Tarsal: Data pipeline built for modern security teams

Run your SIEM on a generic data lake with one-click connectors that normalize your logs to a unified schema


Tarsal is the first data pipeline built for modern security teams. We’re like Fivetran or Segment, but built for security teams.

Tarsal provides:

- one-click ingestion and normalization for all security logs (e.g multi-cloud infra, Okta, Duo, Slack, CrowdStrike, etc.)

- normalization across sources for easy correlation

- detections as code

- a vendor-agnostic pipeline so you can use the best log destination for the job (supported destinations include Snowflake, S3, Databricks, Splunk, DataDog, etc.)

👤 The Team

Sunny Rekhi (CEO) was previously an infrastructure + backend engineer at TikTok and Uber, where he worked on high scale data systems.

Manny Gundampalli (CTO) was previously a data infrastructure engineer at Plaid, where she worked on Plaid’s highest volume ML pipelines.

❌ The Problem

Security data has become unmanageable.

  • There’s no standard for how security data is defined, so security teams have to write complex queries to account for all the variations.
  • There’s no consistent way to get your log data: some vendors expose a REST API, others expose a GraphQL API. Some give you JSON data, some give you unstructured text. Schematized data is rare.
  • There’s a lot of it. Security data is growing at 23% CAGR, and log storage costs are incredibly high.

✨ Our Solution

Tarsal is the first data pipeline built for modern security teams. With zero-hassle, one-click connectors, security teams can ingest normalized data and route it to the destination of their choice.

Our unified schema is specifically designed to reduce the complexity in incident response. By normalizing a set of standard fields across all log sources, security teams no longer have to write complex queries to track an incident across their systems. Query once against Tarsal fields — let us figure out how that maps back to the original data.

We save you money on log storage costs by letting you route logs to the cheapest destination. With data growing 23% year over year, organizations face ballooning infrastructure cost. Tarsal lets you filter + route logs to any of our supported destinations, including major SIEMs, Amazon S3, or a modern data warehouse like Snowflake, BigQuery, or Databricks.

Tarsal lets you write real-time detections as code. Write expressive and flexible detections in Python for needs specific to your enterprise. Benefit from pre-built detections that are mapped to specific threats.

We alert you if anything breaks in your log ingestion. Rest assured that you’re collecting the data you’d need during an incident. Set up Slack or PagerDuty alerts if any of your logs stop syncing over.

🎉 Interested?

Email us at founders@tarsal.co and we’ll give you a link to sign up. You can also a book a call with me here to learn more.