Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit



Failed to load latest commit information.
Latest commit message
Commit time
March 16, 2023 12:09
March 16, 2023 13:34
March 15, 2023 12:16
March 16, 2023 12:09
March 16, 2023 13:34
January 28, 2023 15:07
November 17, 2022 22:21
October 17, 2019 21:39
February 10, 2023 11:41
February 27, 2023 13:33
February 27, 2023 13:33


Visibility Across Space and Time

About | Try | Use | Understand | Contribute | Develop


VAST is the open-source pipeline and storage engine for security.

Building Blocks Building Blocks

VAST offers dataflow pipelines for data acquisition, reshaping, routing, and integration of security tools. Pipelines transport richly typed data frames to enable efficient analytical high-bandwidth streaming workloads. VAST's open storage engine uses the same dataflow language to deliver a unified abstraction for batch and stream processing to drive a wide variety of security use cases.

A VAST node provides managed pipelines and storage as a continuously running service. You can run pipelines across multiple nodes to create a distributed security data architecture.

Building Blocks Building Blocks

Consider VAST if you want to:

  • Filter, shape, aggregate, and enrich security events before they hit your SIEM or data lake
  • Normalize, enrich, and deduplicate events prior to passing them downstream
  • Store, compact, and search event data in an open storage format (Apache Parquet & Feather)
  • Perform high-bandwidth analytics with any data tool powered by Apache Arrow
  • Operationalize threat intelligence for live and retrospective detection
  • Build your own security data lake or federated XDR architecture

Get Started

Our quickstart guide showcases how you can start exploring Zeek and Suricata data with VAST. Start here to get a first impression of VAST.

To get hands-on with VAST, follow these steps:

  1. Download VAST
  2. Start a VAST node
  3. Run pipelines to import/export data

If you have any questions when reading our docs, feel free to start a GitHub discussion or swing by our Discord chat—we're here to help!


VAST comes with a 3-clause BSD license.

Scientific Use

When referring to VAST in a scientific context, please use the following citation:

  author    = {Matthias Vallentin and Vern Paxson and Robin Sommer},
  title     = {{VAST: A Unified Platform for Interactive Network Forensics}},
  booktitle = {Proceedings of the USENIX Symposium on Networked Systems
               Design and Implementation (NSDI)},
  month     = {March},
  year      = {2016}

You can download the paper from the NSDI'16 proceedings website.

Developed with ❤️ by Tenzir