Getting Started

How to get started, and what you will need

Scanner indexes logs that are stored in S3, allowing you to detect and investigate security threats quickly and debug your application logs.

You will need an AWS account to get started.

Store your own logs in one or more S3 buckets and give Scanner access to index them. These logs must be in JSON, Parquet, CSV, or Plaintext format.

Here are some examples of log sources that are common for Scanner users:

  • AWS CloudTrail

  • AWS CloudWatch

  • AWS VPC Flow

  • Cloudflare HTTP

  • Cloudflare DNS

  • Github Audit

  • Okta

  • Windows Security Event

Concierge onboarding

We provide a concierge onboarding service for new users. We will meet with you to create the necessary resources in your AWS account, make sure everything is running smoothly, and give you a tour of the product.

This meeting usually takes 30 minutes, with an optional additional 30 minutes for questions and product feedback.

As you try out Scanner, here are some of the people in your organization that you might want to loop in.

CISO / VP Engineering / Engineering Manager

Ensures that Scanner is meeting the business use cases of the security team at the desired cost.

Security Engineer

Decides between Scanner POC options:

  • Option 1: Quickstart with CloudTrail logs

  • Option 2: Bring your own logs

Uses Scanner to create detection rules and execute queries. Evaluates the product.

Works with your organization's infra/devops engineering team to give Scanner read-access to your logs in S3.

Infrastructure / Devops Engineer

Helps execute Scanner's CloudFormation, Terraform, or Pulumi template to give your Scanner instance read-access to logs in S3.

If the team chooses to bring their own logs, this person helps ship the desired logs to S3 if they are not there already.

Reach out to us to get started

If you would like to try out Scanner, visit to get a demo and meet with an engineer.

Last updated