Skip to main content

Snyk

The Snyk Matano managed log source lets you ingest your Snyk Audit logs and vulnerabilty issues.

Usage

Use the managed log source by specifying the managed.type property in your log_source as SNYK.

name: snyk

managed:
type: SNYK
properties:
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>

Then create tables for each of the Snyk logs you want to ingest. For example, if you want to ingest Snyk audit logs, as well vulnerabilities, create table files like so:

my-matano-dir/
└── log_sources/
└── snyk/
└── log_source.yml
└── tables/
└── audit.yml
└── vulnerabilities.yml
└── ...
# log_sources/snyk/tables/audit.yml
name: audit

For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.

Tables

The Snyk managed log source supports the following tables:

  • audit
  • vulnerabilities

Ingest

Pull (default)

Matano integrates with your Snyk account to automatically pull relevant logs on a regular basis (every 24 hrs).

To get started with the integration, specify the following properties in the log source configuration file:

managed:
type: SNYK
properties:
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>

After the first deployment, this log source will also generate a secret in AWS secret's manager to store secrets related to this integration.

Secret

To finish onboarding the log source, populate the api_token key in the secret generated by Matano in AWS Secrets Manager, with the value of your Snyk API token.

Schema

Snyk log data is normalized to ECS fields. Custom fields are normalized into the snyk field. You can view the complete mapping to see the full schema.