SaaS Security Inline scans log data from the Strata Logging Service to provide a comprehensive view of the SaaS applications in use across your organization. While these scans typically occur once a day at 12:00 UTC, the On Demand Scan allows you to manually trigger a refresh at any time. This eliminates the 24-hour wait for the next scheduled cycle, ensuring you have the most recent data to analyze and respond to emerging security events.

The On Demand Scan will initiate a refresh across all applications to fetch delta data—the specific changes and new logs generated since your last successfully completed scan. For example, if a daily scan finishes at midnight 12:00 and an on demand scan is triggered at 10:00 in the following morning, it will only process the 10 hours of new data. To ensure complete data capture, the system automatically applies a 30-minute buffer from the time the scan was initiated. This accounts for potential delays in critical logs being forwarded from the firewall to the Strata Logging Service.

Regular daily scans utilize reserved bandwidth slots to manage data load, while on-demand scans operate outside of these scheduled windows. As a result, the duration of these resource-intensive scans is subject to the total volume of assets and activity being processed. While smaller scans typically complete under 30 minutes, high-traffic environments may require a longer time frame for the full delta to process.