How do I use Tenzir MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Tenzir MCP Server show me recent OCSF security events from our firewall logs" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

⚙️ Tenzir MCP Server

PyPI License

A Model Context Protocol (MCP) server that enables AI assistants to interact with Tenzir—a data pipeline engine for security operations.

This MCP server provides tools for executing pipelines written in the Tenzir Query Language (TQL)), working with Open Cybersecurity Schema Framework (OCSF), managing packages, generating parsers, and exploring documentation.

✨ Features

Pipeline Execution: Run TQL pipelines and tests
Documentation Access: Search and browse embedded Tenzir documentation with cross-reference support
OCSF Integration: Query and work with OCSF definitions, event classes, objects, and profiles.
Package Management: Create and manage Tenzir packages with operators, pipelines, enrichment contexts, and tests
Code Generation: Auto-generate TQL parsers and OCSF mapping packages

Related MCP server: HydraΜCP

📦 Installation

Use Docker as the fastest way to get started:

docker run -i tenzir/mcp

Or use uvx when you have a local Tenzir installation:

uvx tenzir-mcp

📚 Documentation

Consult our setup guide for installation and MCP client configuration.

We also provide a reference that explains usage and available tools.

🤝 Contributing

Want to contribute? We're all-in on agentic coding with Claude Code! The repo comes pre-configured with our custom plugins—just clone and start hacking.