Bucket Ingestion

Astral supports bucket-based ingestion for collecting log and event data stored in object storage services. This capability enables the platform to ingest security-relevant data from buckets used by cloud platforms and applications to store logs, audit records, and operational data, providing visibility into environments where logs are delivered asynchronously rather than streamed in real time.

Through bucket ingestion, Astral periodically retrieves log objects from configured storage locations, processing new or updated files as they become available. This model is commonly used for cloud-native services and platforms that export logs to object storage as part of their standard logging architecture. Bucket ingestion allows Astral to monitor these environments without requiring agents or direct event streaming.

Once collected, bucket-based data is analyzed, interpreted, and normalized using Astral’s standard ingestion pipeline. Events extracted from stored log files are converted into a unified data model and correlated with telemetry from other sources such as network monitoring, API-based ingestion, and file-based logs. This ensures that delayed or batch-delivered data can still contribute effectively to security detection and investigation.

By incorporating bucket ingestion into Astral’s SIEM, organizations can extend monitoring coverage to cloud services and systems that rely on object storage for log delivery. These events are fully integrated into Inopli’s detection, identification, and response workflows, enabling consistent security operations across both real-time and asynchronous data sources.