Cyber Security Announcements

Try a Threat Investigation in Scanner: The Playground Environment is Now Live

We’re excited to announce that the Scanner Playground environment is now available for users to explore. The Playground is a hands-on, interactive way to experience Scanner, walking users through a threat investigation scenario involving cloud audit logs—specifically AWS CloudTrail logs. You can sign up now and start exploring at scanner.dev/demo.

The Playground environment is set up to read demo logs from an S3 bucket, allowing users to dive right in without needing to configure their own log sources. It showcases how Scanner can be used to perform effective threat investigations, and it’s an easy way to see the product in action.

Our Playground Guide will walk you through key features, with a scenario-driven approach. Here’s what you’ll get to do in Scanner:

Search and Analysis
  • Use saved queries to quickly start investigating.
  • View column value statistics to understand trends and anomalies.
  • Explore log event details, perform free-text searches, and summarize data with aggregations.
  • Pivot, slice, and dice the data to see the full scope of an attack.
Detection Rules
  • Develop your own queries to create powerful detection rules.
  • Monitor malicious IP addresses and identify new threat actors engaged in data exfiltration.
  • Search and summarize detection events to understand potential threats.
  • Add out-of-the-box detections from a public GitHub repository.
  • Use the scanner-cli tool to develop and test detection rules as code.
Augment Your SIEM and Log Search Tools

The Playground also illustrates common use cases where Scanner augments your existing SIEM and log search tools:

  • Gain more visibility into your security landscape: search historical logs that are out of reach or expensive to search in traditional SIEMs.
  • Reduce costs by moving specific high-volume log sources to Scanner for more efficient analysis.

Additionally, if you use Splunk or Grafana, you can learn how Scanner integrates with these tools:

  • Scanner for Splunk: A custom app that adds new search commands, making it easy to run Scanner searches directly from Splunk.
  • Scanner for Grafana: A custom plugin that allows you to execute Scanner searches within Grafana dashboards, integrating into your existing monitoring workflows. 
Ready to Dive In?

The Scanner Playground is an ideal way for you to learn, test, and see what makes Scanner different. Whether you’re investigating a threat or experimenting with detection rules, our Playground environment is a great place to start. Sign up at scanner.dev/demo and get hands-on with Scanner.

This press release was originally posted here: https://blog.scanner.dev/try-a-threat-investigation-in-scanner-the-playground-environment-is-now-live/