It's been a while since I've posted, but Tracecat (YC W24) is gearing up for 25 wintery Christmas days filled with features, playbooks, and integration announcements. All free, open-source features related to AI and advanced use cases. But this post isn't about that. This post is about aesthetics. Despite the hardcore nature of building mission-critical software like SOAR, my cofounder Daryl and I always take the time to improve the day-to-day experience for our users. From an auto-save spinner and tabs for organizing settings to a clean, modern design and icons for visual cues... Open-source software sometimes gets a bad rap for treating UI/UX as a secondary concern. At Tracecat, we believe it's a top priority. Or as one of our early adopters puts it: "This UI is too damn good to be open source and free." Thank you and yes we don't think paywalling user experience is good for anyone. ?? Our philosophy is that security automation tools should be treated like developer tools. This means: - Unlimited workflows - Incredible developer UI/UX - Open-source integrations to customize Far too often, workflow automation platforms charge by number of workflows. This makes no sense. Your tool should fit to YOUR processes, not the other way around. Taking on an automation project is already risky enough. Having to lock into a SOAR before you've fully built out most of your automations is even riskier. Tracecat is going to be free to build on forever. You can even scale up to hundreds of alerts per day for free: our Terraform Fargate stack is fully open source. And we will NEVER charge for SAML SSO. So, what's not open source? Tracecat Enterprise covers horizontal scaling, 99.9% resiliency, and advanced AI automations. In other words, only pay us when you've fully validated the strength of our product for your needs. As always, if you believe in our mission to build a more open, scalable, and engineering-first automation platform for security operations, please give our repo a star and spread the word. ?? See links to docs and our GitHub repo below. #security #opensource #automation
Tracecat (YC W24)
计算机和网络安全
San Francisco,California 808 位关注者
Open source Tines / Splunk SOAR alternative. The security automation platform built for builders.
关于我们
The most efficient, engineering-friendly, and maintainable way to automate security. Build code / no-code workflows, integrate purpose-built SecOps AI into playbooks, and close cases fast.
- 网站
-
https://tracecat.com
Tracecat (YC W24)的外部链接
- 所属行业
- 计算机和网络安全
- 规模
- 2-10 人
- 总部
- San Francisco,California
- 类型
- 私人持股
- 创立
- 2023
- 领域
- Threat Hunting、Detection Engineering、Cloud Security、 Information Security、Generative AI、AISecOps、SOAR、Automation、Case Management、Cybersecurity和LLMOps
地点
-
主要
US,California,San Francisco
Tracecat (YC W24)员工
动态
-
?? [Nouveauté] Intégration de deux nouveaux n?uds d’action CrowdSec dans la dernière mise à jour de Tracecat (YC W24) (v0.13.0) ! Je suis ravi d'annoncer que dans la version 0.13.0 de #Tracecat, vous pourrez désormais utiliser mes deux nouveaux n?uds d'action pour #CrowdSec Les nouveaux n?uds : ?? unblock_ip_address ?? block_ip_address Explorez ces nouveautés et mettez à jour Tracecat dès maintenant pour optimiser vos workflows de sécurité ! Plus d'infos ici : https://lnkd.in/eRrQRdSk #Sécurité #CyberSécurité #DevOps #Automatisation
-
New November 2024 Tracecat (YC W24) and professional life update. Tracecat is looking really really good (more updates next week). Was invited to give a talk on security automation at SANS Institute Hackfest with Jason Ostrom. The talk covered: - Big picture on how blue teams think about SOAR / automation products - Live demo of Tracecat showcasing Jason's adversary emulation playbook with MITRE Caldera. - Jason also gave a detailed overview of different purple team use-cases with a security orchestration tool like Tracecat. This part is a MUST watch when the recording comes out. It was my first time on stage. Was nervous. And I cannot thank Jason enough for being an incredible cospeaker and saving me from rambling too much! --- TLDR on Tracecat's latest 0.13 release: - Actions registry: sync custom Python and YAML integrations from GitHub - SAML SSO (free forever) - Success / error / joins logic - UI improvements (auto-save actions) --- Tracecat's integrations registry has been extremely well received from users. The ability to edit and share GitHub Actions YAML style integrations is a game changer. It combines the best of both worlds: powerful Python client libraries under-the-hood (for SOAR developers), but fully extendible using YAML (for security practitioners). Shoutout to our latest contributor Killian Prin-Abeil all the way from France for adding our CrowdSec integrations! One of the very first public users of registry too. My cofounder Daryl and I do not shy away from building technical products for security teams. Our philosophy around product is to borrow the best ideas from tooling that most security teams are ALREADY familiar with: REST APIs, configuration-as-code (GitHub Actions / Ansible), a little bit of Python. Technical =/= hard to use* *as long as it builds upon what folks already know. It's incredible to see our product philosophy come together so nicely around the Actions Registry. A design so intuitive and powerful, analysts from different parts of the world (speaking a different language) can pick it up in a day or two. Also: new docs and tutorials coming out tomorrow. If you're interested in contributing or using Tracecat SOAR open source, please give our repo a star (links in comments)! #soar #security #opensource
-
Can't wait to talk SOAR with Tracecat's Chris L. on this week's Thursday Defensive! Gartner may think SOAR is dead, but they've never been more wrong. Security operations has a workflow problem, not a detection problem and SOAR remains a critical component. I guess it's not "AI" enough for Gartner? ˉ\_(ツ)_/ˉ Agree? Disagree? Got thoughts? Join the discussion live this Thursday! https://lnkd.in/gH8j7_m3 Tracecat (YC W24)
-
?? Nouvel #article sur le blog d'Aukfood : Découvrez mon dernier article, "Automatiser l'analyse d'une adresse IP via l'API CTI de CrowdSec avec Tracecat". ?? Lien : https://lnkd.in/eFte2dAD Cet article présente l'outil Tracecat (YC W24), un #SOAR nouvelle génération, avec en bonus une #intégration avec l'outil et notre partenaire CrowdSec faite par mes soins. Je profite de ce post pour annoncer également que je deviens #contributeur sur l'outil Tracecat. ???? Merci à Chris L. et Daryl Lim pour leur aide et leurs conseils. ???? Thanks to Chris L. and Daryl Lim for their help and advice.
-
Last week I went to DC to meet the LimaCharlie team and community at their annual MSSN CTRL conference. What an AMAZING group of builders and practitioners. Here are my top two takeaways: Personal takeaway: as a former data engineer at a big consulting corp, I've built tools for all industries: security, financial services, data science, supply chain, healthcare etc. But I've enjoyed building tools for security teams more than any other group of individuals. Why? I really did feel that security practitioners see their work, more than any other group of individuals, as a unified front against a common bad. On top of that, it was extremely obvious to me even back in my "big corp" days that security folks see software innovation as a critical part of improving their work lives. As long as you convince folks that you’re actually here to solve real problems for real on the ground practitioners. Disclaimer: this is my cofounder Daryl's and my personal experience. It might also be biased by the fact that Tracecat (YC W24) is open source and community-driven...something that seems to be a rarity these days. Technical takeaway: we are in the wild west of protecting applications accessed through the browser (e.g. SaaS and Chrome extensions). Incredible talks on SaaS attack chains from Luke Jennings at Push Security, super suss browser extensions from "special guest", and I am really excited about the SaaS threat hunting platform Turngate from Bruce Potter. Hope to see ya'll again next year! #cybersecurity #limacharlie #mssnctrl Whitney Champion Andrew Cook Eric Capuano Christopher Luft James Pichardo Andrew Katz Dylan Williams Mason C. Trevor Gingras
-
?? New month. New hot take on the future of security automation. New Tracecat (YC W24) release schedule! But first, an existential question: will AI agents replace DIY security automation platforms (e.g. SOAR)? ?? No. Gartner be tripping no. As two technical founders who've actually built a security automation platform from the ground-up, Daryl and I think the whole AI SOC analysts vs SOAR debate is 100% misguided. Here's our 3-step technical argument why: 1. Under-the-hood, a SOAR is just a JSON / YAML representation of automations and integrations (pointers to Python code / HTTP REST call) + some no-code UI on top. 2. If AI SOC analysts are meant to replace "rigid" playbook-based automations, don't these agents also need to interface with some JSON / YAML representation of automations and integrations? 3. By the logic of 2, wouldn't improving usability and scalability of SOAR also improve the accuracy and precision of AI SOC analysts? 3.1. Evidence: OpenAI and Anthropic's announced support for structured outputs (i.e. JSON-formatted answers). No more "Please please please, pretty please output JSON" added to the end of every prompt. 3.2. Evidence: As YC founders, we see first-hand how some of the fastest growing AI startups in the world build LLM-based applications. >90% of them use LLMs alongside DOMAIN-SPECIFIC APIS AND LANGUAGES. I'm sorry Gartner, but every production AI agents today interfaces with HUMAN DESIGNED APIs and software. Maybe one day AI will develop internal languages only they understand...but this is currently sci-fi not reality. --- So why go through this debate in the first place? We are about to release one of the biggest (if not the biggest) UI/UX update to Tracecat's integrations API since it's inception. Challenge: Gen 1 SOARs (e.g. Demisto / Phantom) require you to write custom Python using their verbose Python SDKs. Gen 2 SOARs (e.g. Tines) tries to solve that problem by treating EVERY integration as a pre-filled REST API call. This is great for 90% of use cases, but fails for overly low-level REST APIs. Have you ever tried using the AWS REST API over CLI / Boto3? Solution: Tracecat Registry provides a YAML-based wrapper around both Python SDKs and HTTP requests. This enables powerful Python-based integrations (Gen 1 SOAR) that are as flexible as Tines-style template actions. --- ?? Tracecat's October release schedule: - ?? Oct 10th: Tracecat Registry - ?? Oct 11th: New docs! - ?? Oct 15th: Remote Integrations - ?? Oct 20th: Data Tables --- What do you think? Will AI SOC analysts replace DIY security automation platforms? Or will existing SOAR platforms evolve to teach AI agents how to use their platforms (is this what folks are calling "hyper-automation"?) ? If this post resonates with you, please give our GitHub repo a star and like / reshare this post! As an open source project, we thrive alongside the community :) Links in comments below. #security #opensource #soar #ai
-
SecOps Engineering @ Snyk | Cybersec Automation Evangelist & Content Creator | SOAR & AI SOC Product Advisor |
?????????????? ?????? ????????-???????????? ???????? ???????????????? ???? ?????????????? ???????? ???????????????? ????????????????????? I've compiled a list of tools that you can use, complete with the latest release dates (link to the blog in the comment section) Tracecat (YC W24), Admyral, and Catalyst have all had new releases this month! If you've tried any of them, I'd love to hear your thoughts. #secops #securityautomation #opensource
