Tracecat is currently in public alpha. If you’d like to use Tracecat in production, please reach out to us on Discord or! Want to take Tracecat for a spin? Try out our tutorials with Tracecat Cloud or self-hosted.

Tracecat is an open source automation platform for security teams. We’re building the features of Tines / Splunk SOAR with:

It’s designed to be simple but powerful. Security automation should be accessible to everyone, including especially understaffed small-to-mid sized teams.

Check out our quickstart and build your first AI workflow in 15 minutes. The easiest way to get started is to sign-up for Tracecat Cloud. We also support self-hosted Tracecat.


Build AI-assisted workflows, enrich alerts, and close cases fast.

  • Workflows
    •  Drag-and-drop builder
    •  Core primitives (webhook, HTTP, if-else, send email, etc.)
    •  AI Actions (label, summarize, enrich etc.)
    •  Secrets
    •  Batch-stream data transforms (expected April 2024)
    •  Formulas (expected May 2024)
    •  Versioning (expected June 2024)
  • Case management
  • Event logs
    •  Unlimited logs storage
    •  Logs search
    •  Visual detection rules
    •  Piped query language
  • Data validation
    •  Pydantic V2 for fast data model and input / output validation in the backend
    •  Zod for fast form and input / output validation in the frontend
  • Teams
    •  Collaboration
    •  Tenants
  • AI infrastructure
    •  Vector database for RAG
    •  LLM evaluation and security
    •  Bring-your-own LLM (OpenAI, Mistral, Anthropic etc.)

Tracecat is not a 1-to-1 mapping of Tines / Splunk SOAR. Our aim is to give technical teams a Tines-like experience, but with a focus on open source and AI features. What do we mean by AI-native?.

For more information click here.