Matano is an open source cloud-native security data lake platform built specifically for AWS environments. The platform normalizes unstructured security logs into a structured real-time data lake within users' AWS accounts. The tool provides out-of-the-box integration with over 50 security log sources and supports Detection-as-Code functionality using Python for creating custom security detections. It includes automatic import capabilities for Sigma detection rules and features a log transformation pipeline with custom VRL (Vector Remap Language) scripting. Matano uses open table format standards including Apache Iceberg and open schema standards like ECS (Elastic Common Schema) to ensure vendor-neutral data storage. This approach allows users to maintain full ownership of their security data without vendor lock-in. The platform enables direct querying of the security data lake from various Iceberg-compatible analytics engines including AWS Athena, Snowflake, Spark, and Trino. Users can bring their own analytics tools and query engines to analyze the stored security data. Additionally, Matano offers a commercial managed Cloud SIEM solution that builds upon the open source foundation to provide a complete enterprise Security Operations platform.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Sysmon for Linux is a tool that monitors and logs system activity with advanced filtering to identify malicious activity.
AlienVault OSSIM provides an all-in-one security management solution with asset discovery, vulnerability assessment, and SIEM capabilities.
Serverless, real-time data analysis framework for incident detection and response.