Show HN: Open-source serverless security lake powered by Rust + Apache Iceberg

I'm going to regret asking this, but what the hell is a "security lake"? A collection of audit logs?

Great to see more data engineering in the direction of SecOps.<p>We do something similar with VAST at <a href="https:&#x2F;&#x2F;vast.io" rel="nofollow">https:&#x2F;&#x2F;vast.io</a>. We’re still early, but especially live and retro detection of threat intel is what we are focusing on. Essentially operationalizing security content for detection and response, plus acquiring and extracting context of alerts and telemetry.<p>We have an experimental serverless deployment with Lambda and Fargate, but the majority of our users still collocate VAST near network sensors like Zeek and Suricata.<p>We’re running everything on top of Apache Arrow, storage of telemetry is now also Parquet. The idea is to do everything with open standards to minimize vendor lock-in.

Serverless sounds cool for this at first, but what are the ingest&#x2F;compute costs going to look like at a modest 20Tb&#x2F;day? How about 100, or 1Pb?<p>Honestly think at that point you’d be better off and cheaper to go with a commercial security data lake..

It: &quot;powered by Rust + Apache Iceberg&quot;<p>Me: Oh cool, can I run it in my k8s cluster? &lt;clicks link&gt;<p>It: &quot;designed specifically for AWS&quot;<p>Me: disappointed and annoyed by title<p>Looking at that service diagram, &quot;Powered by AWS services&quot; seems more accurate.

Looks neat, but in what way is this serverless?<p>It&#x27;s a pretty complex diagram:<p><a href="https:&#x2F;&#x2F;github.com&#x2F;matanolabs&#x2F;matano&#x2F;blob&#x2F;main&#x2F;website&#x2F;src&#x2F;assets&#x2F;diagram.png" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;matanolabs&#x2F;matano&#x2F;blob&#x2F;main&#x2F;website&#x2F;src&#x2F;a...</a>

Good to see security moving to data engineering. Shameless plug: we are building similar stuff but for configurations here - <a href="https:&#x2F;&#x2F;github.com&#x2F;cloudquery&#x2F;cloudquery" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;cloudquery&#x2F;cloudquery</a><p><a href="https:&#x2F;&#x2F;docs.cloudquery.io&#x2F;blog&#x2F;our-open-source-journey-building-cloudquery" rel="nofollow">https:&#x2F;&#x2F;docs.cloudquery.io&#x2F;blog&#x2F;our-open-source-journey-buil...</a>

This sounds very appealing.<p>Our IDS solution outputs zeek&#x2F;suricata info to s3 as dns.1234.log.gz, http.1234.log.gz, etc.<p>Can these files be handled automatically?

I&#x27;ve spent about two hours trying to deploy Matano, and it basically doesn&#x27;t work as documented, if at all. I got as far as trying to bootstrap my AWS account before giving up. I love the idea of Matano, but this isn&#x27;t even alpha-quality software at the moment.

Security lakes are very 2021, everyone moving to the security lakeHOUSE in 2023 broski!

is this opensource snowflake-for-security-logs ?