Tenzir
OfficialConnects to Tenzir's data pipeline engine to execute cybersecurity data processing workflows using TQL and work with OCSF security event schemas.
8207 views6Local (stdio)
What it does
- Execute TQL data pipelines
- Query OCSF event class definitions
- Retrieve OCSF object schemas
- Browse Tenzir documentation
- Generate TQL parsers automatically
- Manage Tenzir packages
Best for
Security analysts processing threat dataSOC teams building detection pipelinesCybersecurity researchers working with OCSFDevSecOps engineers automating security workflows
OCSF schema framework integrationAuto-generates TQL parsersDocker deployment available
Tools (7)
execute_tql_pipeline
Execute a TQL pipeline. You MUST use this tool instead of calling `tenzir` directly. Args: pipeline: The pipeline definition to execute is_file: Whether `pipeline` is a path to a file containing the definition timeout: Execution timeout in seconds (default: 30)
get_ocsf_classes_overview
Get all OCSF event classes and their descriptions.
get_ocsf_class
Get the definition of a specific OCSF event class.
get_ocsf_object
Get the definition of a specific OCSF object.
tql_instructions
VERY IMPORTANT: YOU MUST CALL THIS TOOL BEFORE YOU WRITE ANY TQL PIPELINES/MAPPINGS. Set the `ocsf` paramater to `true` if the user requested you to write a fresh, new OCSF mapping.
