Question 1

How to write a custom detection rule in Matano?

Accepted Answer

Create a Python file (detect.py) in your Matano directory with a function that processes log records; the README provides examples for scenarios like brute force logins or AWS API failures. You can define thresholds and alert destinations in a companion YAML configuration file.

Question 2

Matano vs AWS Security Lake: which is better for security logs?

Accepted Answer

Matano offers more flexibility with detection-as-code and open data formats (Iceberg/ECS), while AWS Security Lake is a managed service with broader AWS integration but less customization. Choose Matano for full control and cost savings, or AWS Security Lake for ease of use within the AWS ecosystem.

Question 3

What log sources does Matano support out of the box?

Accepted Answer

It includes 50+ managed sources such as AWS CloudTrail, Okta, CrowdStrike, and Cloudflare, with detailed documentation for each. Custom sources can be added using VRL transformations to parse and normalize logs into the ECS schema.

Question 4

How much does it cost to run Matano on AWS?

Accepted Answer

Costs scale with log volume and query usage, based on serverless AWS services like Kinesis (ingestion), S3 (storage), and Athena (querying). It can be significantly cheaper than proprietary SIEMs, but requires monitoring to optimize expenses.

Question 5

Can Matano replace Splunk for security monitoring?

Accepted Answer

It can serve as a cost-effective alternative for log centralization and detection, especially with its open data formats, but lacks Splunk's mature UI and app ecosystem. Matano is best for teams prioritizing data ownership and AWS-native serverless architecture over out-of-the-box features.

Question 6

How to set up Slack alerts in Matano?

Accepted Answer

Configure an alert destination in your detection YAML to use Slack via SNS integration; the docs provide steps for setting up webhooks and IAM permissions to deliver alerts directly to Slack channels.

Matano

What is Matano?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions