The Open Source
Security Lake Platform for AWS
Serverless, high scale, low cost, zero-ops security log analytics in your AWS account.

Matano lets you own your security data
And be free from vendor lock-in
Cybersecurity vendors lock your data in proprietary formats that make it difficult to use outside of their products.
Matano takes a different approach by building around an open security data lake that you own.
With Matano, all your data is stored in open format Apache Iceberg tables that can can be directly queried from different tools (Amazon Athena, Snowflake, Spark etc.) without having to copy any data.

Write advanced detections as code
Correlate and alert on threats in realtime.
Matano gives you the complete flexibility of Python code to build high-fidelity detections that capture threats in realtime.
Build stateful alerts to assess entity-risk over time or combine signals using scheduled SQL detections.
Alerting rules in Matano are designed to be tested, reviewed, and incrementally hardened, resulting in a drastic reduction of false-positives compared to traditional SIEM.

Enrich, transform, normalize
From unstructured logs to a powerful security data lake
Matano includes a serverless log transformation pipeline allowing for Vector Remap Language (VRL) scripting to easily normalize & enrich raw security logs without maintaining any servers (goodbye Logstash).
Matano provides dozens of managed log sources to easily ingest security logs from popular cloud, host, and SaaS tools using pre-built parsers and integrations.
With native support for the Elastic Common Schema, Matano enables enhanced correlation and bulk search for indicators across your security data lake.

Built for petabyte scale
Eliminate gaps in your security program and analyze all your data.
With Matano, you can confidently analyze and store all your data without worrying about a cost prohibitive bill.
Matano's security data lake architecture uses the latest technologies in Big Data from Apache Arrow and Iceberg to Rust, and is built on foundational, predictable cloud services like S3, Lambda, and SQS.
Why Matano?
Collect data from all your sources
Matano lets you collect data using S3 or SQS based ingestion, comes out of the box with sources like CloudTrail, Zeek, and Okta, and automatically pulls log data from all your SaaS sources.
Ingest, transform, normalize log data
Matano includes an embedded transformation engine that normalizes your data using VRL. Matano works with the Elastic Common Schema by default and you can define your own schema.
Detections as code
Use the flexibility of Python to implement realtime alerting on your log data and introduce a development lifecycle to detection by managing rules in Git (test, code review, audit).
Security Data lake
All your security data is ingested into an open security data lake. The Apache Iceberg open table format ensures you own your data in a vendor agnostic format.
Store data in S3 object storage
Log data is always stored in highly optimized Parquet files in S3 object storage, for cost effective, long term, durable storage.
Serverless
Matano is a fully serverless platform, designed for zero-ops and unlimited elastic horizontal scaling.