Skip to content

tenzir/tenzir

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

VAST VAST

Visibility Across Space and Time

AboutTryUseUnderstandContributeDevelop

Chat

VAST is the open-source pipeline and storage engine for security.

Building Blocks Building Blocks

VAST offers dataflow pipelines for data acquisition, reshaping, routing, and integration of security tools. Pipelines transport richly typed data frames to enable efficient analytical high-bandwidth streaming workloads. VAST's open storage engine uses the same dataflow language to deliver a unified abstraction for batch and stream processing to drive a wide variety of security use cases.

A VAST node provides managed pipelines and storage as a continuously running service. You can run pipelines across multiple nodes to create a distributed security data architecture.

Building Blocks Building Blocks

Consider VAST if you want to:

  • Filter, shape, aggregate, and enrich security events before they hit your SIEM or data lake
  • Normalize, enrich, and deduplicate events prior to passing them downstream
  • Store, compact, and search event data in an open storage format (Apache Parquet & Feather)
  • Perform high-bandwidth analytics with any data tool powered by Apache Arrow
  • Operationalize threat intelligence for live and retrospective detection
  • Build your own security data lake or federated XDR architecture

Get Started

Our quickstart guide showcases how you can start exploring Zeek and Suricata data with VAST. Start here to get a first impression of VAST.

To get hands-on with VAST, follow these steps:

  1. Download VAST
  2. Start a VAST node
  3. Run pipelines to import/export data

If you have any questions when reading our docs, feel free to start a GitHub discussion or swing by our Discord chat—we're here to help!

License

VAST comes with a 3-clause BSD license.

Scientific Use

When referring to VAST in a scientific context, please use the following citation:

@InProceedings{nsdi16:vast,
  author    = {Matthias Vallentin and Vern Paxson and Robin Sommer},
  title     = {{VAST: A Unified Platform for Interactive Network Forensics}},
  booktitle = {Proceedings of the USENIX Symposium on Networked Systems
               Design and Implementation (NSDI)},
  month     = {March},
  year      = {2016}
}

You can download the paper from the NSDI'16 proceedings website.

Developed with ❤️ by Tenzir