Tracecat is a new open source automation platform offering an alternative to proprietary solutions like Tines or Splunk SOAR!
With this free and open tool, you can create complex automation workflows, manage your incidents like a pro, and keep an eye on all your logs. Tracecat is based on robust open source technologies such as Apache Flink for orchestration and Quickwit for log storage. It was designed by security professionals who got fed up with overpriced, complex solutions that didn’t meet their needs. As a result, they developed their own tool, which is simple yet powerful, with a user-friendly interface that even your grandmother could use to automate threat hunting. Okay, maybe that’s an exaggeration—grandma is more into weed hunting…
Jokes aside, if you want to see Tracecat in action, I invite you to try this tutorial. You will learn how to automate a phishing email investigation in no time, extracting URLs with ChatGPT, analyzing their reputation, labeling the threat level, and generating a nice report in the process.
Another good point (because I know you like this): Tracecat is entirely self-hostable. You can install it locally on your laptop, in the cloud, or in a datacenter—basically wherever you want. This way, you retain full control over your data and infrastructure. And if one day you need more power, don’t worry, the developer offers a distributed paid version that scales infinitely and beyond.
So yes, Tracecat is not (yet) a full-fledged SIEM. But that’s precisely its strength! It focuses on automation and orchestration, making it much more flexible and easier to integrate, whether you have a SIEM, multiple SIEMs, or none at all. The choice is yours!
In short, if you’re tired of repetitive tasks and running around dealing with incidents, I highly recommend checking out Tracecat.