--- title: Scanner Reviews meta_title: 'Scanner Reviews 2026: Details, Pricing, & Features | G2' meta_description: Filter reviews by the users' company size, role or industry to find out how Scanner works for a business like yours. aggregate_rating: rating_value: 4.6 review_count: 7 scale: '5' date_modified: '2026-06-17' parent_category: name: System Security url: https://www.g2.com/categories/system-security --- # Scanner Reviews **Vendor:** Scanner **Category:** [Security Information and Event Management (SIEM) Software](https://www.g2.com/categories/security-information-and-event-management-siem) **Average Rating:** 4.6/5.0 **Total Reviews:** 7 ## About Scanner Scanner is a radically different way to detect threats in security data. Most security teams run a SIEM at the center of their stack. But SIEMs price on ingestion volume and cap retention at around 30 days, which forces a painful tradeoff: teams end up diverting 95% of their log data to object storage like S3 just to keep costs manageable. The result is a SIEM that covers a thin slice of your environment and a data lake full of logs no one can practically search or run detections against. Scanner works differently at every layer. Storage: We index semi-structured and unstructured log data directly in your S3 buckets. No ingestion pipelines, no re-ingestion, no schema work. Your data stays where it is. Detection: Logs stream into a numerically efficient cache where detections run continuously. There's no batch job, no scheduled query scanning your entire dataset. Detections operate on the stream itself. Investigation: When an analyst or agent runs a query, Scanner spins up short-lived compute that exists only for the duration of that query and then disappears. The indexes narrow the search space by orders of magnitude before any data is read, so even petabyte-scale queries resolve in seconds. Query compute is active less than 1% of the day. The rest of the time, it doesn't exist. The result is a system where petabytes of security data are searchable in seconds, detections run continuously, and costs scale with actual usage rather than data volume. Today, AI agents are Scanner's most prolific users, investigating alerts and hunting threats around the clock. Teams at Notion, Ramp, and Benchling use Scanner as their core security data layer. ## Scanner Pros & Cons **What users like:** - Users find Scanner's **ease of use** impressive, enabling fast log queries and seamless data management. (7 reviews) - Users value the **exceptional search efficiency** of Scanner, experiencing quick queries that transform their investigative processes. (6 reviews) - Users appreciate the **fast log querying** of Scanner, enabling quicker investigations and efficient data handling. (5 reviews) - Users appreciate the **exceptional customer support** of Scanner.dev, highlighting their responsiveness and genuine assistance during queries. (4 reviews) - Users praise the **impressive detection efficiency** of Scanner, allowing swift searches through vast datasets seamlessly. (4 reviews) - Response Time (4 reviews) - Features (3 reviews) - Alert Notifications (2 reviews) - Insights (2 reviews) - Monitoring Efficiency (2 reviews) **What users dislike:** - Users face challenges with **logging issues** , including lack of documentation and unreliable source monitoring affecting performance. (3 reviews) - Users find the **complex querying** of Scanner limiting, lacking sufficient documentation and advanced functionalities for seamless integration. (2 reviews) - Users find the **documentation inadequate** , struggling with data ingestion and log source monitoring due to lack of support. (2 reviews) - Users note the **immaturity** of Scanner, indicating it lacks certain features found in more established products. (2 reviews) - Users note the **lack of features** in Scanner, as it is still in early development stages compared to competitors. (2 reviews) - Limited Features (2 reviews) - Log Management (2 reviews) - Poor Documentation (2 reviews) - Alert Management (1 reviews) - Compatibility Issues (1 reviews) ## Scanner Reviews ### 1. Scanner.dev Delivers Lightning-Fast Log Searches and Exceptional Support **Rating:** 5.0/5.0 stars **Reviewed by:** Richard H. | CTO, Small-Business (50 or fewer emp.) **Reviewed Date:** February 27, 2026 **What do you like best about Scanner?