Open source cloud-native security data lake built for AWS that serves as a serverless alternative to traditional SIEM solutions like Splunk.
About Matano
Matano is an open source security data lake platform designed specifically for AWS that transforms unstructured security logs into a structured, real-time data lake. It provides a serverless, cost-effective alternative to traditional SIEM solutions by leveraging open standards like Apache Iceberg and ECS schema. The platform enables security teams to collect logs from 50+ sources, write Python-based detections as code, and query data using any Iceberg-compatible analytics engine without vendor lock-in.
Key Features
- Serverless security data lake that normalizes unstructured logs into structured real-time format
- Out-of-the-box integration with 50+ security log sources with extensibility for custom sources
- Detection-as-Code using Python with automatic Sigma detection import support
- Custom log transformation pipeline using VRL scripting for parsing and enrichment
- Vendor-neutral format using Apache Iceberg and ECS standards for full data ownership
- Query compatibility with multiple analytics engines including AWS Athena, Snowflake, and Spark
- Cost-effective alternative to traditional SIEM solutions with zero-ops serverless architecture