Get search results in seconds, even if you're searching for a single IP address across a year of logs in S3. By default, Scanner index files are retained for one year in your own S3 bucket, and they are rapidly searched by Rust-based Lambda functions at query time.
Use CloudFormation, Terraform, or Pulumi to grant access to desired S3 buckets for indexing. Interaction via a VPC endpoint in the same region eliminates data transfer cost, avoiding log shipping over the public internet.
Drawing from the familiarity of popular query languages, Scanner's query language is easy to learn - whether you need simple search or advanced aggregations.
Hundreds of out-of-the-box detection rules for common security logs, like AWS CloudTrail. Send alerts to Slack, PagerDuty, SOAR APIs, and custom webhooks.
Scanner can analyze S3 log files stored in JSON, Parquet, CSV, or plaintext format. All fields are indexed, and there is no need to create or maintain any schemas.
Scanner is 10x cheaper than those tools and can easily retain 1 year of logs (or more) at low cost. Run fast queries on your data to hunt for threats and create detection rules to protect your organization.
Scanner launches serverless Lambda functions to traverse its skip-list index files at high speed, up to 1 TB per second. Searching for a needle-in-haystack over one petabyte of logs takes tens of seconds, not tens of hours.
Managed Scanner maintains your AWS account housing the Scanner instance, while Self-Hosted Scanner creates, sets up, and transfers the AWS account to your team. A deployer IAM role is retained to keep Scanner updated.
We have not yet collected reviews for Scanner.dev. Share your experience with PeerSpot's community.
Provide a review