Dive right in and install Tenzir:
curl https://get.tenzir.app | shCheck out our documentation for detailed setup instruction, user guides, and reference material.
Tenzir is a distributed platform for processing and storing security event data in a pipeline dataflow model, providing the following abstractions:
- Tenzir's pipelines consist of powerful operators that perform computations over Arrow data frames. The Tenzir Query Language (TQL) makes it easy to express pipelines—akin to Splunk and Kusto.
- Tenzir's indexed storage engine persists dataflows in an open format (Parquet & Feather) so that you can access them with any query engine, or run pipelines over selective historical workloads.
- Tenzir nodes offer a managed runtime for pipelines and storage.
- Interconnected nodes form a data fabric and pipelines can span across them to implement sophisticated security architectures.
Use Tenzir if you want to:
- Filter, shape, and enrich events before they hit your SIEM or data lake
- Normalize, enrich, aggregate, and deduplicate structured event data
- Store, compact, and search event data in an open storage format
- Operationalize threat intelligence for live and retrospective detection
- Build your own security data lake
- Create a federated detection and response architectures
The open-source editions of Tenzir comes with a 3-clause BSD license.
Please see https://tenzir.com/pricing for commercial editions.