Step 2: Connect Your First Data Source using Scanner Collect
Option A: Scanner Collect (Recommended for New Data)
Pre-built integrations for popular sources like GitHub, Crowdstrike, Okta, and more.
Navigate to the Collect tab
Click 'Add new Source'
Select a data source from available integrations
Configure source settings (API credentials, transformations, etc.)
Select the destination S3 bucket in your account for raw logs
Enable indexing so Scanner processes logs for search and detection
See Scanner Collect for detailed integration guides.
Option B: Direct S3 Import (For Existing Logs)
Configure Scanner to index logs already stored in your S3 buckets.
Navigate to the Collect tab
Navigate to the S3-> Scanner Import Rules Tab
Click Create New Rule
Configure:
Destination Index: Choose main or create a new index (e.g., cloudtrail)
Import Source: Select your linked AWS account and S3 bucket
S3 Key Prefix: (Optional) Specify folder path if logs are in a subfolder
File Format: JSON, JSON Lines, CSV, or Parquet
Compression: None, GZIP, etc.
Timestamp Field: Field name containing event timestamp (e.g., eventTime for CloudTrail)
Click Preview Rule to verify Scanner can parse your files
Save the rule
Scanner will automatically begin indexing new files as they arrive.
Last updated
Was this helpful?