Tenzir

Tenzir is at DMEA - Connecting Digital Health in Berlin – Europe’s leading conference for digital healthcare. From April 21–23, we’re joining secunet Security Networks AG and DCSO Deutsche Cyber-Sicherheitsorganisation GmbH at booth E-108 (Hall 1.2) to show how our sovereign edge stack makes cloud-based services in healthcare secure, scalable, and efficient. Tenzir provides the data engine: collection, normalization, enrichment, and routing of security data – running directly on the secunet edge platform. DCSO delivers managed SOC services. Together, an integrated offering for managed security in connected healthcare IT. Johan Hesse and Nils Austrup are on-site. Come by for a conversation! Booth E-108 | Hall 1.2 | DMEA 2026 | Berlin #DMEA2026 #DigitalHealth #Cybersecurity #Tenzir #secunet #DCSO #EdgeSecurity #HealthIT #MadeInGermany #DataPipeline

🔎 We’re looking for you at Tenzir as our next 𝗔𝗰𝗰𝗼𝘂𝗻𝘁 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝘃𝗲. —> Excited to drive the full sales cycle—from outbound and new customer acquisition to after-sales support? —> Enjoy interacting with people, know how to persuade, and aren’t afraid to step forward? —> Experienced in selling cybersecurity or data-driven solutions (ideally in the security/data space)? Then let’s talk. We’d love to get to know you. 👉 https://lnkd.in/e7wAi5kE

We did MCP wrong. Skills showed us. 🫠 📊 MCP approach: 61 tool calls, $20.78 📊 Skills approach: 52 tool calls, $10.27 Same task. Same output quality. Half the cost. The mistake? We treated MCP like a "wrapper" for everything. Most of our tools were just fancy JSON envelopes around CLI commands. We told ourselves we were "helping the model." In reality, we were burning tokens re-explaining things the AI could figure out itself. The Lesson: 🛠️ MCP is for Plumbing: Use it for distributed orchestration, fleet management, and secure access to live infrastructure. 🧠 Skills are for Knowledge: Use them for portable instructions and templates (now backed by the #agentskills standard). We're not apologizing. We're iterating. Fast. 🚀 This is what modern AI tooling looks like: build for today's models, measure against tomorrow's, and adapt the second the data tells you to. Full breakdown of the architecture change 👉 https://lnkd.in/gHERTVad #AI #MCP #Skills #Cybersecurity

2025 was our biggest year yet at Tenzir. Here's what shipping ~80 releases looks like: 📈 We tripled our release velocity—from ~25 releases in 2024 to ~80 in 2025. More than one per week. 🚀 Here's what that delivered: → 15+ new integrations. Snowflake. ClickHouse. Google SecOps. Amazon Security Lake. SentinelOne Data Lake. OpenSearch. Elasticsearch. AWS Secrets Manager. Your data goes where it needs to go. → MCP Server launched. AI-powered OCSF mapping generation. What used to take days now takes 30 minutes. Open source, works with any LLM. → Native OCSF support. We track the spec as it evolves—so you're always current, not chasing schema updates. → Next-gen Platform UI. Rebuilt from the ground up for faster data exploration and pipeline management. → Query language v2. More powerful computation, cleaner syntax, built for complex security workflows. ⚡ And now we're at an inflection point. In Q4, we went all-in on AI-native development. Our entire team now runs agentic dev workflows. We built and open-sourced a Claude Plugin Marketplace that we're using daily to accelerate everything we do. If we tripled velocity in 2025 the traditional way, imagine what 2026 looks like with AI-native workflows baked in from day one. 🎯 2026 priorities: performance, stability, horizontal K8s scaling, and a new stateful execution engine with Flink-style operator snapshotting. Enterprise-grade resilience—at a pace the industry hasn't seen. To everyone who filed issues, requested features, and pushed us—thank you. 🙏 What's the one capability you're waiting for?

Hey look, I can use any data pipeline to build a Security Data Lake! Really? 🧐 If your current pipeline handles data ingestion with the grace of a jet engine strapped to a coffee cup, we need to talk. Tenzir: for when you actually want the data inside the destination. #SecDataOps #DataLake #ETL #SecurityDataLake #DataPipeline #SDPP

What's the best #ETL tool for building a security data lake on Amazon Web Services (AWS)? Here's what I'd look for: ⚙️ Open source execution engine. Not source-available. Actually open. 🔑 Open pipeline definitions. Export them, version them, run them anywhere. 🤖 #AI-native, MCP tools: Generate complete integrations, from parsing to #OCSF mappings. ☁️ AWS-native in your own account. No external services. Seamless integration with Security Lake, S3, Cognito, and the broader Amazon security stack. This week we're announcing full sovereign AWS-native deployment of the entire Tenzir platform. If you're building a security data lake in AWS and want to see what this looks like in practice, let's talk while I'm at #reInvent2025: https://lnkd.in/epkrD8tx

