network-forensics incident-response actor-model bitmap-index threathunting siem soc security dataops investigation pcap secdataops netflow suricata zeek pipelines sigma

Visibility Across Space and Time

About | Try | Use | Understand | Contribute | Develop

VAST is the open-source pipeline and storage engine for security.

VAST offers dataflow pipelines for data acquisition, reshaping, routing, and integration of security tools. Pipelines transport richly typed data frames to enable efficient analytical high-bandwidth streaming workloads. VAST's open storage engine uses the same dataflow language to deliver a unified abstraction for batch and stream processing to drive a wide variety of security use cases.

A VAST node provides managed pipelines and storage as a continuously running service. You can run pipelines across multiple nodes to create a distributed security data architecture.

Consider VAST if you want to:

Filter, shape, aggregate, and enrich security events before they hit your SIEM or data lake
Normalize, enrich, and deduplicate events prior to passing them downstream
Store, compact, and search event data in an open storage format (Apache Parquet & Feather)
Perform high-bandwidth analytics with any data tool powered by Apache Arrow
Operationalize threat intelligence for live and retrospective detection
Build your own security data lake or federated XDR architecture

Get Started

Our quickstart guide showcases how you can start exploring Zeek and Suricata data with VAST. Start here to get a first impression of VAST.

To get hands-on with VAST, follow these steps:

Download VAST
Start a VAST node
Run pipelines to import/export data

If you have any questions when reading our docs, feel free to start a GitHub discussion or swing by our Discord chat—we're here to help!

License

VAST comes with a 3-clause BSD license.

Scientific Use

When referring to VAST in a scientific context, please use the following citation:

@InProceedings{nsdi16:vast,
  author    = {Matthias Vallentin and Vern Paxson and Robin Sommer},
  title     = {{VAST: A Unified Platform for Interactive Network Forensics}},
  booktitle = {Proceedings of the USENIX Symposium on Networked Systems
               Design and Implementation (NSDI)},
  month     = {March},
  year      = {2016}
}

You can download the paper from the NSDI'16 proceedings website.

Developed with ❤️ by Tenzir

About

Easy data pipelines for security teams.

https://docs.tenzir.com

network-forensics incident-response actor-model bitmap-index threathunting siem soc security dataops investigation pcap secdataops netflow suricata zeek pipelines sigma

BSD 3-Clause "New" or "Revised" License

Languages

Language:C++ 88.7%Language:Python 3.6%Language:CMake 3.5%Language:HCL 1.4%Language:Shell 1.1%Language:Nix 0.6%Language:Dockerfile 0.3%Language:JavaScript 0.3%Language:TypeScript 0.2%Language:SCSS 0.1%Language:Makefile 0.1%Language:R 0.1%Language:CSS 0.0%Language:Lua 0.0%Language:Awk 0.0%Language:HTML 0.0%Language:Jinja 0.0%Language:Zeek 0.0%