matanolabs/matano issues and pull requests

#192 - Support Multi-Architecture Builds

Pull Request - State: closed - Opened by RoseSecurity 2 months ago

#191 - Feature Request: GuardDuty managed log source

Issue - State: open - Opened by britton-from-notion 3 months ago

#190 - Updates and fixes

Pull Request - State: closed - Opened by Samrose-Ahmed 4 months ago

#189 - Snyk managed integration new URL endpoint.

Issue - State: closed - Opened by ubpomelo 7 months ago - 1 comment

#188 - [Blocked] Unable to deploy Matano in a fresh AWS account - Lambda runtime deprecation for NodeJS 14.x

Issue - State: closed - Opened by IMG-PRCSNG 7 months ago - 7 comments

#187 - o365

Issue - State: open - Opened by swingersil 10 months ago

#186 - Cloudflare HTTP Event Log Source Schema is incorrect for `BotTags`

Issue - State: open - Opened by deeso 10 months ago - 1 comment

#185 - Update avro.rs

Pull Request - State: closed - Opened by gromit6891 10 months ago

#184 - Error: An error occurred: Access Denied

Issue - State: closed - Opened by ubpomelo 10 months ago

#183 - Update system workgroup to Athena Engine Version 3

Pull Request - State: closed - Opened by Samrose-Ahmed 11 months ago - 2 comments

#182 - Remove bracket in VRL to fix o365 log ingest

Pull Request - State: closed - Opened by clairecasalnova-cisa 12 months ago

#181 - Expected Lambda Throttling Behavior and Performance Benchmarks

Issue - State: open - Opened by damon-edstrom about 1 year ago

#180 - Faulty Metadata `file_path` Pointers

Issue - State: open - Opened by damon-edstrom about 1 year ago

#179 - Github Audit - Define `token_id` field statically as long or string

Issue - State: closed - Opened by damon-edstrom about 1 year ago - 2 comments

#178 - 🐛 Fix bug managed log source config name

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#177 - Zeek log source does not accept TSV format

Issue - State: open - Opened by hilt86 about 1 year ago

#176 - pin AVRO version in transformer to keep using rust 1.64 (due to cargo-lambda / GH build setup)

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#175 - Add our expire snapshots to fix Athena ICEBERG_CANNOT_OPEN_SPLIT

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#174 - fix: allows enable/disable of detections via config file

Pull Request - State: open - Opened by rileydakota about 1 year ago - 4 comments

#172 - How to just deploy matano in environments where cloud provisioning is guardrail-ed and controlled

Issue - State: open - Opened by RVaidhy about 1 year ago - 3 comments

#171 - Fix newly added PANW threat schema, fix error logging, update avro dep

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#170 - Fix: Prevent confusing error when invalid detection deployed

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#169 - concat record batches in lake writer

Pull Request - State: closed - Opened by Samrose-Ahmed about 1 year ago

#168 - Add versioning to Matano Lake storage bucket

Pull Request - State: closed - Opened by Samrose-Ahmed about 1 year ago

#167 - Enable versioning on Matano-managed buckets

Issue - State: closed - Opened by timoguin about 1 year ago

#166 - fix: adds lookup_keys for cisa_kev enrichment table

Pull Request - State: closed - Opened by rileydakota about 1 year ago - 2 comments

#165 - Fixes for PANW, O365, UrlHaus parsers - timestamp fields, event.severity as numerical

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#164 - Add PANW Threat Logs

Pull Request - State: closed - Opened by shaeqahmed about 1 year ago

#162 - Adds CISA Known Exploited Vulnerabilities as a managed enrichment table

Pull Request - State: closed - Opened by rileydakota over 1 year ago - 4 comments

#159 - fix: lake_writer: group writes by schema

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#158 - Populate client.ip for GitHub Enterprise audit logs

Pull Request - State: closed - Opened by timoguin over 1 year ago

#157 - GitHub audit logs can optionally include client IP addresses

Issue - State: closed - Opened by timoguin over 1 year ago
Labels: enhancement

#156 - Make transformer able to handle larger files by streaming

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#155 - large file sizes causing OOMKills and timeouts

Issue - State: open - Opened by timcosta over 1 year ago - 4 comments

#154 - docs: add chrismsnz as a contributor for code

Pull Request - State: closed - Opened by allcontributors[bot] over 1 year ago

#153 - Add Teleport Audit logs log source.

