Fast search and threat detections for your security logs in AWS S3. Analyze your data at speeds up to 1TB per second. 10x cheaper than SIEMs like Splunk and Datadog. 100x faster than Amazon Athena.
Total read
0.00 TB
Events per second
Get a demo and start a 30-day free trial
No credit card or contract required
Backed by CRV
CRV logo
SOC2 Type ll
SOC2 logo
Built for Security Workflows
Find the needle in a petabyte haystack
Get search results in seconds, even if you're searching for a single IP address across a year of logs in S3. By default, Scanner index files are retained for one year in your own S3 bucket, and they are rapidly searched by Rust-based Lambda functions at query time.
Easy onboarding, zero-cost data transfer
Upon sign-up, we launch a Scanner instance in your AWS region. Use CloudFormation, Terraform, or Pulumi to grant access to desired S3 buckets for indexing. Interaction via a VPC endpoint in the same region eliminates data transfer cost, avoiding log shipping over the public internet.
A robust query language engineered for both simplicity and power
Drawing from the familiarity of popular query languages, Scanner's query language is easy to learn - whether you need simple search or advanced aggregations.
Detection rules and alerts
Hundreds of out-of-the-box detection rules for common security logs, like AWS CloudTrail. Send alerts to Slack, PagerDuty, SOAR APIs, and custom webhooks.
Learn more about Scanner's features
Designed for Security Engineers
Find threats hiding in historical logs
Most log tools are so expensive that teams can only retain a few weeks of logs, which means losing visibility into historical data. Scanner is 10x cheaper than those tools and can easily retain 1 year of logs (or more) at low cost. Run fast queries on your data to hunt for threats and create detection rules to protect your organization.
Fast search for petabyte-scale log data sets in S3
When you execute a query, Scanner launches serverless Lambda functions to traverse its skip-list index files at high speed, up to 1 TB per second. Searching for a needle-in-haystack over one petabyte of logs takes tens of seconds, not tens of hours.
Analyze logs in any format - no schema required
Scanner can analyze S3 log files stored in JSON, Parquet, CSV, or plaintext format. All fields are indexed, and there is no need to create or maintain any schemas.
Select managed or self-hosted options
Managed Scanner maintains your AWS account housing the Scanner instance, while Self-Hosted Scanner creates, sets up, and transfers the AWS account to your team. A deployer IAM role is retained to keep Scanner updated.
Work with a trustworthy partner
Scanner maintains all of its data in S3 buckets in your AWS account, allowing you to control all of your log data with no vendor lock-in. Scanner has completed SOC 2 Type I and Type II audits.
See how Scanner can help your security teams
Scanner vs. Amazon Athena
Search Speed Demo
See a short demo showcasing how much faster Scanner is than Amazon Athena for performing security investigation in CloudTrail logs.