Play with raw machine data to solve an incident. Introducing SpectX Base.

Figuring out what’s actually going on during a security incident is no walk in the park. Most of the facts needed for solving an incident are found in logs.  But using existing machine data tools is a lot of work. First, the raw data needs to be imported into the tool to be neat and structured, only then can the analysis start. The import and structuring can take hours if not days.  Additionally, most of the available solutions set a price tag to the amount of data indexed. This means security teams need to choose where to look from long before they know what to look for.

Enter SpectX. The limits of log analytics were a frequent challenge for the three Skype security engineers Renee Trisberg, Jüri Shamov-Liiver and Mihhail Meshkov. When quitting Skype (by then acquired by Microsoft) and looking around, they realised that scalable log analysis solutions were not to be found anywhere. A decent capability of quickly finding anomalies and tracking down malicious activity in logs would, again and again, involve ruthless in-house development. So they first decided to spend a couple of years validating, if queries run directly on raw data files were technologically possible. Turns out it is and as a result, after 4 years of innovative work, SpectX is launched. The product is special because there is:

  • no data import. SpectX runs queries directly on raw data, structuring it only as much as you need during query time (e.g. not including the server response code from an Apache log but including it again immediately when necessary)

  • no price tag on data volumes. SpectX quickly analyses all data you can access on-premises, cloud or open data on the web.

  • endless possibilities for playing around with your data. SpectX virtual structure and query language can normalise the data in a flick. Simple queries, as well as complex computations, run quickly.

To deal with unlimited amounts of data in different locations, SpectX is built as a distributed computing system. It is a product entirely under the control of the user, installed in the cloud, in an on-prem server or a simple laptop. Users interact with the SpectX using a browser but end-user applications can also be integrated using SpectX's REST API I (see more technical details over here).

SpectX Base is now available with a 30-day free trial (no credit card required). The larger your data volumes, the messier your data in terms of formats and architecture, the more you gain. See how to get started in the docs, play around with the built-in sample queries and see how it works with your own data. And feel free to get in touch.

Back to articles