** Before Scanner.dev, querying recent logs could take an hour or more. Historical searches were even worse, often taking days or never fully completing. Since implementing Scanner.dev, queries respond in seconds, even across the vast PB of data. This has honestly unlocked efficiencies in so many ways. It lets us iterate faster on investigations and spend less time trying to get the queries exactly right, and more time doing natural exploration during incidents when you’re focused on figuring things out. The customizable log search and detection engine is wonderful, and it feels well aligned with staying focused on what matters most. The team behind Scanner.dev is exceptional too. They’re responsive, technical, genuine, and patient, and they take feedback seriously. That’s exactly what you want in a new and upcoming product you believe will go the distance. **What do you dislike about Scanner?** The only real downside is that Scanner.dev is a newer product, so it may not be as full-featured as some of the competition yet. For our use cases, though, it has addressed our biggest pain points, and the team is consistently open to feedback and genuinely interested in understanding where to take the product to better serve the industry. I’m truly impressed by their willingness to push for change and make things happen. **What problems is Scanner solving and how is that benefiting you?** They are solving ability to actually understand our logs more effectively during investigations or when we are trying to explore and understand certain analytics that we had not yet instrumented but we know the information is in our data lake of logs. It's truly impressive how much data can be ingested AND queried in seconds rather than hours/days like many other engines. ### 2. Seamless Integration and Fast Results **Rating:** 4.0/5.0 stars **Reviewed by:** Gilberto E. | Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** February 19, 2026 **What do you like best about Scanner?** The flexibility in log ingestion. When dealing with a SIEM or any search tool, the easiness and ability to get data ingested is top priority. I like how Scanner allows ingestion straight from AWS S3 buckets, which just adds to the flexibility of getting data in, quick, easy and start querying. Secondly, the speed of querying is surprising. I have only seen this speed in a couple of other products, but within Scanner it's a huge plus aside from the ease of log ingestion. Getting the data in, and then quickly querying data is what makes Scanner great for teams. **What do you dislike about Scanner?** Currently the only downside I see within Scanner, is the early stage that it is in. While I do see it as a disruptor in the space, it is still changing and being updated that can make it difficult for a team that just wants a drop in replacement of a tool. Last thing I would mention is the lack of more complex query language. While I know that this is being improved on and changing, currently it can be seen as a downside if teams are looking for a direct replacement. **What problems is Scanner solving and how is that benefiting you?** It was a drop in replacement of our previous search tool. Not only that but the integration was seamless, and allows for our team to quickly get in and search during need. While we had a pretty large timeframe to get it integrated, we were amazed at how fast we integrated it, got data onboarded and it was ready to go. Having a centralized place with all of our logs finally, makes it useful and supports our maturity as a security organization. ### 3. Fast, Powerful Log Search in Your Own S3—Plus Detection Rules as Code **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Small-Business (50 or fewer emp.) **Reviewed Date:** February 19, 2026 **What do you like best about Scanner?** Scanner is one of those products that makes you wonder why everyone else made this so complicated. Logs stay in your S3 buckets, Scanner indexes them and makes them searchable. No shipping data to a vendor's environment, no surprise ingestion bills, no waiting forever for a query to come back. The search speed is genuinely impressive and the full text search across schema-less data is a huge deal because in the real world your logs are messy and you don't always know what field you're looking for. Detection rules as code through GitHub is exactly how detection engineering should work in 2026 and that workflow alone puts it ahead of platforms where you're clicking through a UI to build rules one at a time. **What do you dislike about Scanner?