paid Cloud version for small-to-mid sized teams. Moreover, we plan to charge service fees to enterprises that want to deploy and maintain a self-hosted distributed version of Tracecat. License Apache-2.0 About The AI-native, open source alternative to Tines / Splunk SOAR. tracecat.com Topics security automation openapi genai llm-security Resources Readme License Apache-2.0 license Code of conduct Code of conduct Security policy Security policy Activity Custom properties Stars 645 stars Watchers 6 watching Forks 19 forks Report repository Contributors 2 * * Languages * TypeScript 61.8% * Python 36.6% * Other 1.6% Footer (c) 2024 GitHub, Inc. Footer navigation * Terms * Privacy * Security * Status * Docs * Contact * Manage cookies * Do not share my personal information You can't perform that action at this time.