Scanner lets you turn your logs in S3 into an API, giving you the ability to execute ad hoc queries, create cached queries for time series, and create detection rules.


Teams using the Free plan are co-located in a multi-tenant environment. The API URL for these users is:


Teams using a paid plan get their own single-tenant environment, and they will receive an API URL that is unique to their organization and region. For example, if your organization's identifier is yavin-inc, and your single-tenant Scanner instance is running in us-east-1, your API URL would be this:



Scanner uses API keys for authentication. These are secret, so be sure not to share them publicly. Scanner will look for the API key in Authorization header after a Bearer prefix.

Authorization: Bearer <Scanner API Key>

For example, if here is how you would use curl to get a list of all of your detection rules, if your team was running in a single-tenant Scanner instance in us-east-1, and your company identifier was yavin-inc:

curl https://api.yavin-inc-us-east-1.scanner.dev/v1/detection_rules \
-H "Authorization: Bearer $SCANNER_API_KEY"

Last updated