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago - 2 comments

#152 - parser: Add additional CloudTrail fields

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#151 - Feature Request: Add options pertaining to snapshot expire schedule as part of config

Issue - State: open - Opened by rams3sh over 1 year ago - 2 comments

#150 - teleport - Managed Log Source

Issue - State: closed - Opened by chrismsnz over 1 year ago - 2 comments

#149 - minor: Emit some more logs

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#148 - feat: improve alerting

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#147 - Feature Request: Support for AWS Health Events

Issue - State: open - Opened by rams3sh over 1 year ago

#146 - Add PANW logs support + S3 Access Roles for BYO buckets

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago

#145 - Add AWS SES alert target

Pull Request - State: closed - Opened by kai-ten over 1 year ago - 1 comment

#144 - fix: detection: dont error in alerting in case no event field

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#143 - Fix Iceberg maintenance

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#142 - Enable Custom alert_context in Alert

Issue - State: open - Opened by shaeqahmed over 1 year ago

#141 - Documentation: Request to add detailed architecture diagram and explanation as part of documentation

Issue - State: open - Opened by rams3sh over 1 year ago

#140 - Feature Request: Request for having a config option to set the log retention (cloudwatch, S3 Objects)

Issue - State: open - Opened by rams3sh over 1 year ago

#139 - Add duplicate tracking for data batcher.

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#138 - Allow a detection to define how many alerts occurred

Issue - State: open - Opened by chrismsnz over 1 year ago

#137 - fix: Don't inline Iceberg schema as CFN property

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#136 - Added matano_alert VRL to convert all ECS field timestamps

Pull Request - State: closed - Opened by chrismsnz over 1 year ago

#135 - 🐛 Fix for allowing custom log source with all custom table configurations

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago
Labels: bug

#134 - Bug when defining a custom log source with all custom table configurations

Issue - State: open - Opened by shaeqahmed over 1 year ago

#133 - osquery - Managed Log Source

Issue - State: open - Opened by shaeqahmed over 1 year ago - 3 comments

#132 - feat: Enable CloudWatch metrics for Athena workgroups

Pull Request - State: closed - Opened by timoguin over 1 year ago

#131 - Enable CloudWatch metrics for Athena workgroups

Issue - State: closed - Opened by timoguin over 1 year ago
Labels: enhancement

#130 - Add GCP Audit Logs managed log source

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#129 - Managed log source for GCP Cloud Audit Logs

Issue - State: closed - Opened by Samrose-Ahmed over 1 year ago

#128 - Managed log source for Cilium Tetragon Container Security events

Issue - State: open - Opened by Samrose-Ahmed over 1 year ago

#127 - Add views for enrichment tables.

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#126 - Can Matano directly pull Crowdstrike Falcon api data?

Issue - State: open - Opened by brentley over 1 year ago - 1 comment

#125 - Add a config option to not explicitly set S3 Block Public Access

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#124 - s3:PutPublicAccessBlock Access Denied

Issue - State: open - Opened by ngocsanguit over 1 year ago - 4 comments

#123 - Add flattened views for enrichment tables

Issue - State: closed - Opened by timoguin over 1 year ago
Labels: enhancement

#122 - Support CDK permissions boundary to limit CFN deployment permissions

Issue - State: open - Opened by Samrose-Ahmed over 1 year ago
Labels: enhancement

