All Tools
T
Dev ToolsFreeOpen Source
TRACECAT
Open-source security automation for teams and AI agents
AGPL-3.0
ABOUT
Security teams are overwhelmed by alert volumes from dozens of tools — SIEMs, EDRs, cloud security scanners, and threat feeds — each requiring manual triage and response. Tracecat connects security tools into automated workflows that can be described in natural language: "when a critical alert from CrowdStrike matches a known IoC pattern, create a case, enrich it with VirusTotal, and notify the on-call engineer via Slack." It provides case management, a workflow builder, and agent harness support so teams can automate incident response without writing custom scripts for every playbook.
INSTALL
pip install tracecat
tracecat init
INTEGRATION GUIDE
1. Automate SOC alert triage by enriching, deduplicating, and routing alerts from SIEM to the right responder
2. Build end-to-end incident response playbooks with automated evidence collection and case creation
3. Create agent-driven security workflows that investigate phishing emails, extract IOCs, and block domains
4. Orchestrate multi-tool response actions across cloud security, endpoint protection, and threat intelligence platforms
TAGS
securityautomationworkflowssoarai-agentssiem