Matano

Matano is an open-source security lake platform for AWS. It enables you to ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for real-time alerts. Matano is entirely serverless, designed specifically for AWS, and focuses on achieving high scalability, low cost, and zero operations. Matano is fully deployed within your AWS account. **Key Features** **Security Data Lake:** Matano standardizes unstructured security logs into a structured, real-time data lake within your AWS account. **Collect All Your Logs:** Matano integrates out-of-the-box with over 50 security log sources and can be easily extended with custom sources. **Detection as Code:** Build real-time detections as code using Python. Supports automatic import of Sigma detections into Matano. **Log Transformation Pipeline:** Matano supports custom VRL (Vector Remap Language) scripts to parse, enrich, normalize, and transform your logs—without managing any servers. **No Vendor Lock-in:** Matano uses open table formats (Apache Iceberg) and open architecture standards (ECS), giving you full ownership of your security data in a vendor-neutral format. **Bring Your Own Analytics:** Query your security lake directly from any Iceberg-compatible engine (AWS Athena, Snowflake, Spark, Trino, etc.) without duplicating data. **Serverless:** Matano is fully serverless, built for AWS, and designed to deliver high scale, low cost, and zero operations.

Matano is an open-source, cloud-native security data lake platform designed for ingesting, storing, and querying massive volumes of security log data on AWS. It enables real-time threat detection and alerts through Python code, aiming to deliver highly scalable, low-cost, and zero-maintenance security analytics capabilities.