Skip to main content

Introduction

What is Matano?

Matano is an open source security lake platform (SIEM alternative) for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and focuses on enabling high scale, low cost, and zero-ops, and deploys fully into your AWS account.

Key features

  • Security Data Lake: Matano normalizes unstructured security logs into a structured realtime data lake in your AWS account.
  • Collect All Your Logs: Matano integrates out of the box with 50+ sources for security logs and can easily be extended with custom sources.
  • Detection-as-Code: Use Python to build realtime detections as code. Support for automatic import of Sigma detections to Matano.
  • Log Transformation Pipeline: Matano supports custom VRL (Vector Remap Language) scripting to parse, enrich, normalize and transform your logs as they are ingested without managing any servers.
  • No Vendor Lock-In: Matano uses an open table format (Apache Iceberg) and open schema standards (ECS), to give you full ownership of your security data in a vendor-neutral format.
  • Bring Your Own Analytics: Query your security lake directly from any Iceberg-compatible engine (AWS Athena, Snowflake, Spark, Trino etc.) without having to copy data around.
  • Serverless: Matano is fully serverless and designed specifically for AWS and focuses on enabling high scale, low cost, and zero-ops.