Tracecat

?? Excited to announce Tracecat's v0.27.0 release, the open source Tines / Splunk SOAR alternative built for security / IT engineers. Designed for modern SOC/IR/IT teams who want the visual niceties of no-code with the flexibility of configuration-as-code for building integrations. While there are many SOAR / hyper-automation tools out there, Tracecat is the first open source security automation platform that is built to scale (with Temporal and version controlled YAML) and easily self-hostable (Docker compose, AWS Fargate Terraform). It's also built on a modern Python codebase quickly understandable for automation engineers. Key features of Tracecat (as of 0.27.0): ? 100s of pre-built integrations (Jira, Crowdstrike, Slack, Jamf, etc.) ?? Git sync (BYO GitHub / GitLab repo of custom Python / YAML integrations) ?? Alert ingestion via webhooks ?? Create lookup tables directly in Tracecat workflows and UI { } Manipulate JSON fast with inline functions (merge, index_by_key) ?? It's free to build and deploy! ?? ...much more! ?? FYI: Tracecat is now officially accepting community contributions for new integrations and functions (link in comments)! As always, big thanks to our ?? Tracecat community users and enterprise partners for helping us iterate faster with feature ideas, contributions, and bug reports. #security #automation

?? Nouvel #article sur le blog Aukfood : Découvrez "Faux positifs sous contr?le : Créer un workflow spécial CrowdSec avec Tracecat" ??? ?? https://lnkd.in/evdt3Xew Dans cet article, nous approfondissons notre intégration de Tracecat avec CrowdSec grace à de nouveaux n?uds d'action. L'objectif : automatiser encore plus efficacement la gestion des faux positifs pour optimiser vos workflows de sécurité. Bonne lecture ! ?? #CyberSécurité #CrowdSec #Tracecat #Automation #SecOps

Final 2024 Tracecat product update and five reasons why engineering-minded security teams should adopt / switch over to Tracecat in 2025. But first, a big thank you to every one who has supported us this year! Crazy fact: we've grown purely through word-of-mouth so far. No official launch yet. And to our current and would-be contributors, we've got Tracecat merch and other OSS initiatives coming for you in January. Stay tuned :) --- It's taken us 24 weeks (since alpha) and 19 releases to figure this out, but if you resonate if any of five points in this list, it'll be irresponsible NOT to evaluate Tracecat as your SOAR / hyperautomation platform in 2025. - You want to build without limit (using Tracecat open source) before you buy and deploy to production. - You hate forcing ALL your processes into a single 200+ action workflow to avoid per-workflow / per-trigger costs. - You like the flexibility to write reusable automations in no-code (click-and-drag UI), low-code (YAML), and code (Python). - You've adopted detection-as-code and now wonder why SOAR has no equivalent. - You prefer using your existing version control system (e.g. GitHub, GitLab) to sync custom integrations and playbooks. Sound like you? You're probably suffering from no-code fatigue. Tracecat embraces the best part of code (small reusable workflows-as-functions, YAML templates, version control) without the bad (ad hoc bash and Python scripts). Response-as-code. This is the future we're building. --- Product Highlights v0.19: - Introducing workflow tags: you can now organize and filter workflows with ease. - Action Templates now support categorical / enum types (e.g. status = low, medium, high) - --- That's all folks. The best part of being founder / engineers is we don't stop building over the holidays. As long as Daryl and I have our laptops, features will be shipped and bugs will be squashed. If you're on-call over the holidays, come keep us company over at Discord! Links in comments. #security #opensource #automation

