Skip to content

Overview

Tenzir offers a layered integration architecture, from turn-key packages at the top to native protocol connectors at the core.

Tenzir Query Language (TQL)Core IntegrationsTenzir Streaming Execution Engine1-click deployable TQL integrationsthat provide instant ROINative connectors to the ecosystem,enabling communication overnumerous protocols and APIsExpressive and type-rich pipeline languagebuilt for AI to orchestrateOperatorsFunctionsContextsKafkaS3SnowflakeTCPGCSUDPHTTPSyslogPackage LibrarySplunkCrowdstrikeElasticSentinelOnePaloaltoWizZscalerADBCAzureSQSAMQPFortinetZeekSuricataEntraIDVelociraptorWazuhMISPOpenCTIQualysBoxGitHubSlackHigh-throughput, low-latency C++Volcano executor with Arrow data model~ dozens~ hundreds~ infiniteAI-generated packages

Packages

Section titled “Packages”

Packages are 1-click deployable integrations that deliver instant value. They bundle pipelines, enrichment contexts, and configurations for common security tools like Splunk, CrowdStrike, Elastic, SentinelOne, Palo Alto, and many more.

Browse our freely available package library on GitHub. You can also use our MCP server to generate custom packages with AI assistance.

Core Integrations

Section titled “Core Integrations”

Core integrations are native connectors to the ecosystem, enabling communication over numerous protocols and APIs:

Under the hood, core integrations use a C++ plugin abstraction to provide an operator, function, or context that you can use in TQL to directly interface with the respective resource, such as a TCP socket or cloud storage bucket. We typically implement this functionality using the respective SDK, such as the AWS SDK, Google Cloud SDK, or librdkafka, though some integrations require a custom implementation.

Last updated: