🚀 Features
Section titled “🚀 Features”Elastic Common Schema skill
Section titled “Elastic Common Schema skill”Added tenzir-ecs, a generated Elastic Common Schema reference skill for mapping logs and security telemetry into ECS.
The skill exposes ECS fields, fieldsets, categorization values, field reuse metadata, and ECS/OpenTelemetry relations as YAML, with curated upstream Markdown guidance for categorization, network mapping, custom fields, cloud and service context, threat indicators, and user modeling.
Splunk CIM skill
Section titled “Splunk CIM skill”Jun 6, 2026 · @mavam, @codex · #15
Added tenzir-cim, a generated Splunk Common Information Model reference skill for mapping security telemetry to CIM.
The generator takes an unpacked Splunk_SA_CIM app directory as input and emits agent-native YAML catalogs for CIM data models, datasets, effective fields, constraints, calculated fields, and lookup-backed values, translations, and enrichments. The generated skill also bundles core Splunk CIM 8.5 documentation as reference-only prose while keeping the app-derived YAML authoritative.
Microsoft Sentinel ASIM skill
Section titled “Microsoft Sentinel ASIM skill”Jun 4, 2026 · @mavam, @codex · #11, #17
Added tenzir-asim, a Microsoft Sentinel ASIM reference skill for mapping security telemetry to ASIM.
The generated reference currently covers 12 event schemas, 1 entity schema, 539 distinct fields, 1,426 schema field records, and 73 alias records from Microsoft Defender Docs. It now emits agent-native YAML catalogs, schema files, field files, alias data, and guidance data so agents can choose target ASIM schemas and map source telemetry with less context-window overhead.
🔧 Changes
Section titled “🔧 Changes”Tenzir UDM skill name
Section titled “Tenzir UDM skill name”Jun 7, 2026 · @mavam, @codex · #18
The Google UDM skill is now installed and referenced as tenzir-udm.
Use the new skill name when installing it directly:
npx skills add tenzir/skills@tenzir-udmGoogle UDM record YAML reference
Section titled “Google UDM record YAML reference”Jun 7, 2026 · @mavam, @codex · #16
The Google UDM skill now exposes record definitions as YAML leaves rather than Markdown message pages. Record YAML uses data-centric type shapes such as list<T>, optional<T>, map<K, V>, variant, and field unions, making event and entity fields easier for agents to scan when mapping logs into UDM.
Google UDM entity ingestion guidance
Section titled “Google UDM entity ingestion guidance”Jun 6, 2026 · @mavam, @codex · #14
The Google UDM skill now clarifies that Entity Type Guidance values such as USER or ASSET belong to the Entity object’s metadata.entity_type / metadata.entityType, while entities.import uses a separate inlineSource.logType for the context source, such as AZURE_AD_CONTEXT.