Sharing an update for folks that follow us at Tracecat (YC W24). Been busy building over the holiday season. We're focused on improving the two biggest pain-points of existing SOARs that we hear from security team: - Does not scale (infra problems) for ETL heavy workflows - Does not scale (people / process problems) as playbooks grow We don't have the ideal solution yet but here's how we tackling these issues: - Taking the learnings from modern data engineering pipelines (e.g. Prefect, Kestra) and serverless ETL (Modal) and bringing it to security - Focused on bringing code best-practices to building security automations: unlimited workflows, integrations-as-functions, normalized schemas, version-control, and integrated developer experiences with your IDE (e.g. vscode). And we're building fast: here's a list of features we released the last week as part of 0.18. Links in comments. Feature highlights: - Intellisense! - Full jsonpath support for expressions - Temporal UI for managing workflows - Action templates / YAML ntegrations validation in CICD Performance: - Added Ray (ETL distributed cluster) as an executor for parallelized jobs - Improved async child workflow calls Security: - Sessions management (view and delete active sessions directly from the UI) Integrations: - LDAP (create, delete, modify) actions - Microsoft Graph OAuth token flow - Google SecOps SIEM and SOAR - Datadog list findings and aggregate events - Wazuh rootcheck - Support for HTML in email action As always thank you to the Tracecat community for your continued support and suggestions. We hear your pain-points, some can be solved with AI and agentic workflows, but more (scale, integrations, playbook sprawl) require a hard look at the way we've architected security automation in the first-place. We're unafraid to tackle these "unsexy" problems. #security #opensource #hyperautomation

PSA: Tracecat (YC W24) is not your typical "SOAR". We've built it from ground-up as the automation platform every security engineer would love. Even with the rise of AI agentic workflows and AI SOC, we believe "integrations" is still an unsolved problem in security automation (hard to maintain, easily broken, too many API layers e.g. HTTP, gPRC). And that's why we've built out what we call a "response-as-code" way to build integrations for security: This means: - Sync between code (YAML) and no-code integrations - Built-in GitHub integration to version control and pull in custom integrations - Python, YAML, or no-code: build and manage integrations YOUR way - Integrations as mini-workflows (see example below) - Inline functions (e.g. filters, jsonpath) to use in YAML integrations And every integration you deploy in Tracecat is run as a Temporal job with all the scalability and resiliency guarantees of durable execution. It's really interesting seeing how quickly our open source contributors pick up Tracecat's integrations API. Here's an example integration built by one of our MDR users that combines Crowdstrike's "get detection IDs" and "get detections summaries" into a single call. If you're looking to contribute your security integrations to a fast growing open source project, please check out our registry repo for examples, give our GitHub repo a star and find us on Discord! Links to integrations in comments. #security #crowdstrike #automation

Sending out a belated Thanksgiving to all Tracecat (YC W24)'s open source contributors! From new integrations - Velociraptor: https://lnkd.in/eHUzxfhN - Ansible: https://lnkd.in/ecNW9yBq - Wazuh: https://lnkd.in/e_ymaWzA To documentation fixes - Tutorial: https://lnkd.in/eGqb95St And infrastructure help - Ollama networking: https://lnkd.in/e5iXVk-Y Open core lives and dies from the strength of it's community. And we're excited by all the support and growth we're seeing around our open source repo. If you're looking to contribute new integrations to a growing open source security automation platform, please give us a star on GitHub or find us on Discord! We'd love to hear your ideas. GitHub: https://lnkd.in/eFPfM4bD Discord: https://lnkd.in/e6J8cFcV

