Re: Tools to Visualize Security Data



I am trying to collect a list of tools and methods that people are using
to visualize security data. What tools are people using? Anything? Or is
everyone still working with textual representations?

I think I ran into you at BlackHat & DefCon this year, didn't I? I had some ideas about plotting binary data in skinny graphs, y-axis being the ascii value of the byte (0-255) and x-axis being the offset inside the packet/datagram/whatever (could be any data source for that matter, multiple files, etc.). Silly and simple idea, did it in python with pychart.


Turned out to be alot more interesting and alot less practical than I thought ;) There's alot to look at, the way the delimiters stick out, the different patterns between text, binary, different forms of compression and encoding, etc. I had built a little shell around it that you could use to construct packets and probe/tickle multiple targets in parallel.

However, once I saw scapy I realized someone had done most of the work already, and done it better. Just need to figure out how to do the plotting with it, if someone hasn't done it already. Also would like to add an option to plot only the deltas. Other ideas include adding a 3rd dimension to the graph (time), do it up like a waterfall plot. You're dealing with potentially massive amounts of data, capture everything to a database so you can do more in depth stuff later. Who knows.

Has anyone used afterglow (afterglow.sourceforge.net) and has come up with
some neat ways of visualizing data? Maybe some really cool way of
representing a certain type of log file?

I'm not familiar with that bit of software, but I will certainly take a look into it now :) Thanks for the tip.


Cheers,
Byron

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------