Tracecat is an open-source, all-in-one automation platform designed for security and IT teams, offering a modern alternative to tools like Tines and Splunk SOAR. It provides a no-code UI for workflow creation, backed by YAML-based integration templates and powered by Temporal for scalable and reliable execution, enabling response-as-code principles.

How It Works

Tracecat leverages Temporal for robust workflow orchestration, ensuring scalability and fault tolerance. Integrations are defined using simple YAML templates, allowing for easy customization and management of security and IT tasks. The platform aims to standardize response actions using frameworks like MITRE D3FEND and the Open Cyber Security Schema (OCSF) for interoperability.

Quick Start & Requirements

• Local Deployment: Clone the repository, run ./env.sh to generate .env file, and then docker compose up -d. Access the UI at http://localhost.
• AWS Deployment: Requires Terraform and AWS credentials. Use ./scripts/create-aws-secrets.sh and terraform apply.
• Prerequisites: Docker, Docker Compose. AWS deployment requires Terraform and AWS Secrets Manager.

Highlighted Details

• Modern, open-source alternative to Tines and Splunk SOAR.
• YAML-based integrations and a no-code UI for workflow automation.
• Utilizes Temporal for scalable and reliable workflow execution.
• Tracecat Registry for response-as-code templates, mapped to MITRE D3FEND and OCSF.

Maintenance & Community

Active development with a community Discord server available for questions, feedback, and integration ideas.

Licensing & Compatibility

Licensed under AGPL-3.0. Enterprise features are in a separate ee directory and require a commercial license. AGPL-3.0 may have implications for commercial use or linking with closed-source software due to its strong copyleft provisions.

Limitations & Caveats

The project is in active development, and users should expect breaking changes between releases. Deployment on Kubernetes is listed as "coming soon."