-
New week. New Tracecat (YC W24) release. New hot take on why two technical YC founders are building a SOAR in 2024 (which according to Gartner is now "dead"). ?? Hot take: no-code automation in security is UNIQUELY difficult and requires a new approach. One that borrows from what we now know works in DevOps (CICD / configuration-as-code), security engineering (common schemas e.g. ECS, OCSF), and no-code UI/UX design. ?? What makes no-code automation difficult in security? - Data challenges: It's really easy for playbooks in existing no-code platforms to blow up into 200 action nodes that break easily. Why? Too many APIs, too many schemas, too many possible outcomes in DFIR. - People challenges: practitioners in 2024 have varied skillsets (threat hunting vs SOAR engineering) and backgrounds (traditional SOC vs in-house corpsec). ?? How Tracecat tries to tackle SOAR in a new way - Open source (in category that's mostly top-down enterprise driven). - Combine the clean no-code UI/UX from Tines / Torq and maintainability of configuration-as-code from GitHub Actions / Jenkins. - YAML for inputs > endless HTML forms. - But most importantly, unlimited workflows. Existing no-code automation platforms (e.g. Tines, n8n) charge by the number of workflows. We think this is a design flaw. Security playbooks are complex enough as it is. Inspired by AWS Lambda functions, we encourage users to break up playbooks into smaller single-purpose workflows. Reusability = maintainability. ?? Where is Tracecat today (version 0.8.2)? - Modern, clean automation UI/UX inspired by Tines and GitHub Actions - Create unlimited security workflows / playbooks - Out-of-the-box security integrations (Datadog, AWS GuardDuty, Okta, Sentinel One, Crowdstrike) - Organize workflows into workspaces (security, IT, GRC) - Multiple self-hosting options (docker compose and AWS via Terraform) ?? What we're working on in the coming weeks: - Better documentation - More reusable mini-playbooks (e.g. enrich with VirusTotal, receive Crowdstrike alerts) - Built in schema normalization and enforcement capabilities - Workflows tags - SSO / SCIM So what does Tracecat look like? Here's a speed-run of me creating and executing the playbook (VirusTotal to open case) shown in the quickstart docs. There's a lot more work to be done. But we're going to bunker down and work on tests, docs, and more tests. Stayed tuned as we're only moving faster and with greater focus. Links to 0.8.2 change log, quickstart docs and video, and GitHub repo in comments. #security #soar #opensource
-
New week. But no new Tracecat (YC W24) release? Daryl Lim and I wrote the first line of code for Tracecat in March 2024. We've come a long way since then, even as a two person team, with major features such as: - A modern drag-and-drop workflow UI - Temporal for workflow orchestration - Case management - Secrets manager - Webhook triggers - Scheduled workflows - JSON-path match expressions for manipulating input / output data - Out-of-the-box functions / formulas (e.g. `deserialize_json`) - Configuration-as-code YAML syntax for extending playbooks - Easy-to-use Python API to build robust code to no-code integrations with a single decorator - Unit tests for every workflow and backend feature - Integrations for major EDR, SIEM, and IdP tooling - And most recently, open source SSO with fastapi-users (to be released next week) But this isn't good enough. We need to improve: - Installation pains - Out-of-date documentation pains - Multi-cloud deployment pains - Multi-tenant pains - Data migration pains And we're doing exactly that with three WIP pull requests: - Terraform script to deploy an AWS Fargate stack: https://lnkd.in/eJkCX7VA (thank you SANS instructor Jason Ostrom for this amazing contribution) - Automated database migrations: https://lnkd.in/efSRakZP - Multi-tenant workspaces: https://lnkd.in/ePMBFjiP - Docs on installation - Docs on Cloud deployment - Docs on building workflows with the UI Given these major updates, we're pushing this week's 0.7.0 release to next Tuesday. But it's going to be a big one. With multi-tenant and automated migration support, Tracecat could be a competitive open source SOAR solution for MDRs / MSSPs. In the meantime, my cofounder Daryl Lim and I are available 7 days a week on Discord to answer any questions. In the last month, we've helped folks install and deploy Tracecat into multiple environments (local, AWS, Azure, and even in front of Cloudflare). But this isn't good enough, our goal is to get make deployment as easy as a single Terraform apply. And we're just 1-2 weeks away from that reality! To the Tracecat community who've been using / testing our product so far, we cannot thank you enough. It's your feedback that helps us reach our milestones faster and build a modern open source SOAR. ?? Link to Tracecat's Discord and GitHub repo in comments. #soar #opensource #security