When the aim of no-code is to make software and app development accessible to as many people as possible, why not draw a parallel with a no-logs approach, which would consist in making their exploration accessible without any specific knowledge of querying.
The no-code movement is in full swing. Graphical user interfaces have made programming accessible to most people, regardless of programming expertise. Visicalc kicked it off in the 80s, now we're looking at a whole generation of new flow based tools. But let's not kid ourselves, although no-code software doesn't require learning a programming language, we're still giving instructions to computers and explaining to them how to automate tasks. Graphical user interfaces have made computer technology and programming more accessible. The magic of no-code is making computers accessible tools and opening up their possibilities to more people.
The analogy with no-code is straightforward here as Malizen's mission is to make computer logs more accessible, enabling a larger audience to effortlessly explore and comprehend cybersecurity data.
… to no-logs
In one form or another, the majority of information technology systems produce logs nowadays. At their simplest form, logs consist of events that include a timestamp and important attributes necessary for engineers to effectively identify and diagnose issues. Logs are essentially collections of events that provide us with a traceable history for each hardware and software element. When merged and aggregated, they assist us in monitoring services, understanding bugs and detecting attacks.
By monitoring logs, you can ensure the functionality of a service, assess its workload, diagnose issues, and find appropriate solutions. Logs hold significant value until you realise that logs generally look like this:
That image contains 7 web server events. In this log each event contains an IP, date, URL, HTTP response status code, size of the response… and of course these only make sense if you have some background knowledge on those values and know what roles the service has.
While this scenario might be suitable for a movie, where the intention is to highlight the intricacies of technology and the expertise of our heroes, our focus as researchers was to simplify the task. Additionally, although small logs may be relatively easy to browse, a standard server generates millions of events. At such a massive scale, manual searching through logs becomes impractical and unfeasible.
The initial approach to tackle this issue has involved deploying algorithms to identify relevant information within the overwhelming amount of data. This entailed establishing rules or conducting training to achieve desired outcomes. However, we have not yet developed a system that can accurately detect all incidents without generating false alerts or overlooking critical information. Consequently, human supervision is still necessary. Nevertheless, significant progress has been made, resulting in a substantial reduction from billions of daily events to “just” thousands of alerts.
Our goal with Malizen is to take log accessibility and usability to the next level.
Firstly, Malizen lets you connect to all your log sources, providing you with a single log exploration console. Malizen empowers analysts to visually identify connections within their logs that might be overlooked in traditional tabular views. Analysts are then able to observe and explore correlations across all data sources in a unified interface, eliminating the need for manual queries or switching between different applications.
Malizen replaces complex command line queries with intuitive data visualization and a drag & drop interface that allows analysts to easily find incident scenarios in their logs. Malizen automatically generates visuals that express data in the most efficient way. Because we know that choosing the right data visualisation takes time, Malizen automatically proposes the best visualisation for for each type of data. The objective is to investigate following analyts’ intuition.
Which do you prefer, graphical interfaces straight out of Minority Report to explore data or a thousand black screens full of text?