Tenzir TQL

Tenzir TQL (Tenzir Query Language) is a pipeline-based security data processing language and platform developed by Tenzir. It provides a concise, expressive syntax for building data pipelines that handle log normalization, threat intelligence enrichment, and security workflow automation. The platform centers on TQL, which enables structured and unstructured data processing within a single pipeline engine, replacing multiple ETL, parsing, and enrichment tools. The Tenzir Platform manages a fleet of Tenzir Nodes and includes several components: Pipeline Management for starting, stopping, pausing, and monitoring pipelines with activity charts and diagnostics; a Data Explorer for managing context objects such as lookup tables, Bloom filters, and GeoIP databases, capable of ingesting billions of indicators and enriching at 100k+ events per second; Enrichment Contexts for collecting and shaping data, including OCSF mapping and split-routing to SIEM and data lakes; Native Dashboards for visualizing data streams as line, bar, pie, or area charts; and a Package Library of reusable pipeline packages deployable with a single click. TQL supports mapping data to the Open Cybersecurity Schema Framework (OCSF), enriching events with threat intelligence, and routing data to downstream security tools. The platform claims 30–50% reduction in data processing costs, 40% improvement in team efficiency, and elimination of tool sprawl across ETL and enrichment tooling. A free Community Edition is available alongside commercial offerings.