Snyk
The Snyk Matano managed log source lets you ingest your Snyk Audit logs and vulnerabilty issues.
Usage
Use the managed log source by specifying the managed.type
property in your log_source
as SNYK
.
name: snyk
managed:
type: SNYK
properties:
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>
Then create tables for each of the Snyk logs you want to ingest. For example, if you want to ingest Snyk audit logs, as well vulnerabilities, create table files like so:
my-matano-dir/
└── log_sources/
└── snyk/
└── log_source.yml
└── tables/
└── audit.yml
└── vulnerabilities.yml
└── ...
# log_sources/snyk/tables/audit.yml
name: audit
For a complete reference on configuring log sources, including extending the table schema, see Log source configuration.
Tables
The Snyk managed log source supports the following tables:
- audit
- vulnerabilities
Ingest
Pull (default)
Matano integrates with your Snyk account to automatically pull relevant logs on a regular basis (every 24 hrs).
To get started with the integration, specify the following properties in the log source configuration file:
managed:
type: SNYK
properties:
group_id: <MY_GROUP_ID>
org_id: <MY_ORG_ID>
After the first deployment, this log source will also generate a secret in AWS secret's manager to store secrets related to this integration.
Secret
To finish onboarding the log source, populate the api_token
key in the secret generated by Matano in AWS Secrets Manager, with the value of your Snyk API token.
Schema
Snyk log data is normalized to ECS fields. Custom fields are normalized into the snyk
field. You can view the complete mapping to see the full schema.