The goal is to analyze Snort logs in order to get a general view of the network events. At your left you have the atacker view, where is ploted a sector graph with quantity(radius) and priorities of atack (red, yellow, green) at your right you have the victims view with same information. there is the abilty to filter by protocol ( TCP, UDP, ICMP ) and priorities, this graph have interaction, and you can get the original log with a mouse right click .
This is the abstract of the paper, the original was written in portuguese.
ABSTRACT
The compromising of computer systems generate evidences on various devices such as routers, operating systems and applications. Monitoring and analyzing this large amount of data is a challenge for network administrators. One way for analyzing large amounts of data like the generated in these cases, is to use information visualization to provide one or more graphics capable to summarize data and translating them into information. This work presents a study on the use of visualization techniques applied to information security and monitoring of computer networks, with emphasis on visual analysis of logs generated by the intrusion detection system Snort. It also reports the development of a software called Apoena, which aims to analyze the alerts generated by Snort, using graphs and pie charts for displaying of the network events.