Tenzir

Open-source security data pipeline with native support for security-specific data formats

ToolOpen Source Data PipelineOpen SourceCloudSelf-hosted

Pricing: Free (open source) / Enterprise support available

Reviewed by the CyberSecTool editorial team against the public sources cited below · Last reviewed February 2026 · How we review listings

What is Tenzir?

Tenzir is an open-source security data pipeline built specifically for security operations teams. It provides a pipeline-based approach to collecting, parsing, transforming, and routing security telemetry data with native support for security-specific formats like PCAP, Zeek, Suricata, and STIX/TAXII. Tenzir's open-source model and security-first design make it an attractive option for teams that want transparency and community-driven development.

Best for: Security teams wanting an open-source, security-native data pipeline with transparent code and no vendor lock-in
Pros
  • Fully open-source with transparent codebase
  • Purpose-built for security data and formats
  • No vendor lock-in or licensing costs
  • Native support for PCAP and network telemetry
  • Active community and extensible architecture
Considerations
  • Smaller community than established alternatives
  • Fewer pre-built integrations than Cribl
  • Requires more operational expertise to deploy
  • Less mature enterprise support options
  • Limited GUI. Primarily CLI and config-driven

Reported in public reviews and vendor documentation. See sources below.

Key Features

Open-source pipeline engine
Native security format support (PCAP, Zeek, Suricata)
Pipeline-as-code configuration
STIX/TAXII threat intelligence integration
Data transformation and enrichment
Multi-destination routing
Schema inference and validation
Community-driven detection content

Are you Tenzir? Improve this listing with screenshots, case studies and more.