Expanding Security Coverage: New Out-of-the-Box Detection Rules for 12 Log Sources
Scanner.dev
Scanner makes data lakes fast and easy to use. Schemaless log search indexing, all in the user’s S3 buckets.
We're excited to announce a major expansion of Scanner's detection capabilities with ready-to-use rules across 12 critical log sources. This release brings our total to 214 detection rules, covering 11 MITRE ATT&CK tactics and 45 techniques, providing extensive security monitoring across your technology stack.
Detection?Coverage?Across?Your?Cloud?Infrastructure
Our?new?detection?rules?span?four?key?areas:
Cloud?Platforms
Monitor your cloud infrastructure with specialized rules for AWS CloudTrail, Google Cloud Platform, and Microsoft Azure. These rules help you detect suspicious activities, unauthorized access, and potential security violations across your cloud environments.
AWS?CloudTrail?-?Detection?rules?for?AWS?audit?logs?and?CloudTrail?events
Google?Cloud?Platform?(GCP)?-?Detection?rules?for?GCP?audit?and?security?logs
Microsoft?Azure?-?Detection?rules?for?Azure?activity?and?security?logs
Identity?and?Access?Management
Strengthen?your?identity?security?with?dedicated?rules?for?Okta,?Auth0,?and?Cisco?Duo.?Track?authentication?patterns,?administrative?changes,?and?potential?account?compromises?across?your?identity?providers.
Okta?-?Detection?rules?for?Okta?authentication?and?administration?events
Auth0?-?Detection?rules?for?Auth0?authentication?logs
Cisco?Duo?-?Detection?rules?for?Duo?Security?authentication?events
Collaboration?and?Productivity
Protect your workforce tools with rules for GitHub, Microsoft 365, Slack, and Google Workspace. Monitor sensitive actions, data access, and potential insider threats across your collaboration platforms.
GitHub?-?Detection?rules?for?GitHub?organization?and?repository?events
Microsoft?365?-?Detection?rules?for?Microsoft?365?audit?logs
Slack?-?Detection?rules?for?Slack?workspace?events
Google?Workspace?(formerly?GSuite)?-?Detection?rules?for?Google?Workspace?admin?and?security?logs
Data?and?Infrastructure
Secure your critical data and systems with specialized rules for Snowflake and Windows process creation events. Track database access, system changes, and potentially malicious processes.
Snowflake?-?Detection?rules?for?Snowflake?database?access?and?usage
Windows?Process?Creation?Events?-?Detection?rules?for?Windows?process?creation?events
Flexible?and?Customizable
Every?environment?is?unique,?which?is?why?we've?designed?these?rules?to?be?adaptable:
Getting?Started
All detection rules are available in their respective repositories under the Scanner organization. Simply connect your log sources to Scanner and enable the relevant rules to begin strengthening your security posture.
Start exploring our detection rules today to enhance your security monitoring capabilities. For detailed documentation and implementation guides, visit our documentation on Scanner's Out-of-the-Box Detection Rules.
Join?the?Webinar?on?1/30
Come join us for our webinar on January 30th where we'll talk about setting up detections-as-code with CI/CD in Scanner. We'll demonstrate how to automate your detection engineering workflow and maintain detection rules at scale.