Skip to main content

The Open Source
Security Lake Platform for AWS

Serverless, high scale, low cost, zero-ops security log analytics in your AWS account.

We're building a modern cloud native SIEM.
Join the waitlist for Matano Cloud.
Architecture diagram showing components of Matano

Matano lets you own your security data

And be free from vendor lock-in

Cybersecurity vendors lock your data in proprietary formats that make it difficult to use outside of their products.

Matano takes a different approach by building around an open security data lake that you own.

With Matano, all your data is stored in open format Apache Iceberg tables that can can be directly queried from different tools (Amazon Athena, Snowflake, Spark etc.) without having to copy any data.

Query data in Matano from query engines like Snowflake, Athena, BigQuery, Spark, and Trino

Write advanced detections as code

Correlate and alert on threats in realtime.

Matano gives you the complete flexibility of Python code to build high-fidelity detections that capture threats in realtime.

Build stateful alerts to assess entity-risk over time or combine signals using scheduled SQL detections.

Alerting rules in Matano are designed to be tested, reviewed, and incrementally hardened, resulting in a drastic reduction of false-positives compared to traditional SIEM.

An example Matano Python detection on Zeek data checking for a Windows service changed remotely

Enrich, transform, normalize

From unstructured logs to a powerful security data lake

Matano includes a serverless log transformation pipeline allowing for Vector Remap Language (VRL) scripting to easily normalize & enrich raw security logs without maintaining any servers (goodbye Logstash).

Matano provides dozens of managed log sources to easily ingest security logs from popular cloud, host, and SaaS tools using pre-built parsers and integrations.

With native support for the Elastic Common Schema, Matano enables enhanced correlation and bulk search for indicators across your security data lake.

An example Matano log transformation script normalizing Cloudtrail logs using Vector Remap language

Built for petabyte scale

Eliminate gaps in your security program and analyze all your data.

With Matano, you can confidently analyze and store all your data without worrying about a cost prohibitive bill.

Matano's security data lake architecture uses the latest technologies in Big Data from Apache Arrow and Iceberg to Rust, and is built on foundational, predictable cloud services like S3, Lambda, and SQS.

Why Matano?

Collect data from all your sources

Matano lets you collect data using S3 or SQS based ingestion, comes out of the box with sources like CloudTrail, Zeek, and Okta, and automatically pulls log data from all your SaaS sources.

Ingest, transform, normalize log data

Matano includes an embedded transformation engine that normalizes your data using VRL. Matano works with the Elastic Common Schema by default and you can define your own schema.

Detections as code

Use the flexibility of Python to implement realtime alerting on your log data and introduce a development lifecycle to detection by managing rules in Git (test, code review, audit).

Security Data lake

All your security data is ingested into an open security data lake. The Apache Iceberg open table format ensures you own your data in a vendor agnostic format.

Store data in S3 object storage

Log data is always stored in highly optimized Parquet files in S3 object storage, for cost effective, long term, durable storage.


Matano is a fully serverless platform, designed for zero-ops and unlimited elastic horizontal scaling.

Start building on the security lake platform

Unlock all your security data today.
We're building a modern cloud native SIEM.
Join the waitlist for Matano Cloud.