tracecat - Streamline Security Workflow Automation with Advanced No-code Tools

Introduction to Tracecat

Tracecat is a cutting-edge, open-source tool designed as an alternative to Tines and Splunk SOAR for security engineers. Its primary aim is to streamline security workflow orchestration using enterprise-grade, open-source technologies.

Key Features

Tracecat offers a rich selection of features that facilitate the building, scaling, and maintenance of security workflows:

Hosted Temporal Workflows: Utilizing Temporal, a tool developed by Temporal.io, Tracecat supports efficient and reliable workflow hosting.
No-code Workflow Builder: For those who prefer a graphical user interface, Tracecat provides an intuitive no-code builder where users can drag and drop components to create workflows easily.
Automations-as-Code: This feature includes a YAML syntax similar to GitHub Actions, enabling users to define workflows in a code-like format. Version control ensures all changes are tracked, enhancing collaboration and management.
Comprehensive Actions: Users can automate processes like making HTTP requests or employing if-else logic within their workflow configurations.
Case Management and Integration: Tracecat supports effective case management alongside a wide range of integration options to ensure seamless operation within various systems.
User Interfaces: With a dashboard UI and a command-line interface, users have access to flexible management tools that suit different preferences and requirements.

Tracecat is built for security teams who wish to merge no-code solutions with the benefits of configuration-as-code, like Ansible or GitHub Actions, extending the traditional Security Orchestration, Automation, and Response (SOAR) framework with modern DevOps principles.

Advantages of Using Tracecat

Security Operations (SecOps): It allows the unification of workflow creation between security engineering and SOC teams, enhancing cooperation and efficiency.
Security Engineers (SecEng): By utilizing open-source integrations and a powerful templating language, engineers can construct and sustain intricate automation processes.
Managed Detection & Response (MDR): Rapid deployment of robust workflows into any security product is made simple and effective.

Getting Started with Tracecat

For newcomers, Tracecat offers a personal touch by allowing them to connect with cofounders through an open-source onboarding call. This session can help users set up Tracecat on their systems using docker compose and initiate their first workflow in about 30 minutes.

For those who prefer a more hands-on approach, the self-serve installation guide is readily available to guide them through the setup process.

Community and Support

Tracecat thrives on a community-driven approach:

Discord: A hub for obtaining support, suggesting new features, or simply interacting with other users.
GitHub Issues: A platform for reporting bugs or encountering errors with Tracecat.
Security Concerns: Users are encouraged to report any security vulnerabilities, ensuring Tracecat remains a secure platform.

Documentation and Resources

Comprehensive documentation is available for users, including an API Reference for developers interested in crafting custom security applications. A Quickstart Guide offers an easy way to deploy a classic threat intelligence workflow using VirusTotal in just 15 minutes.

Partnership Opportunities

Tracecat is open to collaborations with MDRs and MSSPs. Interested parties can sign up via their website or schedule a discovery call with a cofounder for more personalized engagement.

In summary, Tracecat stands out as a versatile and powerful tool for security engineers, integrating modern automation practices with intuitive user interfaces to create and manage security workflows effectively.