The latest Security Data Pipeline report landed with an uncomfortable truth: the vendor lock-in problem isn't solved. It's just moving up the stack. First, read Aqsa Taylor's well-researched piece here 👉 https://lnkd.in/ePdQReVR CrowdStrike buying Onum. SentinelOne acquiring Observo AI (acquired by SentinelOne). Palo Alto Networks dropping $3.3B on Chronosphere. The same vendors who locked you into expensive SIEMs are now buying your escape routes. 🏃 Every practitioner in the report asked the same question: what happens to vendor neutrality after acquisition? Spoiler alert: when your pipeline becomes a feature inside someone else's ecosystem, "multi-destination routing" magically transforms into "preferred destination routing with asterisks." The entire value proposition of #SDP (or #SDPP for *-platform) was breaking free from vendor gatekeeping. Watching that control get absorbed back into the very platforms you were escaping would be funny if it wasn't your budget. The report identifies #AI as a maturity marker, but conveniently misses the distinction that actually matters: AI that serves you vs AI that serves the vendor's platform strategy. Guess which one you're getting from an acquired pipeline company? 🤔 We've been building Tenzir with a heretical thesis—the future of security data isn't about who controls the biggest pipeline, it's about giving practitioners the primitives to build exactly what they need. Open formats that work across any stack. Complete automation from parsing to #OCSF mapping with models you can actually inspect and control. #MCP server capabilities for programmatic orchestration. True streaming detection that doesn't force you back into their analytics layer to extract value. The market is sorting into two paths: integrated platforms where pipelines become features (convenient ops, vendor handcuffs), and independent data layers you actually control (harder to operate, but you own the architecture). Only one lets you change your analytics layer without rearchitecting your entire data fabric. Take a wild guess which path the acquired vendors will encourage. The SDPP market exploded because SIEMs failed to adapt to modern data volumes. Now those same SIEMs are buying the pipeline vendors, and we're all supposed to nod along and pretend this time will be different. If you're a #CISO making 5-year architectural decisions, here's the question that should keep you up at night: what happens when my "vendor-neutral" pipeline gets acquired? What happens to all those beautiful multi-destination routes I built? The answer matters infinitely more than the feature comparison spreadsheet. 💡 ——— Tenzir provides open streaming analytics for security operations. We're an Emerging Leader in this report. The difference is what happens when the acquisition offers start rolling in.

Your security vendor just told you they'll add support for that critical data source "in Q3 next year." Cool. Cool cool cool. 🤡 Meanwhile, you found a parsing bug in their EDR integration. Support says they'll "escalate it to engineering." Translation: get in line. Oh, and you need deeper field extraction for compliance? That's a premium tier feature. Pay more to parse logs differently. This is the game we've all been playing. Vendors control the integration catalog. Customers wait. Everyone pretends this is fine. It's not fine. And now it's over. ⚡ We just relaunched our #MCP server. You paste a single log sample—EDR, cloud service, IdP, whatever. #AI generates a complete parser, #OCSF mapping, test suite, and deployable package. 100% hands-off keyboard. Your job is to click "install." No waiting for vendor roadmaps. No support tickets for basic fixes. No premium tiers for field extraction. You own the integration. You control the timeline. You decide the depth. The power dynamic just flipped. This is about eliminating the gatekeeping. Tenzir provides the execution engine. You provide the logic. AI assembles the package. That's the new model. Want to see it in action? Install our MCP server and drop any security log into Anthropic's Claude Code or any agent of your choice. Watch it generate a production-ready integration in one conversation. Full post: https://lnkd.in/e3PhMvTa The integration bottleneck is being solved. Build with us what you couldn't before. 🚀 #SecOps #SecDataOps #DataEngineering #OpenSource #OCSF #DataPipelines #SDPP

What if you never had to write an OCSF mapping pipeline by hand again? It's the tedious, error-prone work that kills momentum and slows down real progress. So, we built a tool that uses smart prompting and our new open-source MCP server to get an LLM to do the boring work for you. ✨ Watch it take a raw log and generate a validated TQL pipeline that's 100% schema-compliant and ready to deploy. Instantly. ✅ ➡️ Watch the demo: https://lnkd.in/e85TbU5M Because open standards are only useful if they're easy to adopt. We're committed to making OCSF not just a great idea, but a practical reality for everyone. Stop mapping, start building. The repo is open. 👩💻 Repo: https://lnkd.in/eAtWgPBM #OCSF #Automation #SecurityData #OpenSource #Tenzir #MCP #DataEngineering #Cybersecurity #SecDataOps

We're officially launching the Tenzir MCP Server v0.1! 🚀 Our first trick? Using the chaos of non-deterministic AI to create 100% deterministic, schema-compliant data pipelines. 🤯 Yes, you read that right. We're teaching LLMs to be neat freaks. You give our MCP server a messy, raw log sample, and it gives you back a perfect, validated TQL pipeline for OCSF mapping. 💪 Our Philosophy: While some vendors are having an existential crisis about AI turning them into "dumb infra," we're busy building smart, open-source Lego bricks for your security stack. It's not a power struggle when you're giving the power to the users. 📖 Read the full, slightly spicy take on our blog: https://lnkd.in/eedgwWQf 💻 Check out the open-source repo and build with us: https://lnkd.in/eAtWgPBM #MCP #AI #OCSF #SecurityData #DataPipelines #SecDataOps