Matano now supports realtime streaming enrichment for log sources, allowing you to enrich your data in realtime as it is ingested into Matano. This powerful new feature allows you to add contextual information directly into your data without the need for a join or lookup later on.

Matano now supports a managed integration for ingesting audit events and alerts from Google Workspace. As with all managed log sources, Matano handles the polling, ingestion, parsing, and normalization of all Google Workspace log sources. The integration includes Google Workspace Admin events, Login events, SAML events and alerts from the Google Workspace Alert Center.

AWS launched the latest version of their Amazon Athena query engine — Athena engine version 3 at last year's re:Invent. The new engine version includes many exciting new features and improvements, including improved Apache Iceberg support & performance, new statements and functions, and other features. Let's explore some of these improvements and how you can use them with Matano.

We're adding support for pulling logs and enrichment data from identity and auth sources to your Matano data lake. This means you can query failed/successful sign-in attempts, view audit logs, and query user information from popular SaaS sources directly using SQL and write detection rules to detect threats in realtime using Python!

We're adding support today to Matano for seven new AWS managed log sources, including S3 Access logs, S3 Inventory reports, AWS ELB access logs, Amazon Inspector findings, and AWS Config configuration history data. With this enhancement, you can gain an even more comprehensive view of your AWS environment and improve your security posture.

We're excited to announce that Matano now supports managed log sources from Suricata. This means that you can easily ingest and analyze your network activity logs and alerts from Suricata into your Matano security lake without having to define any schemas or parsers.

We're excited to announce that Matano now supports managed log sources from Crowdstrike. This means that you can easily ingest and analyze your endpoint security logs from Crowdstrike Falcon and Crowdstrike Falcon Data Replicator (FDR) logs into your Matano security lake without having to define any schemas or parsers.

You can now use enrichment tables in Matano to ingest custom data and threat intelligence to enrich your data, detections, and alerts. You can use this information to enhance correlation, improve alerts, and reduce false positives.

Matano now automatically runs Iceberg table maintenance on Matano tables, including data compaction and expiring snapshots, greatly improving query performance and cost efficiency. Read on for how table maintenance works and how we run completely serverless Iceberg table maintenance on AWS.

We're adding support for the first two managed log sources to Matano: AWS CloudTrail and Zeek. Now you can analyze your AWS events and network traffic in Matano without having to define any schemas or parsers.