Direct S3 Integration

While Scanner Collect is our dedicated tool designed to manage the "heavy lift" of pulling logs from external SaaS tools (like Okta or Google Workspace) directly into your S3 buckets, many organizations already have logs flowing into S3 via existing pipelines or native cloud export features.

For log sources that are already residing in your S3 environment or for which a Scanner Collect integration is not yet available, Direct S3 Integration allows you to immediately index that data for search and detection. This guide shows how to load common log data sources into S3, and then configure Scanner to integrate with these logs.

Note that Scanner can integrate with any logs in JSON, CSV, Parquet, or Plaintext format that are stored in an S3 bucket that Scanner is linked to.

If you don't see your log source in this guide, explore using tools like Fluentd or Cribl to fetch logs from your log source and push them to an S3 bucket where Scanner can see them.