The open source Tines / Splunk SOAR alternative

The open source Tines / Splunk SOAR alternative

The open source Tines / Splunk SOAR alternative

Meet Tracecat, the all-in-one automation platform built for security and IT engineers.

Book a demo

Book a demo

Book a demo

Self-host today

Backed by

Combinator

workflow-ui

Workflows, cases, and lookup tables — no add-ons required.

Automate your playbooks for free. Pay for mission-critical alerting, unlimited workflows, and 99.99% uptime when ready.

Book a demo

Book a demo

Book a demo

Unlimited workflows for all

Trigger workflows via webhook or run them as scheduled cron jobs. Build, reuse, and scale your playbooks without limit.

Enrich SIEM alerts

Last run: 30 sec ago

Active

Check inactive sessions

Last run: 20 min ago

Runs every 30 minutes

Update firewall rules

Last run: 14 days ago

Paused

Build workflows in code and no-code

Automate in minutes using Tracecat's click-and-drag builder. Sync custom Python and YAML integrations fast via Git version control.

Cases and lookup tables all in one place

Create cases and store data directly from your workflows.

Wiz

1:00 PM

Query related entities

Crowdstrike

2:00 PM

Fetch detections

Send Slack notification

Actions Registry

32 / 420 used in workflows

API Integrations

Elastic

11:00 AM

Link to case

Email trigger

Self-host in minutes

Deploy Tracecat remarkably fast with our open-source Docker Compose, Terraform (AWS Fargate), and Kubernetes scripts.

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Moving off AWS Lambda into Tracecat gave us the same level of resilience but significantly better visibility."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

40+ workflows live 24/7

"Moving off AWS Lambda into Tracecat gave us the same level of resilience but significantly better visibility."

VP security at 1000-person company

"It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

CTO at fast-growing MDR

"Unlimited workflows enables my team to build reusable automations that best align with our security processes. As opposed to force-fitting our processes to the SOAR."

CISO at Public Financial Institution

120k alerts processed per minute

* On Tracecat's single-tenant AWS Fargate deployment

“We use Tracecat's built-in vector database to cluster common cases and reduce repetitive work for our analysts.”

Security engineer at lean MDR with 20+ clients

Testimonials

Why engineering-minded security teams, MDRs, and MSSPs build their security automations on Tracecat.

  • 40+ workflows live 24/7

    "Moving off AWS Lambda into Tracecat gave us the same level of resilience but significantly better visibility."

    VP security at 1000-person company

  • "It took minutes to self-host and run our first workflow. And less than a day to build out our custom integrations. Tracecat is by far the best open source SOAR in the market."

    CISO at Public Financial Institution

  • 120k alerts per min

    On Tracecat's single-tenant AWS Fargate deployment

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

The only open source SOAR built to scale.

Tracecat scales on Temporal: the open source durable execution platform used by Datadog, Netflix, and Stripe.

Deploy self-hosted today

Parallelized workflows

Isolated tenants

Completed Workflow Runs (last 7 days)

120

+10 from last week

Inspired by GitHub Actions

YAML configuration-as-code meets no-code workflow builder.

Out-of-the-box functions

Manipulate data across workflow steps using Excel-inspired formulas.

On-prem AI

Private and secure by design. Use self-hosted LLMs directly in Tracecat.

Lookup tables

Store and fetch data from workflows. Upload CSVs directly into Tracecat.

Multi-tenant workspaces

Build and monitor workflows as a team. Isolate secrets via workspaces.

Self-hostable

Deploy into air-gapped environments via AWS Fargate or Kubernetes.

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration

The open source Tines / Splunk SOAR alternative

The security automation platform built for builders.

Deploy self-hosted today

Unlimited Workflows

Powerful Data Tables

Durable Execution

Automations-as-code

Low-code UI

AGPL 3.0

Connect to any API

Multi-tenant

Self-hostable

Open source AI

Monitor IR Playbooks

Reduce MTTR

Intelligent Task Prioritization

Contextual Understanding

Personalized Insights

Simple Navigation

Smart Suggestions

Easy Collaboration