Overview

Scanner provides a playground environment that allows you to explore and experiment with its log search capabilities without needing to connect your own data. This environment contains a demo data set, giving you a realistic context to understand how Scanner can be used for log analysis and security investigations.

To sign up for a playground environment, visit scanner.dev/demo.

This guide will walk you through using Scanner to perform a threat investigation, showcasing key features and helping you get familiar with the tool in an interactive way.

Types of threats we'll investigate

In this guide, we'll walk through a scenario where we analyze AWS cloud audit logs to look for threat activity. Here are some of the tactics the bad actors are using that we will be able to detect in the logs:

  • Privilege escalation

  • Exfiltration

  • Lateral movement

  • Command and control

Things we'll do

We'll use the Scanner Search and Detections features to do this investigation. Here are the specific actions we'll take:

Last updated