User Guides

Version: Tenzir v4.0
User Guides
The user guides walk you through various examples that illustrate how to use use Tenzir in practice.
Datasets
Throughout our guides, we use publicly available datasets for a reproducible experience.
M57
The M57 Patents Scenario contains large amounts of diverse network traffic. We enriched the PCAP from Nov 18, 2009, by adding malicious traffic from malware-traffic-analysis.net. We adjusted all packet timestamp to 2021. Thereafter, we ran Zeek v5.2.0 and Suricata 6.0.10 to obtain structured network logs.
The dataset includes the following files:
README.md
zeek.tar.gz (43 MB)
suricata.tar.gz (123 MB)
data.pcap (3.8 GB)
For the examples in the next section, download and extract the archives:
curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/suricata.tar.gz curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/zeek.tar.gz tar xzvf suricata.tar.gz tar xzvf zeek.tar.gz
📄️ Run a pipeline
A pipeline is a chain of operators that begins
📄️ Reshape data
Tenzir comes with numerous [transformation
📄️ Import into a node
Importing (or ingesting) data can be done by [running a
📄️ Export from a node
Exporting (or querying) data can be done by [running a
📄️ Show available schemas
When you write a pipeline, you often reference field names. If you do not know
📄️ Transform data at rest
This feature is currently only available on the command line using the
📄️ Execute Sigma rules
Tenzir supports executing Sigma rules using
Edit this page

Datasets​

M57​

📄️ Run a pipeline

📄️ Reshape data

📄️ Import into a node

📄️ Export from a node

📄️ Show available schemas

📄️ Transform data at rest

📄️ Execute Sigma rules

Datasets

M57