Managed Log sources

Matano managed log sources are common log sources for which Matano provides preconfigured normalizations, transformations, and schemas. This lets you easily ingest logs from a supported log source without having to write a transformation or specify a schema.

Using managed log sources

To use a Matano managed log source, specify the managed.type property in your log_source.yml with the corresponding identifier for the managed log source. There is then no need to specify fields like transform or schema as these will be applied automatically by the managed log source.

For example, to use the CloudTrail managed log source, your log_source.yml may look as follows:

name: "aws_cloudtrail"

managed:
  type: "AWS_CLOUDTRAIL"

Managed log sources may also specify additional properties for custom configuration. You may provide this in the managed.properties key in your log_source.yml. Consult the log source specific documentation for the values to provide, if any.

Supported managed log sources

The following are currently supported Matano managed log sources. Click through to view specific documentation for each log source.

🗃️ AWS

9 items

🗃️ Crowdstrike

2 items

📄️ Cloudflare

The Cloudflare Matano managed log source lets you ingest your Cloudflare logs directly into Matano.

📄️ Duo

The Duo Matano managed log source lets you ingest your Duo logs directly into Matano.

📄️ GitHub

The GitHub audit logs managed log source lets you ingest your GitHub audit logs directly into Matano.

📄️ 1Password

The 1Password Matano managed log source lets you ingest your 1Password logs for item usages & sign-in attempts directly into Matano.

📄️ Google Workspace

The Google Workspace managed log source allows you to collect logs from various Google Workspace audit, activity, and report endpoints into Matano. The managed log source collects and normalizes data and audit activity from all the Google Workspace Audit Reports API endpoints as well as alerts from the Google Alert Center API.

📄️ Microsoft Graph

The Microsoft Graph managed log source allows you to collect various audit, reporting, and other logs from Microsoft 365 directly into Matano

📄️ Office 365

The Office 365 Matano managed log source lets you ingest your Microsoft Office 365 logs directly into Matano.

📄️ Okta

The Okta Matano managed log source lets you ingest your Okta System logs directly into Matano.

📄️ Palo Alto Networks

The Palo Alto Networks Matano managed log source lets you ingest your Palo Alto Networks Firewall logs. It supports parsing logs in the Palo Alto Networks PAN-OS Syslog Format.

📄️ Snyk

The Snyk Matano managed log source lets you ingest your Snyk Audit logs and vulnerabilty issues.

📄️ Suricata

The Suricata Matano managed log source lets you ingest your Suricata IDS/IPS/NSM logs. It parses logs that are in the Suricata Eve JSON format.

📄️ Zeek

The Zeek Matano managed log source lets you ingest your Zeek logs directly into Matano.