Matano lets you own your security data
And be free from vendor lock-in
Cybersecurity vendors lock your data in proprietary formats that make it difficult to use outside of their products.
With Matano, all your data is in open format Apache Iceberg tables that can can be directly queried from different tools (AWS Athena, Snowflake, etc.) without having to copy any data.
Write advanced detections as code
Correlate and alert on threats in realtime.
Matano gives you the complete flexibility of Python code to build high-fidelity detections that capture threats in realtime.
Build stateful alerts to assess entity-risk over time or combine signals using scheduled SQL detections.
Alerting rules in Matano are designed to be tested, reviewed, and incrementally hardened, resulting in a drastic reduction of false-positives compared to traditional SIEM.
Enrich, transform, normalize
From unstructured logs to a powerful security data lake
Matano allows for Vector Remap Language (VRL) scripting to easily normalize & enrich raw security logs without maintaing any servers (goodbye Logstash).
Managed log sources to easily ingest security logs from popular cloud, host, and SaaS tools using pre-built parsers.
With native support for the Elastic Common Schema, Matano enables enhanced correlation and bulk search for indicators across your security data lake.
Built for scale 🦀🛡️
Eliminate gaps in your security program and analyze all your data.
With Matano, you can confidently analyze and store all your data without worrying about a cost prohibitive bill.
Matano uses a data lake architecture with the latest technologies in Big Data from Apache Arrow and Iceberg to Rust, and is built on foundational, predictable cloud services like S3, Lambda, and SQS.
Collect data from all your sources
Matano lets you collect log data from sources using S3 or SQS based ingestion, and comes out of the box with sources like CloudTrail, Zeek, and more.
Ingest, transform, normalize log data
Matano normalizes and transforms your data using VRL. Matano works with the Elastic Common Schema by default and you can define your own schema.
Detections as code
Write Python detections to implement realtime alerting on your log data.
Apache Iceberg Data lake
All data is ingested into an Apache Iceberg data lake. The Iceberg open table format ensures you own your data in a vendor agnostic format.
Store data in S3 object storage
Log data is always stored in highly optimized Parquet files in S3 object storage, for cost effective, long term, durable storage.
Matano is a fully serverless platform, designed for zero-ops and unlimited elastic horizontal scaling.