Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.

 


 

Visual Analytics Workshop - Link Collection Part V - Big Data

This next module of the Visual Analytics Workshop is about Big Data. And here are the links that show up during this section. Keep in mind that especially this module is constantly evolving and has in the last months. New sections and links will be added to the training class very frequently.

Looking for the previous list of links for the workshop?

- Introductionary Links
- Data Sources
- Data Processing
- Log Management and SIEM

Wanna know more about the visualization workshop? Email me or visit http://pixlcloud.com/training

Visual Analytics Workshop - Link Collection Part IV - Log Management and SIEM

NEWS UPDATE! Next Visual Analytics Workshop to be held at BlackHat US in August. Join!

This is the Labor Day issue of the link collection series. The third module of the Visual Analytics Workshop is about Log Management and SIEM.

Looking for the previous list of links for the workshop?

- Introductionary Links
- Data Sources
- Data Processing

Wanna know more about the visualization workshop? Email me or visit http://pixlcloud.com/training

Stay tuned for the next link collection which will be on big data!

Gephi and afterglow of IPv4 LAN traffic

Gephi and afterglow of IPv4 LAN traffic

only a portion of the data was given to Gephi

LAN Traffic - Gephi

LAN Traffic - Gephi

LAN Traffic as seen from a workstation visualized using afterglow and Gephi. To get GDF format file for Gephi use the -k parameter with Afterglow. Thanks Raffy.

IPV6 multicast DNS Traffic

IPV6 multicast DNS Traffic

I guess tcpdump version 4.6.1 is not compatible with tcpdump2csv.pl hence I got only IPV6 traffic parsed to afterglow.

Visual Analytics Workshop - Link Collection Part III - Data Processing

NEWS UPDATE! Next Visual Analytics Workshop to be held at BlackHat US in August. Join!

Here is part three of the link collection series. The second module of the Visual Analytics Workshop is about Log Data Processing.

Apart from knowing your sed and awk, you want to know these two tools:

- CSVKit - SQL on CSV files anyone?
- LogParser for those of you who use Windows.

And then the rest of the links from this section:

- CommandlineFu
- Regex Lib
- Regular Expressio Information
- Regex One
- RegExr
- Geo Lookup On The Commandline
- Log Analysis Scripts

- LogParser Studio

Advanced PCAP Analysis

- httpry
- dnstop
- Emerging Threats
- HoneySnap

Looking for the previous list of links for the workshop?

- Introductionary Links
- Data Sources

Wanna know more about the visualization workshop? Email me or visit http://pixlcloud.com/training

IPV4 LAN

IPV4 LAN

A view of IPV4 LAN traffic as seen from one of the servers made with tcpdump and pcap using afterglow

Visual Analytics Workshop - Link Collection Part II - Data Sources

NEWS UPDATE! Next Visual Analytics Workshop to be held at BlackHat US in August. Join!

The first module of the Visual Analytics Workshop is about Data Sources.

As a foundation for later visualizations, we need to first understand what the data means. Following are the links of tools and additional material we are going through: (Note that the links might not cover all of the tools in this module. They are merely all the links that show up on the slides.)

Find the previous list of links at the first link collection post.

Wanna know more about the visualization workshop? Email me or visit http://pixlcloud.com/training

Visual Analytics Workshop - Link Collection

NEWS UPDATE! Next Visual Analytics Workshop to be held at BlackHat US in August. Join!

During my Visual Analytics Workshop I mention a ton of tools, Web sites, and projects. Students attending the class get a list of all the links to these items in a summary file.

I decided that the list of links would be something useful for everyone to look at. Over the next few weeks I will be posting all the links on here.

Today we start with a few links of my previous work and the links of the workshop introduction slides:

Raffael Marty:
- Heatmaps - Why is Security Visualization So Hard?
- Cyber Security - How Visual Analytics Unlock Insight
- VizSec 2012 Keynote
- All the Data That's Fit to Visualize
- Security Visualization - Learning From The New York Times
- Mining Your Logs - Gaining Insight Through Visualization
- Application Logging Guidelines
- Visualization Workshops
- PixlCloud

Introduction:
- Binary Visualization Tool (VizBin)
- BinVis
- BinVis Discussion
- Cantor Dust
- Vera
- Periodic Table of Visualizations
- Minard
- Hans Rosling and Gapminder
- Hans Rosling TED talk
- MYO Interface
- Microsoft Kinect
- Leap Motion
- Make It So

Wanna know more about the workshop? Email me.

VizSec 2014 [Deadline Extended]

### VizSec deadline EXTENDED by 1 week! See http://vizsec.org for new schedule. ###

The 11th Visualization for Cyber Security (VizSec) is a forum that brings together researchers and practitioners from academia, government, and industry to address the needs of the cyber security community through new and insightful visualization and analysis techniques. VizSec provides an excellent venue for fostering greater exchange and new collaborations on a broad range of security- and privacy-related topics. VizSec will be held in Paris, France on November 10, 2014 in conjunction with IEEE VIS.

Important research problems often lie at the intersection of disparate domains. Our focus is to explore effective, scalable visual interfaces for security domains, where visualization may provide a distinct benefit, including computer forensics, reverse engineering, insider threat detection, cryptography, privacy, preventing user assisted attacks, compliance management, wireless security, secure coding, and penetration testing in addition to traditional network security. Human time and attention are precious resources. We are particularly interested in visualization and interaction techniques that effectively capture the insights of human analysts so that further processing may be handled by machines, freeing analysts for other tasks. For example, a malware analyst might use a visualization system to analyze a new piece of malicious software that facilitates generating a signature for future machine processing. When appropriate, research that incorporates multiple data sources, such as network packet captures, firewall rule sets and logs, DNS logs, web server logs, and/or intrusion detection system logs, is particularly desirable.

Full papers describing novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, analysis, or experiments and evaluations.

Update: Poster are also solicited. Posters may showcase late-breaking results, work in progress, preliminary results, or visual representations relevant to the VizSec community.

More information can be found here.