Tracecat is an open-source security automation platform that brings SOAR (Security Orchestration, Automation and Response) capabilities to teams that cannot afford or justify the cost of enterprise solutions like Tines, Splunk SOAR, or Palo Alto XSOAR. Backed by Y Combinator's Summer 2024 batch and carrying over 3,500 GitHub stars, Tracecat provides a visual workflow builder for creating automated response playbooks that handle the full lifecycle of security incidents — from initial alert triage through enrichment, investigation, and remediation.
The platform's AI capabilities go beyond simple automation. LLM-powered playbook steps can reason about alert context, correlate events across multiple data sources, generate investigation summaries, and suggest remediation actions based on the specific characteristics of each incident. This transforms security operations from reactive, manual processes into proactive, semi-automated workflows where analysts focus on decision-making rather than repetitive data gathering. Integrations with common security tools — SIEMs, EDR platforms, ticketing systems, communication channels — ensure Tracecat fits into existing security stacks.
Self-hosting is free under the Apache-2.0 license, with Tracecat Cloud available as a managed option for teams that prefer not to maintain infrastructure. The SOAR category represents a genuine gap in the aicoolies catalog: while security scanning and code review tools are well represented, security automation and incident response tooling is entirely absent. For DevSecOps engineers and security teams in developer-heavy organizations, Tracecat provides the automation layer that connects security alerts to actual response actions.