matano
matano copied to clipboard
matanolabs
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS
## Overview [Microsoft Graph](https://learn.microsoft.com/en-us/graph/use-the-api) is a unified API for access to many relevant Microsoft/Azure logs & resources. ## Puller The advantage of Microsoft Graph is we can implement a largely...
### Problem AWS ELB does not include AWS account ID in each event payload, this information is only included in the path e.g. `aws-elb-logs//...`. As a user, I would like...
## Problem If the Matano CLI doesn't find a `detections/` dir, it throws an error: ``` $ matano diff --user-directory ./config/envs/my-env › Error: ENOENT: no such file or directory, scandir...
We need to be able to modify things like function CPU, memory, and timeouts. Figure out a good UX for exposing these options (maybe others as well) via the Matano...
The documentation for "Bring Your Own Bucket" ingestion does not include any instructions for setting permissions required for buckets and KMS resources. One use-case is an organisation where the AWS...
### Overview Having corporate user information available for enrichment as enrichment tables will be highly useful for analysis, investigation, detection. ### Goals - Integrate managed enrichment sources for popular user...
## The Problem When creating Matano with byob, I was unable to deploy DPMainStack with the error ["Configuration is ambiguously defined"](https://aws.amazon.com/premiumsupport/knowledge-center/lambda-s3-event-configuration-error/) Ultimately this was because my existing dev bucket already...
Add support for managing logs (data?) and events from AWS Config. This includes configuration snapshots, configuration history, and configuration streams. ## Considerations AWS Config sends notifications to SNS for a...
Add a basic user guide showing how to run queries. ## Considerations I'm not sure if we should have a top-level guide (perhaps below the "Tables" section), or if we...
## Overview Currently, semi structured data must be stringified and defined as a string type. Subsequently, it is always treated as a string type (e.g. in detections). ## Goal Add...
Metadata
Owner
Metadata
Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS