Scanner at Blue Team Con: Tackling Detection Chaos with Collect, MCP, and AI

We’re heading to Blue Team Con for the first time, and we are looking forward to connecting with people who deal with search and detection daily - the CISOs and Security Leaders. There are plenty of ways to meet up with us: book a one-on-one, at networking events, or catch Cliff’s session on Saturday.

Let’s Connect at Blue Team Con

Tired of wrestling with log ingestion and slow searches? We’re giving Blue Team Con attendees a first look at Scanner Collect and an early preview of MCP (more on that below!). Sit down with our team to see how we’re cutting through detection chaos and creating faster searches, simpler ingestion, and real-time detections.

Book a Meeting

‍

Check out Cliff’s Session on AI as the SOC Sidekick

Even better, Cliff will be speaking on Saturday at 5:00 PM. His session, AI as the SOC Sidekick: Streamlining Security Without Stepping Over Humans, will explore how AI can support security operations without replacing the human expertise that matters most.

See how it connects directly to what we’ve been building with Scanner MCP, natural language investigations, deep-dive workflows, and the ability to scale analysis across years of log data. If you’re interested in how AI can truly act as a sidekick in the SOC, this is a session you won’t want to miss.

Why We Are Excited For Blue Team Con

Over the past year, we’ve had dozens of conversations with security leaders, and we keep hearing the same thing:

• • Ingesting logs into a data lake is a never-ending project.
  • Searching that data lake is often painfully slow and difficult..
  • Inability to maintain more than a few weeks of logs leads to increased risk exposure.

That’s why we’ve built a data lake search indexing engine designed specifically for raw, messy logs, whether you’re working with tens of terabytes or petabytes of data. Look up anything -  IPs, file hashes, command-line flags, or the weird string that just feels suspicious  and get results in seconds.

In addition to our core product, we are excited to be demonstrating some fresh new capabilities with Scanner Collect and a preview of our MCP Server!

Scanner Collect

Out of the box, here’s what Scanner Collect delivers:

• • Ingest once, use instantly: Pull logs from dozens of sources into S3 with zero maintenance.
  • Search at scale: Query years of structured or unstructured logs in seconds.
  • Alert with confidence: Build explainable, code-driven rules with full transparency.
  • Detect in real time: Start running powerful detections minutes after ingestion.
  • Keep everything: Retain raw or enriched logs without worrying about cost.

Scanner MCP – Coming Soon!

We’re also working on Scanner MCP, which opens up new ways to work with your data:

• • Ask questions in natural language, with agents handling the query language.
  • Do deep-dive investigations faster than ever.
  • Because Scanner’s search is so fast, you can analyze far more log sources and reach back across years of history.
  • Unlock agentic workflows in Claude Desktop, Claude Code, Cursor, and any other clients that support MCP.

‍

If you want to learn more about Scanner Collect or MCP, book a meeting with us during Blue Team Con. We’d love to show you what we’re building and hear your reactions firsthand.

Let's Connect