Skip to content

README.md

Latest commit

 

History

History
118 lines (88 loc) · 4.37 KB

README.md

File metadata and controls

118 lines (88 loc) · 4.37 KB

Mantissa Log Documentation

Quick Links

Document Description
Getting Started First-time setup and your first query
Quick Start with Samples Hands-on tutorial with sample data
AWS Deployment Complete AWS deployment guide
Multi-Cloud GCP and Azure deployment
Troubleshooting Common issues and solutions

Documentation Index

Deployment

Guide Description
Prerequisites Required tools and permissions
AWS Deployment Step-by-step AWS deployment
Multi-Cloud GCP BigQuery and Azure Synapse
Multi-Region High availability setup
Pre-Deployment Checklist Verification before deploy
Quick Reference Common commands cheatsheet
CI/CD Automation GitHub Actions setup
Troubleshooting Debugging deployment issues

Configuration

Guide Description
Detection Rules Writing Sigma detection rules
Alert Routing Slack, PagerDuty, Jira, Email, Teams, ServiceNow setup
LLM Providers Claude, GPT-4, Gemini, Bedrock, Vertex AI
Log Sources Collector configuration for 25+ sources
Collector Secrets API keys and credentials management

Operations

Guide Description
Runbook Day-to-day operational procedures
Scaling Performance tuning and scaling

Reference

Document Description
API Reference REST API endpoints
Architecture System design overview
System Integration Component interactions
Module Reference Shared module documentation

Development

Guide Description
Local Setup Development environment
Testing Running and writing tests
Contributing Code contribution guide
CI/CD Pipeline configuration

Key Features

Natural Language Queries

Ask questions in plain English instead of writing SQL:

  • "Show me failed login attempts in the last 24 hours"
  • "Which users created new IAM roles this week?"
  • "List S3 buckets with public access"

647 Detection Rules

Pre-built Sigma rules for AWS, GCP, Azure, Okta, GitHub, Kubernetes, and more. Rules auto-convert to cloud-specific SQL. 49 rules purpose-built for identity threat detection.

Identity Threat Detection & Response

Behavioral baselines, anomaly detection, credential attack detection, and cross-provider correlation across Okta, Azure AD, Google Workspace, Duo, and M365.

Log Source Health Monitoring

Automatic detection of silent log sources, unexpected gaps, and volume anomalies. Per-source thresholds tuned to upstream API characteristics.

Multi-Cloud Support

  • AWS: Lambda + Athena + S3
  • GCP: Cloud Functions + BigQuery + GCS
  • Azure: Functions + Synapse + Blob Storage

Smart Alerting

Route alerts to Slack, PagerDuty, Jira, Email, ServiceNow, or Teams with automatic PII redaction.

Context Enrichment

  • IP Geolocation (MaxMind GeoIP2, IPInfo)
  • Threat Intelligence (VirusTotal, AbuseIPDB)
  • User Context (Google Workspace, Azure AD, Okta)
  • Asset Inventory (AWS, Azure, GCP native)

Cost Estimate

Component Monthly Cost
S3 Storage (1TB/day) ~$700
Athena Queries ~$760
Lambda ~$200
DynamoDB ~$50
LLM API ~$250
Total ~$23,500/year

Compare to traditional SIEM: $150,000-$300,000/year

Support