MCP Hub
Back to servers

Tenzir

A specialized MCP server for cybersecurity operations that integrates Tenzir data pipelines with the OCSF schema framework for advanced threat hunting and automated security data processing.

pulsemcp
APIs & ServicesData & AnalyticsDevelopment Tools
Stars
7
Forks
6
Updated
Jan 7, 2026
Validated
Jan 9, 2026
View Source
Claim this server

⚙️ Tenzir MCP Server

PyPI License

A Model Context Protocol (MCP) server that enables AI assistants to interact with Tenzir—a data pipeline engine for security operations.

This MCP server provides tools for executing pipelines written in the Tenzir Query Language (TQL)), working with Open Cybersecurity Schema Framework (OCSF), managing packages, generating parsers, and exploring documentation.

✨ Features

  • Pipeline Execution: Run TQL pipelines and tests
  • Documentation Access: Search and browse embedded Tenzir documentation with cross-reference support
  • OCSF Integration: Query and work with OCSF definitions, event classes, objects, and profiles.
  • Package Management: Create and manage Tenzir packages with operators, pipelines, enrichment contexts, and tests
  • Code Generation: Auto-generate TQL parsers and OCSF mapping packages

📦 Installation

Use Docker as the fastest way to get started:

docker run -i tenzir/mcp

Or use uvx when you have a local Tenzir installation:

uvx tenzir-mcp

📚 Documentation

Consult our setup guide for installation and MCP client configuration.

We also provide a reference that explains usage and available tools.

🤝 Contributing

Want to contribute? We're all-in on agentic coding with Claude Code! The repo comes pre-configured with our custom plugins—just clone and start hacking.

📜 License

This project is licensed under the Apache License 2.0.

Reviews

No reviews yet

Sign in to write a review