We're thrilled to announce the release of Tenzir v4.9, enhancing the Explorer further to empower you with the capability of rendering your data as a chart.
Hot off the press: Tenzir v4.8. This release is filled with goodness.
How would you create a contextualization engine? What are the essential building blocks? We asked ourselves these questions after studying what's out there and built from scratch a high-performance contextualization framework in Tenzir. This blog post introduces this brand-new framework, provides usage examples, and describes how you can build your own context plugin.
Tenzir v4.6 is here, and
it is our biggest release yet. The headlining feature is the all-new context
feature, powered by the
enrich operators and the new context
Enrichment is a major part of a security data lifecycle and can take on many forms: adding GeoIP locations for all IP addresses in a log, attaching asset inventory data via user or hostname lookups, or extending alerts with magic score to bump it up the triaging queue. The goal is always to make the data more actionable by providing a better ground for decision making.
This is the first part of series of blog posts on contextualization. We kick things off by looking at how existing systems do enrichment. In the next blog post, we introduce how we address this use case with pipeline-first mindset in the Tenzir stack.