The user guides walk you through various examples that illustrate how to use use Tenzir in practice.
Throughout our guides, we use publicly available datasets for a reproducible experience.
The M57 Patents Scenario contains large amounts of diverse network traffic. We enriched the PCAP from Nov 18, 2009, by adding malicious traffic from malware-traffic-analysis.net. We adjusted all packet timestamp to 2021. Thereafter, we ran Zeek v5.2.0 and Suricata 6.0.10 to obtain structured network logs.
The dataset includes the following files:
For the examples in the next section, download and extract the archives:
curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/suricata.tar.gz
curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/zeek.tar.gz
tar xzvf suricata.tar.gz
tar xzvf zeek.tar.gz
📄️ Run a pipeline
A pipeline is a chain of operators that begins with a
📄️ Reshape data
Tenzir comes with numerous [transformation
📄️ Import into a node
Importing (or ingesting) data can be done by [running a
📄️ Export from a node
Exporting (or querying) data can be done by [running a
📄️ Show available schemas
When you write a pipeline, you often reference field names. If you do not know
📄️ Transform data at rest
This feature is currently only available on the command line using the
📄️ Execute Sigma rules
Tenzir supports executing Sigma rules using