User Guides

Version: Next
User Guides
The user guides walk you through various examples that illustrate how to use use Tenzir in practice.
Datasets
Throughout our guides, we use publicly available datasets for a reproducible experience.
M57
The M57 Patents Scenario contains large amounts of diverse network traffic. We enriched the PCAP from Nov 18, 2009, by adding malicious traffic from malware-traffic-analysis.net. We adjusted all packet timestamp to 2021. Thereafter, we ran Zeek v5.2.0 and Suricata 6.0.10 to obtain structured network logs.
The dataset includes the following files:
README.md
zeek.tar.gz (43 MB)
suricata.tar.gz (123 MB)
data.pcap (3.8 GB)
For the examples in the next section, download and extract the archives:
curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/suricata.tar.gz curl -L -O https://storage.googleapis.com/tenzir-datasets/M57/zeek.tar.gz tar xzvf suricata.tar.gz tar xzvf zeek.tar.gz
📄️ Run a pipeline
A pipeline is a chain of operators that begins
📄️ Reshape data
Tenzir comes with numerous [transformation
📄️ Import into a node
Importing (or ingesting) data can be done by [running a
📄️ Export from a node
Exporting (or querying) data can be done by [running a
📄️ Show available schemas
When you write a pipeline, you often reference field names. If you do not know
📄️ Transform data at rest
This feature is currently only available on the command line using the
📄️ Execute Sigma rules
Tenzir supports executing Sigma rules using
Edit this page

Datasets​

M57​

📄️ Run a pipeline

📄️ Reshape data

📄️ Import into a node

📄️ Export from a node

📄️ Show available schemas

📄️ Transform data at rest

📄️ Execute Sigma rules

Datasets

M57