Skip to main content

Matano adds Identity Data Lake

· 2 min read

We're adding support for pulling logs and enrichment data from identity and auth sources to your Matano data lake. This means you can query failed/successful sign-in attempts, view audit logs, and query user information from popular SaaS sources directly using SQL and write detection rules to detect threats in realtime using Python!



Identity logs, generated from solutions such as Okta, Azure AD, and Duo, play a crucial role in understanding user activity and behavior within your organization. Matano now fully supports centralizing all your identity data into a structured data lake in your AWS account.

New Log Sources

In this release, we're adding support for ingesting authentication activity and identity data from Okta, Duo, 1Password, Microsoft Azure Active Directory (Azure AD), and Google Workspace.

Log SourceTables
1Passworditem_usages
signin_attempts
Duoadmin
auth
offline_enrollment
summary
telephony
Google Workspacelogin
Microsoft Azure ADaad_signinlogs
Oktasystem

Sample queries

You can use the full power of SQL to analyze sign-in behavior and other authentication activity. Here are some sample SQL queries that you could run on your identity data:

Recent failed sign-in attempts from 1Password

SELECT *
FROM "matano"."onepassword_signin_attempts"
WHERE ts > current_timestamp - interval '7' day
AND event.outcome = 'failure'

View activity per user in Okta today

SELECT user.full_name AS user_name,
count(*) AS count_logs
FROM "matano"."okta_system"
WHERE ts > current_timestamp - interval '1' day
GROUP BY user.full_name

Up next

In the near future, we'll be expanding our Identity & Auth integrations further by adding support for synchronizing enrichment data (users, roles, lookup tables, etc.) into your data lake. We also are working on new managed integration sources, so feel free to reach out if there is a log source you'd like to see in this list!

Get started now

You can ingest and analyze any of these log sources in your AWS account out of the box today. View the complete documentation for more information.