matano
matano copied to clipboard
matanolabs
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
I noticed that there's consistent throttling of the `IcebergMetadataWriterFunction` (>100/5m) and `LakeWriterAlertsFunction` (>350/5m) lambdas and was wondering if this is expected behavior or if there's some tuning that should be...
We're experiencing a problem appears to be resolved recently in the `3a4967d` commit with Athena queries returning the `ICEBERG_CANNOT_OPEN_SPLIT` error when it hits a faulty file pointer. Is the fix...
Hi Matano Team, We are trying to install Matano in our environment. Ours is a highly restricted environment so when we do matano init or deploy we are getting one...
Wanted to throw this out there to start a discussion on the implementation. I tested with: - a disabled detection - an enabled detection - both enabled and disabled detection...
Zeek writes logs using TSV / ASCII format by default. These logs are gzipped (by default) by the Zeek log rotation script so most folks will end up uploading gzipped...
hi all! i'm investigating using matano for some log ingestion, and some of the ALB log files i'm looking at are extremely large - 100MB compressed, multiple GB decompressed. we're...
As discussed in discord, some community members including me have been facing inconsistent timeouts and errors during the snapshot expiry process. There seems to be some bug with Athena and...
A matano managed log source for osquery has been requested by a few community users, would be great to support pulling logs from osquery (e.g. query results, diffs) and storing...
The feature request pertains to having support for managed AWS Health Events logs. Ref : https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html As on date, from the security standpoint, the health events are only useful during...
Users would like to be able to include custom context inside of their alerts. For example, the alert body should contain data from the event other than the default ECS...
Metadata
Owner
Metadata
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS