Tenzir
OfficialConnects to Tenzir's data pipeline engine to execute cybersecurity data processing workflows using TQL and work with OCSF security event schemas.
Integrates with Tenzir data pipelines and OCSF schema framework to execute cybersecurity data processing workflows and retrieve structured security event definitions for threat hunting and security analysis.
What it does
- Execute TQL data pipelines
- Query OCSF event class definitions
- Retrieve OCSF object schemas
- Browse Tenzir documentation
- Generate TQL parsers automatically
- Manage Tenzir packages
Best for
About Tenzir
Tenzir is an official MCP server published by tenzir that provides AI assistants with tools and capabilities via the Model Context Protocol. Tenzir: Execute cybersecurity data workflows with OCSF-compatible pipelines to retrieve structured security events for e It is categorized under auth security, developer tools. This server exposes 7 tools that AI clients can invoke during conversations and coding sessions.
How to install
You can install Tenzir in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
Tenzir is released under the Apache-2.0 license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
Tools (7)
Execute a TQL pipeline. You MUST use this tool instead of calling `tenzir` directly. Args: pipeline: The pipeline definition to execute is_file: Whether `pipeline` is a path to a file containing the definition timeout: Execution timeout in seconds (default: 30)
Get all OCSF event classes and their descriptions.
Get the definition of a specific OCSF event class.
Get the definition of a specific OCSF object.
VERY IMPORTANT: YOU MUST CALL THIS TOOL BEFORE YOU WRITE ANY TQL PIPELINES/MAPPINGS. Set the `ocsf` paramater to `true` if the user requested you to write a fresh, new OCSF mapping.
⚙️ Tenzir MCP Server
A Model Context Protocol (MCP) server that enables AI assistants to interact with Tenzir—a data pipeline engine for security operations.
This MCP server provides tools for executing pipelines written in the Tenzir Query Language (TQL)), working with Open Cybersecurity Schema Framework (OCSF), managing packages, generating parsers, and exploring documentation.
✨ Features
- Pipeline Execution: Run TQL pipelines and tests
- Documentation Access: Search and browse embedded Tenzir documentation with cross-reference support
- OCSF Integration: Query and work with OCSF definitions, event classes, objects, and profiles.
- Package Management: Create and manage Tenzir packages with operators, pipelines, enrichment contexts, and tests
- Code Generation: Auto-generate TQL parsers and OCSF mapping packages
📦 Installation
Use Docker as the fastest way to get started:
docker run -i tenzir/mcp
Or use uvx when you have a local Tenzir
installation:
uvx tenzir-mcp
📚 Documentation
Consult our setup guide for installation and MCP client configuration.
We also provide a reference that explains usage and available tools.
🤝 Contributing
Want to contribute? We're all-in on agentic coding with Claude Code! The repo comes pre-configured with our custom plugins—just clone and start hacking.
📜 License
This project is licensed under the Apache License 2.0.
Alternatives
Related Skills
Browse all skillsUse when working with the OpenAI API (Responses API) or OpenAI platform features (tools, streaming, Realtime API, auth, models, rate limits, MCP) and you need authoritative, up-to-date documentation (schemas, examples, limits, edge cases). Prefer the OpenAI Developer Documentation MCP server tools when available; otherwise guide the user to enable `openaiDeveloperDocs`.
Security audit and validation tools for the Agent Skills ecosystem. Scan skill packages for common vulnerabilities like credential leaks, unauthorized file access, and Git history secrets. Use when you need to audit skills for security before installation, validate skill packages against Agent Skills standards, or ensure your skills follow best practices.
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication. Triggers: "azure-identity", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust".
CCXT cryptocurrency exchange library for TypeScript and JavaScript developers (Node.js and browser). Covers both REST API (standard) and WebSocket API (real-time). Helps install CCXT, connect to exchanges, fetch market data, place orders, stream live tickers/orderbooks, handle authentication, and manage errors. Use when working with crypto exchanges in TypeScript/JavaScript projects, trading bots, arbitrage systems, or portfolio management tools. Includes both REST and WebSocket examples.
.NET/C# backend developer for ASP.NET Core APIs with Entity Framework Core. Builds REST APIs, minimal APIs, gRPC services, authentication with Identity/JWT, authorization, database operations, background services, SignalR real-time features. Activates for: .NET, C#, ASP.NET Core, Entity Framework Core, EF Core, .NET Core, minimal API, Web API, gRPC, authentication .NET, Identity, JWT .NET, authorization, LINQ, async/await C#, background service, IHostedService, SignalR, SQL Server, PostgreSQL .NET, dependency injection, middleware .NET.
Build full-stack applications with Supabase (PostgreSQL, Auth, Storage, Real-time, Edge Functions). Use when implementing authentication, database design with RLS, file storage, real-time features, or serverless functions.