#121 - feat: transformer: sideline partially erroring lines

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago - 2 comments

#120 - Managed log sources for CloudWatch Metric Streams

Issue - State: open - Opened by timoguin over 1 year ago
Labels: enhancement

#119 - Add HTTP based log ingestion support

Issue - State: open - Opened by rams3sh over 1 year ago

#118 - AWS Cost and Usage Reports

Issue - State: open - Opened by timoguin over 1 year ago
Labels: enhancement

#117 - 🔔 Implement Alert change streams + add SNS destination for webhooks

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago

#116 - 🔔 Add webhook support to Matano Alerts via SNS

Issue - State: open - Opened by shaeqahmed over 1 year ago

#115 - Managed log source for Sysdig Secure events

Issue - State: open - Opened by timoguin over 1 year ago
Labels: enhancement

#114 - Option to preserve original event or not in a log source

Issue - State: open - Opened by shaeqahmed over 1 year ago

#113 - Add Google Workspace Alerts log source

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#112 - Managed log source for Google Workspace Alerts

Issue - State: closed - Opened by Samrose-Ahmed over 1 year ago

#111 - 🔥 Realtime Data Enrichment - add get_enrichment_table_record fn to VRL log transform pipeline

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago
Labels: enhancement

#110 - S3 access log source fails transformation due to dependency on "name" config field

Issue - State: open - Opened by timoguin over 1 year ago
Labels: bug

#109 - docs: add timoguin as a contributor for code

Pull Request - State: closed - Opened by allcontributors[bot] over 1 year ago

#108 - fix: Bad URL formatting and requests for Snyk API calls

Pull Request - State: closed - Opened by timoguin over 1 year ago - 3 comments

#107 - Snyk API calls using bad URL formatting and GET instead of POST

Issue - State: closed - Opened by timoguin over 1 year ago
Labels: bug

#106 - Google Cloud Storage (GCS) ingestion source

Issue - State: open - Opened by Samrose-Ahmed over 1 year ago - 1 comment

#105 - ☁️ Add Cloudflare Logs Integration

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago
Labels: enhancement

#104 - new nested aws config in matano.config.yml but support existing

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#103 - matano init error: A PolicyStatement used in an identity-based policy must specify at least one resource.

Issue - State: closed - Opened by nickchap over 1 year ago - 1 comment
Labels: bug

#102 - infra: Add lifecyle expiration rules to relevant buckets

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#101 - Add Google Workspace Admin logs managed log source

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago

#100 - Managed log source for Google Workspace Admin events

Issue - State: closed - Opened by Samrose-Ahmed over 1 year ago

#99 - Enrichment in data transformation (w/ VRL)

Issue - State: closed - Opened by shaeqahmed over 1 year ago

#98 - log_puller: Don't create secrets for sources that don't need them.

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago - 1 comment

#97 - Out-of-the-Box Detection Rules in Matano

Issue - State: open - Opened by shaeqahmed over 1 year ago - 4 comments
Labels: enhancement, good first issue, help wanted

#96 - docs: add grue as a contributor for code, and doc

Pull Request - State: closed - Opened by allcontributors[bot] over 1 year ago

#95 - 🔧 support `key_pattern` in addition to key_prefix for ingest.s3_source configuration

Pull Request - State: closed - Opened by shaeqahmed over 1 year ago - 1 comment

#94 - Add managed log source for AWS WAF logs

Pull Request - State: closed - Opened by grue over 1 year ago - 3 comments

#93 - Add managed log source for Azure AD audit logs (MS Graph)

Pull Request - State: closed - Opened by Samrose-Ahmed over 1 year ago - 1 comment

#92 - Managed log source for Azure AD Audit logs

Issue - State: closed - Opened by Samrose-Ahmed over 1 year ago

#91 - Support lookup metadata from file/payload to enrich events for sources such as AWS ELB

Issue - State: open - Opened by shaeqahmed over 1 year ago - 1 comment

#90 - Support `key_pattern` in addition to `key_prefix` as an alterantive for advanced use cases when BYO bucket

Issue - State: closed - Opened by shaeqahmed over 1 year ago

#89 - Managed log source for Cloudflare

Issue - State: closed - Opened by shaeqahmed over 1 year ago
Labels: enhancement

GitHub / matanolabs/matano issues and pull requests