Run your SIEM on a generic data lake with one-click connectors that normalize your logs to a unified schema
Tarsal is the first data pipeline built for modern security teams. We’re like Fivetran or Segment, but built for security teams.
- one-click ingestion and normalization for all security logs (e.g multi-cloud infra, Okta, Duo, Slack, CrowdStrike, etc.)
- normalization across sources for easy correlation
- detections as code
- a vendor-agnostic pipeline so you can use the best log destination for the job (supported destinations include Snowflake, S3, Databricks, Splunk, DataDog, etc.)
Sunny Rekhi (CEO) was previously an infrastructure + backend engineer at TikTok and Uber, where he worked on high scale data systems.
Manny Gundampalli (CTO) was previously a data infrastructure engineer at Plaid, where she worked on Plaid’s highest volume ML pipelines.
Security data has become unmanageable.
Tarsal is the first data pipeline built for modern security teams. With zero-hassle, one-click connectors, security teams can ingest normalized data and route it to the destination of their choice.
Our unified schema is specifically designed to reduce the complexity in incident response. By normalizing a set of standard fields across all log sources, security teams no longer have to write complex queries to track an incident across their systems. Query once against Tarsal fields — let us figure out how that maps back to the original data.
We save you money on log storage costs by letting you route logs to the cheapest destination. With data growing 23% year over year, organizations face ballooning infrastructure cost. Tarsal lets you filter + route logs to any of our supported destinations, including major SIEMs, Amazon S3, or a modern data warehouse like Snowflake, BigQuery, or Databricks.
Tarsal lets you write real-time detections as code. Write expressive and flexible detections in Python for needs specific to your enterprise. Benefit from pre-built detections that are mapped to specific threats.
We alert you if anything breaks in your log ingestion. Rest assured that you’re collecting the data you’d need during an incident. Set up Slack or PagerDuty alerts if any of your logs stop syncing over.