matano
matano copied to clipboard
matanolabs
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
Add managed log source for CloudWatch metric streams. ## Considerations Currently, the main way to get CW metrics streams is through integration with Kinesis Firehose. If we supported the metrics...
## Problem Statement Many of our internal integrations of devops are hosted outside AWS and all have webhook dispatch as common output mechanism . And the outputs from these dispatched...
Add a feature that allows users to consume Matano alerts in realtime using webhooks for security automation use cases. To make this possible, we need to expose an SNS topic...
## Overview Currently we support ingesting from S3, with an SQS ingestion integration in progress. We should also support ingesting directly from GCS buckets, will be useful for e.g. GCP...
Add support for events forwarded from Sysdig Secure. The policy events are what I'm currently most interested in. For my use case, that will primarily be rule matches for container...
All functions should output fully structured logs. ## Considerations Every individual event that triggers a Lambda should result in at least one line of structured output. This will improve observability...
### Overview Google workspace offers several relevant audit logs. ### Tables - [x] #79 - [x] #100 - [ ] SAML - [ ] Rules - [ ] Drive -...
Tracking issue for enrichment support ## Goal Provide enrichment through enrichment tables in Matano - [x] Enrichment table as Iceberg table - [x] Enrichment tables for lookup in Python detections...
## Problem The managed log source type `AWS_S3ACCESS` fails if the `name` property in config isn't set to `aws_s3access`. Take this example config: ``` name: aws_s3_access managed: type: AWS_S3ACCESS ingest:...
Metadata
Owner
Metadata
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS