Tracecat: An Open Source Alternative to Tines/Splunk SOAR for Security Automation

Tracecat is a new open source automation platform offering an alternative to proprietary solutions like Tines or Splunk SOAR!

With this free and open tool, you can create complex automation workflows, manage your incidents like a pro, and keep an eye on all your logs. Tracecat is based on robust open source technologies such as Apache Flink for orchestration and Quickwit for log storage. It was designed by security professionals who got fed up with overpriced, complex solutions that didn’t meet their needs. As a result, they developed their own tool, which is simple yet powerful, with a user-friendly interface that even your grandmother could use to automate threat hunting. Okay, maybe that’s an exaggeration—grandma is more into weed hunting…

Jokes aside, if you want to see Tracecat in action, I invite you to try this tutorial. You will learn how to automate a phishing email investigation in no time, extracting URLs with ChatGPT, analyzing their reputation, labeling the threat level, and generating a nice report in the process.

Another good point (because I know you like this): Tracecat is entirely self-hostable. You can install it locally on your laptop, in the cloud, or in a datacenter—basically wherever you want. This way, you retain full control over your data and infrastructure. And if one day you need more power, don’t worry, the developer offers a distributed paid version that scales infinitely and beyond.

So yes, Tracecat is not (yet) a full-fledged SIEM. But that’s precisely its strength! It focuses on automation and orchestration, making it much more flexible and easier to integrate, whether you have a SIEM, multiple SIEMs, or none at all. The choice is yours!

In short, if you’re tired of repetitive tasks and running around dealing with incidents, I highly recommend checking out Tracecat.

"Because of the Google update, I, like many other blogs, lost a lot of traffic."

Join the Newsletter

Please, subscribe to get our latest content by email.

Mohamed SAKHRI
Mohamed SAKHRI

I'm the creator and editor-in-chief of Tech To Geek. Through this little blog, I share with you my passion for technology. I specialize in various operating systems such as Windows, Linux, macOS, and Android, focusing on providing practical and valuable guides.

Articles: 1454

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked *