Scanner Reviews & Product Details

The flexibility in log ingestion. When dealing with a SIEM or any search tool, the easiness and ability to get data ingested is top priority. I like how Scanner allows ingestion straight from AWS S3 buckets, which just adds to the flexibility of getting data in, quick, easy and start querying.

Secondly, the speed of querying is surprising. I have only seen this speed in a couple of other products, but within Scanner it's a huge plus aside from the ease of log ingestion. Getting the data in, and then quickly querying data is what makes Scanner great for teams. Review collected by and hosted on G2.com.

Currently the only downside I see within Scanner, is the early stage that it is in. While I do see it as a disruptor in the space, it is still changing and being updated that can make it difficult for a team that just wants a drop in replacement of a tool.

Last thing I would mention is the lack of more complex query language. While I know that this is being improved on and changing, currently it can be seen as a downside if teams are looking for a direct replacement. Review collected by and hosted on G2.com.

Scanner is one of those products that makes you wonder why everyone else made this so complicated. Logs stay in your S3 buckets, Scanner indexes them and makes them searchable. No shipping data to a vendor's environment, no surprise ingestion bills, no waiting forever for a query to come back. The search speed is genuinely impressive and the full text search across schema-less data is a huge deal because in the real world your logs are messy and you don't always know what field you're looking for. Detection rules as code through GitHub is exactly how detection engineering should work in 2026 and that workflow alone puts it ahead of platforms where you're clicking through a UI to build rules one at a time. Review collected by and hosted on G2.com.

The biggest gap right now is that Scanner only supports AWS for its underlying infrastructure. If your organization runs on Google Cloud or Azure you're out of luck for the time being. They've indicated multi-cloud support is on the roadmap but as of today it's an AWS-only play. That's not a dealbreaker if you're already in AWS but it does limit who can realistically adopt it. Review collected by and hosted on G2.com.

I really like the massive scale and efficiency of Scanner as it can ingest and index tens of terabytes of data rapidly. The cost-to-performance ratio is a significant advantage. Another great aspect is the simplified ingestion; creating a pipeline is effortless by just dropping raw data into an AWS S3 bucket. It's designed for security engineers, not just developers. I also appreciate the true data sovereignty because both the company data and its indices reside in our AWS S3 storage, ensuring full control which is highly attractive for companies with strict compliance and regulatory requirements. Additionally, the seamless AI integration, being fully compatible with Claude-Code and the Claude SDK, is fantastic. Setting it up and getting onboarded was very easy, taking just one day. Review collected by and hosted on G2.com.

There are limitations in the event triggers for alerting. When an event is triggered, I'd like to selectively filter only the data I need from the associated indices, then send an alerting message (e.g., to Slack) or transmit it to another third party via webhook. Currently, it's impossible to select only the necessary data from multiple indices. This adds a few extra tasks for me because I have to receive the entire original alerting message and process it once. Review collected by and hosted on G2.com.

I find the querying incredibly fast, which allows me to skim through whole terabytes of data in just a few seconds. This speed is especially noticeable when writing detections on massive datasets, as the latency is relatively low. Additionally, during active investigations using manual queries, the results are lightning fast, especially with some expertise. I also appreciate how responsive their team is to our feature requests. We are design partners with them, and they release agreed-upon features relatively quickly. Review collected by and hosted on G2.com.

The querying language is not sufficiently documented. The documentation shows the basic syntax of the queries, but more contextual examples like common practices of how specific functions are used could be great. Additionally, not having the ability to create a multiple source detection (ex. a single detection querying EDR and MDM logs and crossing them is impossible). There is no native way to create reliable log source monitoring, so once your log source shuts down, it is up to the user to notice it. Review collected by and hosted on G2.com.

I love the flexibility of Scanner, especially how I can ingest different types of log data into it and then search efficiently. The indexing and categorization of data make it easy to manage, and the way it reads and formats data is really good. Once I see it in their console, everything is well formatted and nicely displayed in a table-like way, with columns and values, making it easier for me to look at the results. I also appreciate that I can query data at a reasonable price, and it uses our own S3 buckets, which keeps costs lower compared to storing data on other platforms. Review collected by and hosted on G2.com.

I guess sometimes I struggle with pulling data that was not ingested for some time. Having more flexibility when data is missed and how I can re-ingest that would be good. There's more documentation or a better way for me to re-ingest when data didn't get ingested. I had some missed logs because of a new environment change and didn't get a notification about it. I'm trying to work on how to re-ingest those. I also think having better documentation would help. We had to manually adjust some configurations that should have been automated during setup. Having a diagram or architecture of how Scanner works and how to set it up in our environment would help us picture how it will work and make adjustments accordingly. Review collected by and hosted on G2.com.

I appreciate that I can add new log sources to Scanner in a matter of minutes, and its efficient indexing makes queries really fast. I like that I can write and manage my detections in Scanner as code, which helps with version control, along with the overall ease of work. I find the initial setup to be quite easy, and the Scanner team is very responsive. Review collected by and hosted on G2.com.

There's a bit of a learning curve for new members, and they might take time to learn how to use Scanner. Also, there isn't any log source monitoring. Review collected by and hosted on G2.com.