Skip to main content


Get Help

Welcome to the VAST documentation! If you have any questions, do not hesitate to join our community Slack or open a GitHub discussion.

What is VAST?

VAST is an embeddable telemetry engine for structured event data, purpose-built for use cases in security operations. VAST is an acronym and stands for Visibility Across Space and Time.

Consider VAST if you want to:

  • Store, aggregate, and manage massive amounts of security telemetry
  • BYO data science and data engineering tools for security analytics
  • Build a foundation for a federated detection and response architecture
  • Operationalize threat intelligence and detect at the edge
  • Empower threat hunters with a data-centric investigation tool

If you're unsure whether VAST is the right tool for your use case, keep reading.

What's Next?

We organize the remainder of this documentation along the journey of a typical user:

  1. Setup VAST describes how you can download, install, and configure VAST in a variety of environments. 👉 Start here if you want to deploy VAST.
  2. Use VAST explains how to work with VAST, e.g., ingesting data, running queries, matching threat intelligence, or integrating it with other security tools. 👉 Go here if you have a running VAST, and want to explore what you can do with it.
  3. Understand VAST describes the system design goals and architecture, e.g., the actor model as concurrency and distribution layer, separation of read/write path, and core components like the catalog that provides light-weight indexing and manages schema meta data. 👉 Read here if you want to know why VAST is built the way it is.
  4. Develop VAST provides developer-oriented resources to work on VAST, e.g., write own plugins or enhance the source code. 👉 Look here if you are ready to get your hands dirty and write code.