Skip to main content

· 3 min read
Dominik Lohmann

We've just released Tenzir v4.13, a release focusing on stability and incremental improvements over the feature-packed past releases.

· 5 min read
Jannis Christopher Köhl

We are thrilled to announce Tenzir v4.12, a feature-packed release introducing numerous enhancements. Notable additions include list unrolling, event deduplication, and the deployment of advanced pipeline architectures with publish-subscribe. We've also added a download button, extended support for UDP, and implemented many other refinements to improve your experience.

· 5 min read
Matthias Vallentin

In the bustling world of data operations, handling large volumes of information is an everyday affair. Each day, countless bytes of data move around in systems, challenging organizations to maintain data accuracy, efficiency, and cost-effectiveness. Amid this vast data landscape, one concept has emerged as a critical ally—deduplication.

· 6 min read
Dominik Lohmann

Our latest v4.11 release delivers powerful automation features, such as scheduling pipelines in a given time interval and sending pipeline data as emails.

· 5 min read
Dominik Lohmann

Today, we're releasing Tenzir v4.10, which improves how Tenzir integrates with modern deployment practices.

· 4 min read
Dominik Lohmann

We're thrilled to announce the release of Tenzir v4.9, enhancing the Explorer further to empower you with the capability of rendering your data as a chart.

· 2 min read
Dominik Lohmann

Did you ever want to get a sneak peek behind the scenes at Tenzir? Now you can!

· 3 min read
Dominik Lohmann
Jannis Christopher Köhl

Hot off the press: Tenzir v4.8. This release is filled with goodness.

· 3 min read
Matthias Vallentin

We re-wired Tenzir's fluent-bit operator and introduced a significant performance boost as a side effect: A 3–5x gain for throughput in events per second (EPS) and 4–8x improvement of latency in terms of processing time.

· 4 min read
Dominik Lohmann

Tenzir v4.7 brings a new context type, two parsers, four new operators, improvements to existing parsers, and a sizable under-the-hood performance improvement.

· 9 min read
Matthias Vallentin

How would you create a contextualization engine? What are the essential building blocks? We asked ourselves these questions after studying what's out there and built from scratch a high-performance contextualization framework in Tenzir. This blog post introduces this brand-new framework, provides usage examples, and describes how you can build your own context plugin.

· 6 min read
Dominik Lohmann

Tenzir v4.6 is here, and it is our biggest release yet. The headlining feature is the all-new context feature, powered by the context and enrich operators and the new context plugin type.

· 6 min read
Matthias Vallentin

Enrichment is a major part of a security data lifecycle and can take on many forms: adding GeoIP locations for all IP addresses in a log, attaching asset inventory data via user or hostname lookups, or extending alerts with magic score to bump it up the triaging queue. The goal is always to make the data more actionable by providing a better ground for decision making.

This is the first part of series of blog posts on contextualization. We kick things off by looking at how existing systems do enrichment. In the next blog post, we introduce how we address this use case with pipeline-first mindset in the Tenzir stack.

· 4 min read
Dominik Lohmann

Here comes Tenzir v4.5! This release ships a potpourri of smaller improvements that result in faster historical query execution and better deployability.

· 3 min read
Dominik Lohmann

Tenzir v4.4 is out! We've focused this release on integrations with two pillars of the digital forensics and incident response (DFIR) ecosystem: YARA and Velociraptor.

· 6 min read
Matthias Vallentin

The new yara operator matches YARA rules on bytes, producing a structured match output to conveniently integrate alerting tools or trigger next processing steps in your detection workflows.

· 4 min read
Christoph Lobmeyer
Matthias Vallentin

The new velociraptor operator allows you to run Velociraptor Query Language (VQL) expressions against a Velociraptor server and process the results in a Tenzir pipeline. You can also subscribe to matching artifacts in hunt flows over a large fleet of assets, making endpoint telemetry collection and processing a breeze.

· 15 min read
Matthias Vallentin

One thing we are observing is that organizations are actively seeking out solutions to better manage their security data operations. Until recently, they have been aggressively repurposing common data and observability tools. I believe that this is a stop-gap measure because there was no alternative. But now there is a growing ecosystem of security data operations tools to support the modern security data stack. Ross Haleliuk's epic article lays this out at length.

In this article I am explaining the underlying design principles for developing our own data pipeline engine, coming from the perspective of security teams that are building out their detection and response architecture. These principles emerged during design and implementation. Many times, we asked ourselves "what's the right way of solving this problem?" We often went back to the drawing board and started challenging existing approaches, such as what a data source is, or what a connector should do. To our surprise, we found a coherent way to answer these questions without having to make compromises. When things feel Just Right, it is a good sign to have found the right solution for a particular problem. What we are describing here are the lessons learned from studying other systems, distilled as principles to follow for others.

· 7 min read
Jannis Christopher Köhl
Matthias Vallentin

Exciting times, Tenzir v4.3 is out! The headlining feature is Fluent Bit support with the fluent-bit source and sink operators. Imagine you can use all Fluent Bit connectors plus what Tenzir already offers. What a treat!

· 5 min read
Oliver Rochford

In today's digital age, businesses are under immense pressure to bolster their cybersecurity. Understanding the financial implications of security tools is vital to ensure optimal ROI through risk reduction and breach resilience. This is particularly true for consumption-based security solutions like Security Information and Event Management (SIEM).