Elastic Security SIEM
Modern, cost-efficient SIEM with years of searchable data.
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Serverless security data lake for AWS with detection-as-code
Matano delivers a cloud‑native, serverless security data lake on AWS, normalizing 50+ log sources, enabling detection‑as‑code with Python, and offering vendor‑neutral analytics via Apache Iceberg.
Matano is a cloud‑native security data lake built specifically for AWS environments. It ingests and normalizes unstructured logs from more than 50 native and third‑party sources, storing them in an open table format (Apache Iceberg) with Elastic Common Schema (ECS) alignment. Real‑time detections are authored in Python, with built‑in support for importing Sigma rules, and custom log transformations are handled via Vector Remap Language (VRL) scripts.
The platform is fully serverless, leveraging AWS services such as Athena, S3, and SNS, which eliminates the need for managing servers and reduces operational overhead. Users deploy Matano with a single CLI command that provisions the required resources in their AWS account. Once deployed, analysts can query the lake directly from any Iceberg‑compatible engine (Athena, Snowflake, Spark, Trino, etc.) and route alerts to destinations like Slack or SNS, enabling flexible, cost‑effective security operations.
When teams consider Matano, these hosted platforms usually appear on the same shortlist.
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Reduce SIEM licensing costs
Ingest all security logs into Matano’s data lake and query with Athena, eliminating the need for expensive third‑party SIEM storage.
Custom threat detection with Python
Write detection scripts that scan CloudTrail and Okta logs in real time, generating alerts to Slack via SNS.
Enrich and normalize logs from a new SaaS app
Use VRL to parse raw JSON, map fields to ECS, and make the data instantly searchable alongside existing sources.
Ad‑hoc investigation using existing analytics tools
Connect Snowflake or Trino to the Iceberg tables and run complex joins without moving data.
No. Matano is fully serverless and runs on managed AWS services.
Matano includes integrations for over 50 sources such as CloudTrail, VPC Flow Logs, Okta, GitHub, Crowdstrike, and many more.
Yes. The data lake is stored in Apache Iceberg, so any Iceberg‑compatible engine (Athena, Snowflake, Spark, Trino, etc.) can query it.
Data is saved in an open table format (Apache Iceberg) with ECS schema, allowing you to move or copy it without vendor lock‑in.
Detections are Python programs invoked in real time as logs are ingested, and they can emit alerts to configured destinations like SNS or Slack.
Project at a glance
StableLast synced 4 days ago
