Tenzir’s open security analytics platform provides a control plane and data plane for the modern Security Operation Centre (SOC). Threat Bus is the product on the control plane: threat intelligence data such as indicators and sightings are propagated on a message bus to all relevant tools in the SOC for automated reaction. In addition, VAST forms the Data Plane: as a lightweight SIEM with a focus on detection and processing of high-volume telemetry, VAST enables data protection-compliant recording of network, endpoint or cloud telemetry. Built-in live matching can easily match millions of indicators against the incoming stream of telemetry data to detect known threats in real-time. VAST also generates behavioural profiles from incoming telemetry to use anomalies as an additional alert. In the web interface, this allows threat hunters and analysts to efficiently contextualise events in a holistic manner.
This open approach is unique: no data silo, open-source tools, full control over threat and telemetry data, flexible STIX message bus – the modern SOC backbone.