Skip to main content

The Open Source
Security Lake Platform for AWS

Serverless, high scale, low cost, zero-ops security log analytics in your AWS account.

Architecture diagram showing components of Matano

Matano lets you own your security data

And be free from vendor lock-in

Cybersecurity vendors lock your data in proprietary formats that make it difficult to use outside of their products.

With Matano, all your data is in open format Apache Iceberg tables that can can be directly queried from different tools (AWS Athena, Snowflake, etc.) without having to copy any data.

Query data in Matano from query engines like Snowflake, Athena, BigQuery, Spark, and Trino

Write advanced detections as code

Correlate and alert on threats in realtime.

Matano gives you the complete flexibility of Python code to build high-fidelity detections that capture threats in realtime.

Build stateful alerts to assess entity-risk over time or combine signals using scheduled SQL detections.

Alerting rules in Matano are designed to be tested, reviewed, and incrementally hardened, resulting in a drastic reduction of false-positives compared to traditional SIEM.

An example Matano Python detection on Zeek data checking for a Windows service changed remotely

Enrich, transform, normalize

From unstructured logs to a powerful security data lake

Matano allows for Vector Remap Language (VRL) scripting to easily normalize & enrich raw security logs without maintaining any servers (goodbye Logstash).

Managed log sources to easily ingest security logs from popular cloud, host, and SaaS tools using pre-built parsers.

With native support for the Elastic Common Schema, Matano enables enhanced correlation and bulk search for indicators across your security data lake.

An example Matano log transformation script normalizing Cloudtrail logs using Vector Remap language

Built for scale

Eliminate gaps in your security program and analyze all your data.

With Matano, you can confidently analyze and store all your data without worrying about a cost prohibitive bill.

Matano uses a data lake architecture with the latest technologies in Big Data from Apache Arrow and Iceberg to Rust, and is built on foundational, predictable cloud services like S3, Lambda, and SQS.

Why Matano?

Collect data from all your sources

Matano lets you collect log data from sources using S3 or SQS based ingestion, and comes out of the box with sources like CloudTrail, Zeek, Suricata and more.

Ingest, transform, normalize log data

Matano normalizes and transforms your data using VRL. Matano works with the Elastic Common Schema by default and you can define your own schema.

Detections as code

Write Python detections to implement realtime alerting on your log data.

Apache Iceberg Data lake

All data is ingested into an Apache Iceberg data lake. The Iceberg open table format ensures you own your data in a vendor agnostic format.

Store data in S3 object storage

Log data is always stored in highly optimized Parquet files in S3 object storage, for cost effective, long term, durable storage.


Matano is a fully serverless platform, designed for zero-ops and unlimited elastic horizontal scaling.

High scale. Low cost. Zero ops. Pick three.

Unlock all your security data today.