tweaks, add FAQ page v0

Signed-off-by: 🐼 Samrose Ahmed 🐼 <[email protected]>
matanolabs · Feb 5, 2023 · d50090a · d50090a
1 parent fc265c7
commit d50090a
Show file tree

Hide file tree

Showing 13 changed files with 1,486 additions and 4,782 deletions.
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1 @@
+package-lock.json -diff
diff --git a/docs/index.md b/docs/index.md
@@ -23,7 +23,7 @@ title: Introduction
 
 ## What is Matano?
 
-Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and designed specifically for AWS and focuses on enabling high scale, low cost, and zero-ops. Matano deploys fully into your AWS account.
+Matano is an open source security lake platform (SIEM alternative) for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in a data lake, and create Python detections as code for realtime alerting. Matano is fully serverless and focuses on enabling high scale, low cost, and zero-ops, and deploys fully into your AWS account.
 
 ## Key features
 

diff --git a/docs/log-sources/configuration.md b/docs/log-sources/configuration.md
@@ -43,8 +43,8 @@ ingest:
   # Custom: (Multi table log sources only) Used for mapping incoming data to the appropriate table at runtime based on file object metadata
   select_table_from_payload_metadata: |
     if match(.__metadata.s3.key, r'somepath') { "other_table" } else { "main_table" }
-  # Custom: (Multi table log sources only) Used for mapping incoming data to the appropriate table at runtime dynamically based on each event
-  select_table_from_payload_metadata: |
+  # Custom: (Multi table log sources only) Used for mapping incoming data to the appropriate table at runtime dynamically based on the content of the event
+  select_table_from_payload: |
     if ._table_name == "audit" {
       "audits"
     } else {
@@ -124,11 +124,15 @@ The name defined in a table configuration will be combined with the log source n
 
 ### Table selection
 
-When Matano ingests data for a log source with multiple tables, it will route the data to the correct table based on the incoming data's metadata. You provide this logic to Matano using a VRL expression that Matano evaluates on incoming data's metadata at runtime.
+When Matano ingests data for a log source with multiple tables, it will route the data to the correct table based on the incoming data's metadata. Matano supports dynamic selection of the table to route an incoming payload to using a VRL expression that Matano evaluates on either the metadata of the incoming payload or on the actual payload data.
+
+#### Selecting table from payload metadata
+
+You can select the table for a log source with multiple tables based on the incoming payload metadata such as the S3 bucket and key.
 
 To define the table selection VRL expression use the `ingest.select_table_from_payload_metadata` key in your **log_source.yml**.
 
-#### Expression input
+**Expression input**
 
 Your VRL expression is passed a `__metadata` key with the following structure:
 
@@ -144,11 +148,11 @@ Your VRL expression is passed a `__metadata` key with the following structure:
 }
 ```
 
-#### Expression output
+**Expression output**
 
 The expression should return a string containing the table name that the data maps to.
 
-#### Example
+**Example of selecting table from payload metadata**
 
 For example, the `aws_cloudtrail` log source has 3 tables configured. The following VRL expression is defined to select the appropriate table from the uploaded file:
 
@@ -164,3 +168,34 @@ select_table_from_payload_metadata: |
     "default"
   }
 ```
+
+#### Selecting table from payload metadata
+
+You can select the table for a log source with multiple tables based on the content of the event data.
+
+To define the table selection VRL expression use the `ingest.select_table_from_payload_metadata` key in your **log_source.yml**.
+
+**Expression input**
+
+Your VRL expression is passed the event as the direct input, accessible at the `.` field.
+
+**Expression output**
+
+The expression should return a string containing the table name that the data maps to.
+
+**Example of selecting table from payload metadata**
+
+For example, the `microsoft_aad` log source has 2 tables configured. The following VRL expression is defined to select the appropriate table from the uploaded file based on a property inside the event:
+
+```yml
+# log_source.yml
+
+select_table_from_payload: |
+  if ._table_name == "audit" {
+    "audits"
+  } else if _table.name == "signin" {
+    "signin"
+  } else {
+    abort
+  }
+```
diff --git a/docusaurus.config.js b/docusaurus.config.js
@@ -117,9 +117,8 @@ const config = {
       announcementBar: {
         id: "mtn-announcement",
         content: `<div id="mtn-announcement" class="flex items-center justify-center" style="gap: 7px;">
-          <span>⭐️ If you like Matano, give us a star on <a target="_blank" rel="noopener noreferrer" href="https://github.com/matanolabs/matano">GitHub!</a></span>
+          <span><strong>If you like Matano, star us on <a target="_blank" rel="noopener noreferrer" href="https://github.com/matanolabs/matano">GitHub!</a></span></strong>
           <svg height="16px" width="16px" aria-hidden="true" focusable="false" data-prefix="fab" data-icon="github" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path fill="currentColor" d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3 .3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5 .3-6.2 2.3zm44.2-1.7c-2.9 .7-4.9 2.6-4.6 4.9 .3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3 .7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3 .3 2.9 2.3 3.9 1.6 1 3.6 .7 4.3-.7 .7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3 .7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3 .7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"></path></svg>
-          ⭐️
         </div>`,
         backgroundColor: "var(--ifm-color-primary-light)",
         textColor: "#ffffff",
@@ -142,6 +141,17 @@ const config = {
             label: "Docs",
           },
           { to: "/blog", label: "Blog", position: "left" },
+          // {
+          //   type: 'dropdown',
+          //   label: 'Company',
+          //   position: 'left',
+          //   items: [
+          //     {
+          //       label: 'About',
+          //       href: '/about',
+          //     },
+          //   ],
+          // },
           {
             type: "custom-githubButton",
             position: "right",
@@ -171,46 +181,58 @@ const config = {
             ],
           },
           {
-            title: "Product",
+            title: "Resources",
             items: [
               {
-                label: "Open source Elastic alternative",
-                href: "/alternative-to/elastic",
-              },
-              {
-                label: "Open source Panther alternative",
-                href: "/alternative-to/panther",
-              },
-              {
-                label: "Open source SIEM alternative",
-                href: "/alternative-to/siem",
+                label: "FAQs",
+                to: "/faqs",
               },
+              // {
+              //   label: "What is a security data lake?",
+              //   to: "/what-is-a-security-data-lake",
+              // },
             ],
           },
           {
-            title: "Community",
+            title: "Product",
             items: [
               {
-                label: "Discord",
-                href: "https://discord.gg/YSYfHMbfZQ",
+                label: "Elastic alternative",
+                href: "/alternative-to/elastic",
               },
               {
-                label: "Twitter",
-                href: "https://twitter.com/matanolabs",
+                label: "Panther alternative",
+                href: "/alternative-to/panther",
+              },
+              {
+                label: "SIEM alternative",
+                href: "/alternative-to/siem",
               },
             ],
           },
           {
-            title: "More",
+            title: "Company",
             items: [
               {
                 label: "Blog",
                 to: "/blog",
               },
+              // {
+              //   label: "About",
+              //   to: "/about",
+              // },
               {
                 label: "GitHub",
                 href: "https://github.com/matanolabs/matano",
               },
+              {
+                label: "Discord",
+                href: "https://discord.gg/YSYfHMbfZQ",
+              },
+              {
+                label: "Twitter",
+                href: "https://twitter.com/matanolabs",
+              },
             ],
           },
         ],