** The biggest gap right now is that Scanner only supports AWS for its underlying infrastructure. If your organization runs on Google Cloud or Azure you're out of luck for the time being. They've indicated multi-cloud support is on the roadmap but as of today it's an AWS-only play. That's not a dealbreaker if you're already in AWS but it does limit who can realistically adopt it. **What problems is Scanner solving and how is that benefiting you?** Scanner solves the two biggest problems in security log management: cost and speed. Traditional SIEMs make you choose between retaining the logs you need and staying within budget, so teams end up cutting log sources or shortening retention windows just to keep costs manageable. That creates blind spots. Scanner eliminates that tradeoff because your logs just sit in S3 at S3 prices and you can keep everything for as long as you need to. On the speed side, being able to search across months of data in seconds completely changes how you approach investigations and threat hunting. You're not scoping your queries down to tiny time windows just to get results back in a reasonable amount of time anymore. You actually get to do the work. ### 4. Lightning-Fast Data Indexing with Seamless AI Integration **Rating:** 5.0/5.0 stars **Reviewed by:** Nick O. **Reviewed Date:** February 19, 2026 **What do you like best about Scanner?** I really like the massive scale and efficiency of Scanner as it can ingest and index tens of terabytes of data rapidly. The cost-to-performance ratio is a significant advantage. Another great aspect is the simplified ingestion; creating a pipeline is effortless by just dropping raw data into an AWS S3 bucket. It's designed for security engineers, not just developers. I also appreciate the true data sovereignty because both the company data and its indices reside in our AWS S3 storage, ensuring full control which is highly attractive for companies with strict compliance and regulatory requirements. Additionally, the seamless AI integration, being fully compatible with Claude-Code and the Claude SDK, is fantastic. Setting it up and getting onboarded was very easy, taking just one day. **What do you dislike about Scanner?** There are limitations in the event triggers for alerting. When an event is triggered, I'd like to selectively filter only the data I need from the associated indices, then send an alerting message (e.g., to Slack) or transmit it to another third party via webhook. Currently, it's impossible to select only the necessary data from multiple indices. This adds a few extra tasks for me because I have to receive the entire original alerting message and process it once. **What problems is Scanner solving and how is that benefiting you?** Scanner indexes terabyte-sized log data within 1-5 seconds, solving my issues with slow data analysis. It ingests data rapidly, simplifies pipeline creation, ensures data sovereignty, and seamlessly integrates with AI tools, making it excellent for compliance-focused companies. ### 5. Fast Querying with Responsive Support **Rating:** 4.5/5.0 stars **Reviewed by:** Itamar T. | IT Security Engineer, Mid-Market (51-1000 emp.) **Reviewed Date:** February 17, 2026 **What do you like best about Scanner?** I find the querying incredibly fast, which allows me to skim through whole terabytes of data in just a few seconds. This speed is especially noticeable when writing detections on massive datasets, as the latency is relatively low. Additionally, during active investigations using manual queries, the results are lightning fast, especially with some expertise. I also appreciate how responsive their team is to our feature requests. We are design partners with them, and they release agreed-upon features relatively quickly. **What do you dislike about Scanner?** The querying language is not sufficiently documented. The documentation shows the basic syntax of the queries, but more contextual examples like common practices of how specific functions are used could be great. Additionally, not having the ability to create a multiple source detection (ex. a single detection querying EDR and MDM logs and crossing them is impossible). There is no native way to create reliable log source monitoring, so once your log source shuts down, it is up to the user to notice it. **What problems is Scanner solving and how is that benefiting you?** I use Scanner for fast log querying and storage for security investigations, offering low latency during data analysis. It's a good SIEM replacement, and their team is responsive to feature requests. ### 6. Flexible and Cost-Effective Log Management Solution **Rating:** 3.5/5.0 stars **Reviewed by:** Trisha O. **Reviewed Date:** February 12, 2026 **What do you like best about Scanner?