We are excited to announce that Dynatrace has acquired SpectX, bringing our innovative solutions to log data challenges in complex hybrid, multicloud environments to the Dynatrace Software Intelligence Platform.
Whether it is user activity, admin events, specific event IDs you’re looking for, SpectX allows you to instantly read, parse and query original .evtx files in their current location. SpectX runs on Windows, Linux as well as OSX, so you don't necessarily need a Windows machine to analyze .evtx files, as long as you have access to the files.
To give our users a quick start at security analysis and threat hunting, we have created four 30-minute free SpectX training modules in partnership with the RangeForce cybersecurity training platform. You can now follow simple step-by-step instructions using pre-prepared virtual infrastructure and sample log datasets to master rapid log analysis with SpectX.
In case you are working directly with raw log files to analyze the Exchange Server 0-day vulnerability, we have prepared these SpectX queries to help you detect if, how, and when your Exchange server was hit.
SpectX log parser and query engine for instant log investigation and query automation is now available for smaller teams and organizations. Starting at 79€/month, the Business license introduces several opt-in features for analyzing raw log files stored in file servers, S3, Azure, Google Storage, Elastic clusters and databases.
What's the most accessed publicly shared document in your Drive? How many documents per user were downloaded during the past month? Where are all those calendar (spam) invites coming from? If your business relies on Gmail, Docs, Drive, Calendar, Meet and other products from Google, the answers to these questions lie in Google Workspace (formerly G Suite) audit logs.
Here’s a guide on quickly accessing and running advanced queries on your Office365 audit logs with your desktop computer and the free edition of SpectX. Whether you need to know more about logins, accessing, editing, deleting files - O365 logs are the data to go to. The query examples we've prepared will give you a broad overview of user activities and zoom into the suspicious. If you're in the incident response phase, you can use the queries to learn the details.
SpectX gets you instant insights into your web resources served by Cloudfront. Download the free desktop edition to your computer to parse and query the S3 bucket storing your log files. Follow the steps below and run the query examples to get a general overview or specific questions answered in minutes. The example queries are also included in the SpectX Github query pack.
Even if you’re not using PowerShell, your adversaries and pen-testers are. Why use custom hax0r tools when every Windows machine comes with a built-in scripting environment? Powershell lets the attacker do pretty much anything while leaving no traces on disks. It’s a mistake not to love PowerShell as an attacker and a mistake not to love PowerShell logs as a defender.
What’s the traffic load? What’s the user activity like? Where do they log on from? How much data is being sent and received? How many different IPs per user, users per IP? Any bad IPs in the mix? Here’s a tutorial on analysing and enriching OpenVPN Access Server logs with SpectX, a free tool that runs locally, skips ingestion and creates quick virtual views and queries directly on top of raw log files or databases.
To help security analysts analyse raw logs and any ad-hoc data in time-critical investigations, SpectX is glad to launch the free edition of its rapid log analyzer. The parser and query engine help investigators quickly parse and query unlimited volumes of raw and compressed log files without ingestion or indexing directly from their storages like on-prem servers, AWS, Azure, Hadoop and/or SQL databases.
Need to audit a specific user connecting to their mailbox? Troubleshoot why users are not able to sync their mobiles via ActiveSync? Investigate errors in time intervals? The answer to these and many other questions lie in the IIS logs of the Microsoft Exchange server.
SpectX reads IIS log files from their current storage, applying a built-in IIS schema to the data at query runtime. The result is a clean table of your server activities you can analyze with SQL-like queries. Try these 20 sample queries for inspiration.
This is a step-by-step guide on parsing IIS logs using SpectX free log parser and query engine. Once the parser matches the raw data, SpectX makes it quick and easy to run queries on raw log files without first importing and duplicating them to another location.
Parsing Windows DNS logs can be a challenge. If your server runs post-2012 software, you are probably good as the output is formatted into Windows event logs. However, if you're up against an earlier version than Microsoft Server 2012 r2, then the output in plaintext log files is challenging to make sense of both for humans (developers) and machines. Here's how to parse Windows 2008 DNS debug logs quickly with SpectX.
Playing around with Git logs can give you fascinating insights into a project. Whether it's analysing your own work or checking how someone else's project is doing, Git logs have it all. Sometimes all you need is a quick general overview, e.g. counting contributions per author. The next minute, you really need to dig into a specific time period (Fridays!), look at a keyword or email domain. Zooming out and digging deep into Git repos is a walk in the park with the right tool - follow our lead.
We’re back after the weekend in Helsinki, and the office is resonating with Disobey-stories ranging from audit daemon to parties featuring Borat-swimsuits. Rumours about this event being great reached us long ago but a sincere bow to the organisers - it truly is one of the content-richest and crowd-vibrant infosec events in the Nordic region.
Here are the release notes for SpectX v. 1.4 released on 7 September 2018. Featuring queries at anything that speak S3 but also at traditional SQL-databases. AD-support has been a frequently asked feature and is now live. Last but not least, in addition to charts, you can now launch map-visualisations based accurate queries on your datasets (pew-pew!).
When talking to infosec experts about their log-related endeavours, Splunk is a household word. We frequently find ourselves patiently and passionately explaining the differences between this well-known giant and SpectX. Here’s a write-up to go more into details than just stressing the limitations of pricing and data import.
The modern concept of security analytics involves more dimensions than ever. Traditional logs from network devices and hosts must be combined with malware analysis, network traffic analysis, endpoint visibility as well as data provided by threat intelligence feeds.
Digging deeper into the typosquatting operation: popular domains
This is the sequel to exploring BlueCoat proxy logs. Having defined their structure I now proceed to analyse actual log content. As my knowledge of the origin of these sample logs is limited, I'll try to extract as much information about the nature of proxy deployment, user behaviour and their geographical location.
I recently came across an article about an introductory open data exercise analytics using Python (scraping web, extracting data with regex and visualization). Fun learning indeed. But then I thought how much much time and how many lines of code it would take to do the same thing with SpectX? Let’s find out.
Finding sample logs in the web is not an easy task. This is quite understandable as log content is nowadays considered sensitive (hint: GDPR).
It's in the original raw log files where the truth lies. Here's how to quickly access and play with your data to make real discoveries.
SpectX Base is an analytics platform first and foremost for security teams. It helps them quickly get into the heart of security incidents by analysing vast amounts of unstructured logs and other raw machine data.
SpectX has raised investment from Karma Ventures for product development and growth. The startup founded by former security engineers at Skype and Swedbank is developing a powerful analytics software solution for rapid processing of unlimited amounts of data. The product will be publicly launched in autumn 2017.
It turns out that extracting useful information from logs is not easy. In fact, the processes of obtaining data and preparing it for analytics is a complicated and costly process. The aim of this whitepaper is to describe these complexities and bring out the core reasons that form the phenomena of inertia in machine generated data.
