Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.



Video Interview for Applied Security Visualization

I recorded a short, 10 minute video where I am interviewed by Johnvey Hwang about the Applied Security Visualization book. We are talking about why I wrote the book, what the book is about, and also quickly talk about DAVIX. Tune in.


Skyrails 3D OpenGL visualisation

Skyrails is a social network (or any graph really) visualization system. It has a built in programming language for processing (as far as visualisation attributes goes) the graph and its attributes. The system is not only aimed at expert users though, because through the scripting languages menus can be built and the system can be used by any users.

The main distinguishing point of the system comes from the built in scripting language, the added flexibility of how to represent attributes (nodes can be binded to planes and spheres based on their attributes) and the scriptability of the user interface system. This makes skyrails ideal for creating presentations targeted at the average users.

skyrails in action:

DAVIX Workshop Slides from DefCon 2008

For those who are interested, here are the slides from the DAVIX workshop that Jan Monsch and Raffael Marty taught at DefCon 2008 in Vegas. The content is as follows:

  • What's DAVIX all about? Architecture of the CD, etc.

  • Very short introduction to Visualization

  • An example analysis, how to detect worms in cell phone networks

Learn more about DAVIX.

Newbie help request

Could I possibly get a little help with getting the afterglow / neato tools usefully working. have 291 lines of data and for the life of me the graphs I'm generating are quite poor.

I am not a Perl programmer but have managed to get cygwin working and afterglow & neato working.
using this sample set of the 291 I can get the two diagrams I have attached, but I would dearly like some advise how to generate a more representative image.

If this forum is inappropriate for a little mentoring then please advise / delete as appropriate.

With kind regards,



INAV is a project that displays connection information in real time. It creates a dynamic interactive directed graph in real time.

Analyzing Windows Eventlog Types

Analyzing Windows Eventlog Types

Windows Eventlog analysis with Nazar GUI using mouseover to determine the user accounts which caused the events.
*New version works web based Flash application with CSV input

DAVIX 1.0.1 Released

After months of building and testing, the long anticipated release of DAVIX - The Data Analysis & Visualization Linux® - arrived last week during Blackhat/DEFCON in Las Vegas. It is a very exiting moment for us and we are curious to see how the product is received by audience. So far the ISO image has been downloaded at least 600 times from our main distribution server. Downloads from the mirrors are not accounted.

All those eager to get their hands dirty immediately can find a description as well as the download links for the DAVIX ISO image on the DAVIX homepage.

We wish you happy visualizing!

Kind regards

SecViz got a new Logo

Have you noticed? There is a new logo for To be correct this is the first real logo. What was there before wasn't really a logo.

Applied Security Visualization Book is Available!

The Applied Security Visualization book is DONE and available in your favorite store!

You can download an electronic version of Chapter 5 for free! The book also ships with a version of DAVIX, the Data Analysis and Visualization Linux!

Martin McKeay recorded a podcast with me where I talk a little bit about the book.

Interesting Pattern in Storm Worm

Interesting Pattern in Storm Worm

Plotted above is the used Portrange of a Storm Worm Spambot with private IP. Interesting that it (almost) stops at about Port Number 33.789, very sparse above that... Verified with multiple binaries and by the analysis of a so-called Storm Gateway (supernode) with public IP, here as well sparse data above the mentioned port, while ports between 50000 and 51000 seem to be very dense again. More information and plots on

For these plots, I analyzed the binaries in NetFlow data, converted it to CSV Files and did some data mining on these files with the commercial tool 'SPSS Clementine'