# Bucket Ingestion Astral supports **bucket-based ingestion** for collecting log and event data stored in object storage services. This capability enables the platform to ingest security-relevant data from buckets used by cloud platforms and applications to store logs, audit records, and operational data, providing visibility into environments where logs are delivered asynchronously rather than streamed in real time. Through bucket ingestion, Astral periodically retrieves log objects from configured storage locations, processing new or updated files as they become available. This model is commonly used for cloud-native services and platforms that export logs to object storage as part of their standard logging architecture. Bucket ingestion allows Astral to monitor these environments without requiring agents or direct event streaming. Once collected, bucket-based data is analyzed, interpreted, and normalized using Astral’s standard ingestion pipeline. Events extracted from stored log files are converted into a unified data model and correlated with telemetry from other sources such as network monitoring, API-based ingestion, and file-based logs. This ensures that delayed or batch-delivered data can still contribute effectively to security detection and investigation. By incorporating bucket ingestion into Astral’s SIEM, organizations can extend monitoring coverage to cloud services and systems that rely on object storage for log delivery. These events are fully integrated into Inopli’s detection, identification, and response workflows, enabling consistent security operations across both real-time and asynchronous data sources. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.inopli.com/astral/data-ingestion/log-sources/bucket-ingestion.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.