** I love the flexibility of Scanner, especially how I can ingest different types of log data into it and then search efficiently. The indexing and categorization of data make it easy to manage, and the way it reads and formats data is really good. Once I see it in their console, everything is well formatted and nicely displayed in a table-like way, with columns and values, making it easier for me to look at the results. I also appreciate that I can query data at a reasonable price, and it uses our own S3 buckets, which keeps costs lower compared to storing data on other platforms. **What do you dislike about Scanner?** I guess sometimes I struggle with pulling data that was not ingested for some time. Having more flexibility when data is missed and how I can re-ingest that would be good. There's more documentation or a better way for me to re-ingest when data didn't get ingested. I had some missed logs because of a new environment change and didn't get a notification about it. I'm trying to work on how to re-ingest those. I also think having better documentation would help. We had to manually adjust some configurations that should have been automated during setup. Having a diagram or architecture of how Scanner works and how to set it up in our environment would help us picture how it will work and make adjustments accordingly. **What problems is Scanner solving and how is that benefiting you?** I use Scanner to easily query logs that aren't in our SIEM tool, access log data from S3 buckets effortlessly, and analyze events with an easy query language, making it flexible and cost-effective. ### 7. Efficient SIEM with Rapid Log Integration **Rating:** 5.0/5.0 stars **Reviewed by:** Guy G. **Reviewed Date:** February 17, 2026 **What do you like best about Scanner?** I appreciate that I can add new log sources to Scanner in a matter of minutes, and its efficient indexing makes queries really fast. I like that I can write and manage my detections in Scanner as code, which helps with version control, along with the overall ease of work. I find the initial setup to be quite easy, and the Scanner team is very responsive. **What do you dislike about Scanner?** There's a bit of a learning curve for new members, and they might take time to learn how to use Scanner. Also, there isn't any log source monitoring. **What problems is Scanner solving and how is that benefiting you?** I can quickly add new log sources, store logs long-term, and benefit from Scanner's efficient indexing for fast queries. - [View Scanner pricing details and edition comparison](https://www.g2.com/products/scanner/reviews?section=pricing&secure%5Bexpires_at%5D=2026-06-22+06%3A10%3A14+-0500&secure%5Bsession_id%5D=b37d531b-3807-49a2-8d3d-1b7deadfc65e&secure%5Btoken%5D=266295a3fbf25b70dbcaa04ea55f7d549b6c29002fb1a0efe35f6db4110ef3c7&format=llm_user) ## Scanner Integrations - [Amazon Virtual Private Cloud (Amazon VPC)](https://www.g2.com/products/amazon-virtual-private-cloud-amazon-vpc/reviews) - [Claude Code](https://www.g2.com/products/anthropic-claude-code/reviews) - [Sublime Email Security Platform](https://www.g2.com/products/sublime-email-security-platform/reviews) ## Scanner Features **Activity Monitoring** - Usage Monitoring - Database Monitoring - API Monitoring - Activity Monitoring **Cloud Visibility** - Data Discovery - Cloud Registry - Cloud Gap Analytics **Network Management** - Activity Monitoring - Asset Management - Log Management **Security** - Compliance Monitoring - Risk Analysis - Reporting **Security** - Data Security - Data loss Prevention - Security Auditing **Incident Management** - Event Management - Automated Response - Incident Reporting **Administration** - Security Automation - Security Integration - Multicloud Visibility **Identity** - SSO - Governance - User Analytics **Security Intelligence** - Threat Intelligence - Vulnerability Assessment - Advanced Analytics - Data Examination **Agentic AI - Security Information and Event Management (SIEM)** - Autonomous Task Execution - Multi-step Planning - Proactive Assistance - Decision Making **Agentic AI - Cloud Security Monitoring and Analytics** - Autonomous Task Execution - Proactive Assistance - Decision Making ## Top Scanner Alternatives - [Sumo Logic](https://www.g2.com/products/sumo-logic/reviews) - 4.3/5.0 (390 reviews) - [CrowdStrike Falcon Endpoint Protection Platform](https://www.g2.com/products/crowdstrike-falcon-endpoint-protection-platform/reviews) - 4.6/5.0 (411 reviews) - [Splunk Enterprise](https://www.g2.com/products/splunk-enterprise/reviews) - 4.3/5.0 (414 reviews)