It's been a while since I've posted, but Tracecat (YC W24) is gearing up for 25 wintery Christmas days filled with features, playbooks, and integration announcements. All free, open-source features related to AI and advanced use cases. But this post isn't about that. This post is about aesthetics. Despite the hardcore nature of building mission-critical software like SOAR, my cofounder Daryl and I always take the time to improve the day-to-day experience for our users. From an auto-save spinner and tabs for organizing settings to a clean, modern design and icons for visual cues... Open-source software sometimes gets a bad rap for treating UI/UX as a secondary concern. At Tracecat, we believe it's a top priority. Or as one of our early adopters puts it: "This UI is too damn good to be open source and free." Thank you and yes we don't think paywalling user experience is good for anyone. ?? Our philosophy is that security automation tools should be treated like developer tools. This means: - Unlimited workflows - Incredible developer UI/UX - Open-source integrations to customize Far too often, workflow automation platforms charge by number of workflows. This makes no sense. Your tool should fit to YOUR processes, not the other way around. Taking on an automation project is already risky enough. Having to lock into a SOAR before you've fully built out most of your automations is even riskier. Tracecat is going to be free to build on forever. You can even scale up to hundreds of alerts per day for free: our Terraform Fargate stack is fully open source. And we will NEVER charge for SAML SSO. So, what's not open source? Tracecat Enterprise covers horizontal scaling, 99.9% resiliency, and advanced AI automations. In other words, only pay us when you've fully validated the strength of our product for your needs. As always, if you believe in our mission to build a more open, scalable, and engineering-first automation platform for security operations, please give our repo a star and spread the word. ?? See links to docs and our GitHub repo below. #security #opensource #automation

?? [Nouveauté] Intégration de deux nouveaux n?uds d’action CrowdSec dans la dernière mise à jour de Tracecat (YC W24) (v0.13.0) ! Je suis ravi d'annoncer que dans la version 0.13.0 de #Tracecat, vous pourrez désormais utiliser mes deux nouveaux n?uds d'action pour #CrowdSec Les nouveaux n?uds : ?? unblock_ip_address ?? block_ip_address Explorez ces nouveautés et mettez à jour Tracecat dès maintenant pour optimiser vos workflows de sécurité ! Plus d'infos ici : https://lnkd.in/eRrQRdSk #Sécurité #CyberSécurité #DevOps #Automatisation

New November 2024 Tracecat (YC W24) and professional life update. Tracecat is looking really really good (more updates next week). Was invited to give a talk on security automation at SANS Institute Hackfest with Jason Ostrom. The talk covered: - Big picture on how blue teams think about SOAR / automation products - Live demo of Tracecat showcasing Jason's adversary emulation playbook with MITRE Caldera. - Jason also gave a detailed overview of different purple team use-cases with a security orchestration tool like Tracecat. This part is a MUST watch when the recording comes out. It was my first time on stage. Was nervous. And I cannot thank Jason enough for being an incredible cospeaker and saving me from rambling too much! --- TLDR on Tracecat's latest 0.13 release: - Actions registry: sync custom Python and YAML integrations from GitHub - SAML SSO (free forever) - Success / error / joins logic - UI improvements (auto-save actions) --- Tracecat's integrations registry has been extremely well received from users. The ability to edit and share GitHub Actions YAML style integrations is a game changer. It combines the best of both worlds: powerful Python client libraries under-the-hood (for SOAR developers), but fully extendible using YAML (for security practitioners). Shoutout to our latest contributor Killian Prin-Abeil all the way from France for adding our CrowdSec integrations! One of the very first public users of registry too. My cofounder Daryl and I do not shy away from building technical products for security teams. Our philosophy around product is to borrow the best ideas from tooling that most security teams are ALREADY familiar with: REST APIs, configuration-as-code (GitHub Actions / Ansible), a little bit of Python. Technical =/= hard to use* *as long as it builds upon what folks already know. It's incredible to see our product philosophy come together so nicely around the Actions Registry. A design so intuitive and powerful, analysts from different parts of the world (speaking a different language) can pick it up in a day or two. Also: new docs and tutorials coming out tomorrow. If you're interested in contributing or using Tracecat SOAR open source, please give our repo a star (links in comments)! #soar #security #opensource

Can't wait to talk SOAR with Tracecat's Chris L. on this week's Thursday Defensive! Gartner may think SOAR is dead, but they've never been more wrong. Security operations has a workflow problem, not a detection problem and SOAR remains a critical component. I guess it's not "AI" enough for Gartner? ˉ\_(ツ)_/ˉ Agree? Disagree? Got thoughts? Join the discussion live this Thursday! https://lnkd.in/gH8j7_m3 Tracecat (YC W24)