Skip to content


Tenzir Tenzir

Open Source Data Pipelines for Security Teams


Start Here

Dive right in at and play with a cloud-based Tenzir demo. Once you're ready for deploying your own node, run our installer that guides you through the setup process:

curl | sh

What is Tenzir?

Tenzir is a data pipeline solution for optimizing cloud and data costs, running detections and analytics, building a centralized security data lake, or creating a decentralized security data fabric.

Tenzir Moving Parts Tenzir Moving Parts

The key abstractions in Tenzir are:

  1. Pipeline: A dataflow of operators for producing, transforming, and consuming data. The tenzir binary runs a pipeline stand-alone..
  2. Node: Manages pipelines. A node also has a custom storage engine built on top of Parquet/Feather partitions. The tenzir-node binary spawns a node.
  3. Platform: Offers a management layer for nodes. Nodes connect to the platform and you can manage them at

Check out our documentation for detailed setup instructions, user guides, and reference material.

What can I do with Tenzir?

Use Tenzir if you want to:

  • Filter, shape, and enrich events before they hit your SIEM or data lake
  • Normalize, enrich, aggregate, and deduplicate structured event data
  • Store, compact, and search event data in an open storage format
  • Operationalize threat intelligence for live and retrospective detection
  • Build your own security data lake and need an ETL layer
  • Create a federated detection and response architectures

Explore the demo node

The easiest way to get started is try it out yourself. It takes just a few steps:

  1. Create a free account by signing in:

Sign in

  1. Go to the Overview page:


  1. Create a demo node by clicking the Add button in the nodes pane and select Cloud-hosted demo node.:

Add node

  1. Follow the guided tour after the node becomes available (~1 min).

  2. Start learning TQL and explore the data set visually, e.g., to by running aggregations and plotting data:

Bar chart


The pipeline executor and majority of the node code is open source and comes with a BSD 3-clause license. Visit for commercial editions and read the FAQs for further details.