Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

INAV

INAV

INAV is a project that displays connection information in real time. It creates a dynamic interactive directed graph in real time. http://inav.scaparra.com

Analyzing Windows Eventlog Types

Analyzing Windows Eventlog Types

Windows Eventlog analysis with Nazar GUI using mouseover to determine the user accounts which caused the events.
*New version works web based Flash application with CSV input

DAVIX 1.0.1 Released

After months of building and testing, the long anticipated release of DAVIX - The Data Analysis & Visualization Linux® - arrived last week during Blackhat/DEFCON in Las Vegas. It is a very exiting moment for us and we are curious to see how the product is received by audience. So far the ISO image has been downloaded at least 600 times from our main distribution server. Downloads from the mirrors are not accounted.

All those eager to get their hands dirty immediately can find a description as well as the download links for the DAVIX ISO image on the DAVIX homepage.

We wish you happy visualizing!

Kind regards
Jan

SecViz got a new Logo

Have you noticed? There is a new logo for secviz.org. To be correct this is the first real logo. What was there before wasn't really a logo.



Applied Security Visualization Book is Available!

The Applied Security Visualization book is DONE and available in your favorite store!

You can download an electronic version of Chapter 5 for free! The book also ships with a version of DAVIX, the Data Analysis and Visualization Linux!

Martin McKeay recorded a podcast with me where I talk a little bit about the book.

Interesting Pattern in Storm Worm

Interesting Pattern in Storm Worm

Plotted above is the used Portrange of a Storm Worm Spambot with private IP. Interesting that it (almost) stops at about Port Number 33.789, very sparse above that... Verified with multiple binaries and by the analysis of a so-called Storm Gateway (supernode) with public IP, here as well sparse data above the mentioned port, while ports between 50000 and 51000 seem to be very dense again. More information and plots on
http://honeyblog.org/archives/196-Interesting-Pattern-in-Storm-Worm-Traffic.html

For these plots, I analyzed the binaries in NetFlow data, converted it to CSV Files and did some data mining on these files with the commercial tool 'SPSS Clementine'

Picviz iptables graph

Picviz iptables graph

Graph of ten minutes of iptables logs, showing 8000 events. It was generated with the not released yet Picviz (http://sourceforge.net/projects/picviz/) program.

More details on my blog

ISSA Journel - Security Visualization: What you don’t see can hurt you

Russ McRee wrote an article for the ISSA journel where he describes various security visualization approaches. SecViz is prominently featured, as well as a few tools, such as TNV, InetVis, and Rumint. The article also mentions DAVIX. You can read the article here.
In an older article, Russ talked about Argus – Auditing network activity. In that article, he mentions how to use AfterGlow for network traffic analysis.

Applied Security Visualization PodCast from FIRST 2008

At the end of June, during FIRST 2008, Peter Wood and Ben Chai interviewed me about my Applied Security Visualization talk and my book. I really like how the podcast turned out. Tune in!

Visualized Storm fireworks for your 4th of July

Visualized Storm fireworks for your 4th of July

Turning old Storm news into a celebration of the 4th of July, we applied little AfterGlow magic to fireworks.pcap,
tcpdump -vttttnnelr /home/rmcree/pcap/fireworks.pcap | ./tcpdump2csv.pl "sip dip ttl" | perl ../graph/afterglow.pl -c /home/rmcree/afterglow/src/perl/graph/color.properties -p 2 | neato -Tgif -o fireworks.gif,
and the results look just like the fireworks we hoped they would.
For the analysis of this Storm variant, fireworks.exe, and the resulting fireworks.pcap that lead to this visualization, see http://holisticinfosec.blogspot.com/2008/07/visualized-storm-fireworks-for-your-4th.html.
Happy 4th of July!