What is VAST?
VAST is an embeddable telemetry engine for structured event data, purpose-built for use cases in security operations. VAST is an acronym and stands for Visibility Across Space and Time.
Consider VAST if you want to:
- Store, aggregate, and manage massive amounts of security telemetry
- BYO data science and data engineering tools for security analytics
- Build a foundation for a federated detection and response architecture
- Operationalize threat intelligence and detect at the edge
- Empower threat hunters with a data-centric investigation tool
If you're unsure whether VAST is the right tool for your use case, keep reading.
We organize the remainder of this documentation along the journey of a typical user:
- Setup VAST describes how you can download, install, and configure VAST in a variety of environments. 👉 Start here if you want to deploy VAST.
- Use VAST explains how to work with VAST, e.g., ingesting data, running queries, matching threat intelligence, or integrating it with other security tools. 👉 Go here if you have a running VAST, and want to explore what you can do with it.
- Understand VAST describes the system design goals and architecture, e.g., the actor model as concurrency and distribution layer, separation of read/write path, and core components like the catalog that provides light-weight indexing and manages schema meta data. 👉 Read here if you want to know why VAST is built the way it is.
- Develop VAST provides developer-oriented resources to work on VAST, e.g., write own plugins or enhance the source code. 👉 Look here if you are ready to get your hands dirty and write code.