Scanner supports AWS VPC flow logs, which contain data about the IP traffic moving between your network interfaces in AWS. In order for Scanner to see these logs, you can configure VPC to publish these logs to S3.
Step 1: Publish flow logs to S3
You can follow the AWS documentation to configure VPC to write flow logs to an S3 bucket. For the best results, we recommend selecting the Parquet log file format. See: Publish flow logs to Amazon S3.
Step 2: Ingest via Scanner Collect
In Scanner, navigate to the Index Rules tab, click the '+' icon to Create New Index Rule, select From AWS S3 as your data source, and select AWS: VPC Flow as the source type.
