Articles | Investigating Logs With the SpectX Log Analyzer

• Six Quick SpectX Queries

  Directly reading and analyzing raw log files from various sources like AWS, Azure, Hadoop or an on-prem log server makes SpectX a perfect tool for ad-hoc log forensics, looking for the unknown and exploring data to discover what’s there. Here are six quick queries to copy-paste into the query window and run it on compressed sample data we’ve stored in S3.
  

  Read more

• Parse IIS logs to Analyze Exchange, Outlook Web Access and ActiveSync Activities

  Need to audit a specific user connecting to their mailbox? Troubleshoot why users are not able to sync their mobiles via ActiveSync? Investigate errors in time intervals? The answer to these and many other questions lie in the IIS logs of the Exchange server.
  

  Read more

• Analyzing Raw IIS Logs

  We've put down 20 copy-pastable queries to ask from your raw IIS logs by analyzing them directly from their current storage location.
  

  Read more

• Parsing IIS logs

  This is a step-by-step guide on parsing IIS logs using SpectX. Once the parser matches the raw data, SpectX makes it quick and easy to run queries on raw log files without first importing and duplicating them to another location.
  

  Read more

• Parsing Windows 2008 DNS Debug Logs

  Parsing Windows DNS logs can be a challenge. If your server runs post-2012 software, you are probably good as the output is formatted into Windows event logs. However, if you're up against an earlier version than Microsoft Server 2012 r2, then the output in plaintext log files is challenging to make sense of both for humans (developers) and machines. Here's how to parse Windows 2008 DNS debug logs quickly with SpectX.
  

  Read more

• Analysing Git Log Reports. Authors, Fridays and Batmen

  Playing around with Git logs can give you fascinating insights into a project. Whether it's analysing your own work or checking how someone else's project is doing, Git logs have it all. Sometimes all you need is a quick general overview, e.g. counting contributions per author. The next minute, you really need to dig into a specific time period (Fridays!), look at a keyword or email domain. Zooming out and digging deep into Git repos is a walk in the park with the right tool - follow our lead.
  

  Read more

• 0x3 Things We Liked About Disobey

  We’re back after the weekend in Helsinki, and the office is resonating with Disobey-stories ranging from audit daemon to parties featuring Borat-swimsuits. Rumours about this event being great reached us long ago but a sincere bow to the organisers - it truly is one of the content-richest and crowd-vibrant infosec events in the Nordic region.
  

  Read more

• SpectX Base v. 1.4 Release Notes

  Here are the release notes for SpectX v. 1.4 released on 7 September 2018. Featuring queries at anything that speak S3 but also at traditional SQL-databases. AD-support has been a frequently asked feature and is now live.  Last but not least, in addition to charts, you can now launch map-visualisations based accurate queries on your datasets (pew-pew!).
  

  Read more

• The Most Scalable Splunk Alternative for Log Analysis

  When talking to infosec experts about their log-related endeavours, Splunk is a household word. We frequently find ourselves patiently and passionately explaining the differences between this well-known giant and SpectX. Here’s a write-up to go more into details than just stressing the limitations of pricing and data import.
  

  Read more

• SpectX In The Landscape of Security Analytics

  The modern concept of security analytics involves more dimensions than ever. Traditional logs from network devices and hosts must be combined with malware analysis, network traffic analysis, endpoint visibility as well as data provided by threat intelligence feeds. 
  

  Read more

• Key Findings from 37GB of Dot-cm Typosquatting Scheme Logs

  Digging deeper into the typosquatting operation: popular domains

  Read more

• Detecting Human Behaviour on BlueCoat Proxy Logs

  This is the sequel to exploring BlueCoat proxy logs. Having defined their structure I now proceed to analyse actual log content. As my knowledge of the origin of these sample logs is limited, I'll try to extract as much information about the nature of proxy deployment, user behaviour and their geographical location.
  

  Read more

• SpectX & Open Data: Parsing and Analysing html-lists

  I recently came across an article about an introductory open data exercise analytics using Python (scraping web, extracting data with regex and visualization). Fun learning indeed. But then I thought how much much time and how many lines of code it would take to do the same thing with SpectX? Let’s find out.
  

  Read more

• Parsing BlueCoat Proxy Logs

  Finding sample logs in the web is not an easy task. This is quite understandable as log content is nowadays considered sensitive (hint: GDPR).
  

  Read more

• Experimenting with raw log files

  It's in the original raw log files where the truth lies. Here's how to quickly access and play with your data to make real discoveries.

  Read more

• Play with raw machine data to solve an incident. Introducing SpectX Base.

  SpectX Base is an analytics platform first and foremost for security teams. It helps them quickly get into the heart of security incidents by analysing vast amounts of unstructured logs and other raw machine data.
  

  Read more

• SpectX raises investment to expand opportunities in big data analytics

  SpectX has raised investment from Karma Ventures for product development and growth. The startup founded by former security engineers at Skype and Swedbank is developing a powerful analytics software solution for rapid processing of unlimited amounts of data. The product will be publicly launched in autumn 2017.
  

  Read more

• Whitepaper: Inertia in Processing Machine Generated Data

  It turns out that extracting useful information from logs is not easy. In fact, the processes of obtaining data and preparing it for analytics is a complicated and costly process. The aim of this whitepaper is to describe these complexities and bring out the core reasons that form the phenomena of inertia in machine generated data.  
  

  Read more