Scanner

Lightning-fast threat hunting through all of your logs.

Supercharge security for your organization. Use a SIEM that rapidly analyzes your logs in cloud storage in-place. Cover all of your log sources, not just a subset.

Hits

0

Total read

0.00 TB

Elapsed

0.000s

Events per second

0.0M

Get a demo, start with a 30 day free trial

No credit card or contract required

Backed by CRV

SOC2 Type ll

A SIEM built for modern data volume

Never discard a log source again

Scanner is a SIEM that is designed from the ground up for cloud scale. It analyzes your logs in S3 cloud storage in-place, and using a novel indexing system, it provides your team with lightning fast search for threat hunting and detections. Ingest terabytes of logs per day at low cost.

Since Scanner is designed for cloud storage and serverless compute, log ingestion is 80-90% less expensive than other tools. You are no longer forced to choose which log sources to drop and which to keep. You can cover them all.

Lightning fast search and visualizations

Scanner uses serverless functions to traverse the index files at high speed, allowing users to explore their logs and generate visualizations rapidly. A needle-in-haystack search across 100 terabytes of logs takes less than 10 seconds; across 1 petabyte of logs, less than 100 seconds.

In other tools, high-volume cloud log sources like AWS CloudTrail tend to be discarded due to high cost and slow search speed. This can cause teams to miss attacks like sensitive data exfiltration from S3 buckets, backdoor creation via malicious access keys, and privilege escalation via IAM role assumption. By using Scanner, you can stop missing threats due to lack of coverage on your log sources.

Powerful threat detections and alerts

For teams getting started with security, Scanner offers out-of-the-box detection rules for common security logs, like AWS CloudTrail, Cloudflare, Okta, and more. Cover the MITRE ATT&CK framework, or build your own detections.

Build detections with full lifecycles: from alerting to investigation to response. Send alerts to Slack or to SOARs via webhooks, and link alerts to Jupyter notebooks for powerful investigations.

Jupyter and Splunk screenshots

Threat hunt with Jupyter notebooks. Search with Splunk.

Use Jupyter notebooks built in to Scanner to perform advanced threat hunting and incident response. Write Python code to analyze your logs, create powerful visualizations alongside your response instructions, and share your notebooks with your team for advanced investigations.

For teams that prefer Splunk, Scanner offers a Splunk app that allows you to search your Scanner indexes from Splunk, with custom security content for common cloud log sources, like AWS CloudTrail.

High speed log search at cloud scale.

A modern architecture designed for speed and ease of use

When you execute a query, Scanner launches serverless Lambda functions massively in parallel to traverse index files. Searching for a needle-in-haystack across 100TB of logs takes less than 10 seconds; across 1PB of logs, less than 100 seconds. Scanner queries can be 10-100x faster than in other tools that also scan logs in S3, like Trino, Amazon Athena, or CloudWatch.

Reduce log costs by up to 80%

Scanner was built from the ground up to leverage the low cost of cloud storage and burstable, serverless compute. This allows Scanner to be up to 80% less expensive than traditional log tools, like Datadog. Move all your logs into object storage in S3, and search them rapidly in Scanner.

Use the API to build your own custom stack

Using Scanner's API on top of your object storage logs, you can build a modern observability and security stack at a fraction of the cost of other tools. For example, you can use Vector or Cribl to write security logs into S3, use Scanner's API to power dashboards in Grafana or Tableau, and send threat detection events to various destinations: Slack, Tines, Torq, and custom webhooks.

Eliminate data engineering work

Scanner analyzes object storage log files stored in JSON, Parquet, CSV, or plaintext format in your S3 buckets. You do not need to perform significant data engineering work to transform your logs to match a strict schema, unlike Amazon Athena, Snowflake, or other SQL-based tools that interact with S3. All fields are indexed automatically. Spend time searching, not data munging.

No vendor lock-in

Scanner maintains all of its index files in your S3 buckets, giving you full control of your log data with no vendor lock-in. You can think of Scanner as a fast search and detections layer on top of your log files in object storage.

A trustworthy partner

Scanner is committed to the security of your log data. Your logs stay in your S3 buckets, and Scanner's compute stays in an isolated AWS account unique to your organization. Scanner has completed SOC 2 Type I and Type II audits.

Search object storage logs directly from Splunk

Scanner for Splunk

Watch an overview of Scanner's custom app for Splunk. It adds a new search command that allows Splunk users to query their object storage logs at high speed without leaving Splunk - using the Scanner API.

Scanner vs. Amazon Athena and Snowflake

Search Speed Demo

See a short demo showcasing Scanner's search speed compared with other object storage querying tools, Amazon Athena and Snowflake, on 250TB of AWS CloudTrail logs.

Why use Scanner?

Product Overview

Learn how Scanner can help reduce costs compared to an expensive log management tool or SIEM, while maintaining fast search and investigation capabilities.