Download Latest Version
Tracecat 0.41.0 source code.tar.gz (22.7 MB)
Get an email when there's a new version of tracecat
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| README.md | 2025-08-07 | 4.8 kB | |
| Tracecat 0.41.0 source code.tar.gz | 2025-08-07 | 22.7 MB | |
| Tracecat 0.41.0 source code.zip | 2025-08-07 | 23.4 MB | |
| Totals: 3 Items | 46.1 MB | 3 | |
⚠️ NOTE: this is one of the biggest Tracecat releases ever:
- New features (case tags, case AI chat)
- Many small UI/UX bug fixes.
-
Some breaking integration changes*
-
❗❗❗ Instead of returning the full REST API response (with headers and body), we now return data directly for the following. We're doing this as we noticed headers (looking at you VirusTotal) can take up a lot of extra unnecessary data / tokens (up to 50% the size of the payload itself) especially for AI.
Breaking change: Some integrations now return .data from HTTP action directly.
Fix: Change ACTIONS.some_action.result.data.data to ACTIONS.some_action.result.data
| Integration | Previous Return Format | New Return Format | Description |
|---|---|---|---|
| Wazuh | .data.data | .data | All Wazuh integration actions now return .data directly |
| Splunk | .data.data | .data | Splunk actions return .data directly |
| Jira | .data.data | .data | Jira actions return .data directly |
| Jamf | .data.data | .data | Jamf actions return .data directly |
| Elastic Search | .data.data | .data | Search helpers return .data directly |
| Elastic Detection | .data.signals | .signals | Detection signals returned directly |
| Datadog | .data.security_signals | .security_signals | Security signals returned directly |
| CrowdStrike | .data.alerts / .data.detects | .alerts / .detects | Alerts and detects returned directly |
| CrowdSec CTI | .data.data | .data | CTI data returned directly |
| SentinelOne | .data.data | .data | All S1 integrations return .data directly |
| VirusTotal | .data.data | .data | VirusTotal data returned directly |
| URLhaus | .data.data | .data | URLhaus data returned directly |
| URLScan | .data.data | .data | URLScan data returned directly |
| TheHive | N/A | N/A | Support dropped entirely |
We've been very very careful not to introduce breaking schemas in our integrations ever, but for data cost and AI accuracy this change cannot be avoided 🫡
🧩 Integrations
- Look up table: insert many rows (#1310)
- Add more template expressions validation checks (#1314)
- add assign_user_by_email action for cases (#1307)
- Add redis dedupe (#1306)
- Set default wait strategy for subflows to detach (#1290)
- Okta OAR Integration (#1277)
✨ Enhancements
- Streamline case UI (#1321)
- Remove colorlog and update uv version (#1319)
- Improve workspace management logic in tests (#1316)
- Fix action-level environment override (#1327)
- Case tags (#1325)
- Improve custom repo dependency conflict handling through
uv add+ add integration test for custom repo install, sync, and execute (#1322) - Show short workflow ID when workflow definition not found (#1309)
- Improve chat streaming with Redis TTL and enhanced agent execution (#1293)
🐞 Bug fixes
- Surface workflow-level failure in events sidebar (#1313)
- Don't auto layout on reload or refresh (#1317)
- Check empty before decrypt and improve access token handling (#1291)
- Reduce Sentry noise from DSL scheduler error handling logs (#1320)
- Prevent empty run_if and for_each statements in action forms (#1318)
- Show correct message for non-running workflows with no events (#1311)
- Sort workflows by
created_atin regular list endpoint (#1308) - List all workflows when limit=0 (#1305)
- Add ordering for workflow items in folders view (#1304)
- Delete Temporal schedules when deleting workflow (#1294)
📦 Build system
- Add uv.lock file for deterministic dependency resolution (#1312)
- deps(ui): Bump blocknote deps (#1303)
- Bump axios to v1.11.0 (#1292)
Thank you to all our contributors for making this release possible! @bishopdotdev, @daryllimyt and @topher-lo