I am trying to collect a list of tools and methods that people are using
to visualize security data. What tools are people using? Anything? Or is
everyone still working with textual representations?
I think I ran into you at BlackHat & DefCon this year, didn't I? I had
some ideas about plotting binary data in skinny graphs, y-axis being the
ascii value of the byte (0-255) and x-axis being the offset inside the
packet/datagram/whatever (could be any data source for that matter,
multiple files, etc.). Silly and simple idea, did it in python with pychart.
Turned out to be alot more interesting and alot less practical than I
thought ;) There's alot to look at, the way the delimiters stick out,
the different patterns between text, binary, different forms of
compression and encoding, etc. I had built a little shell around it that
you could use to construct packets and probe/tickle multiple targets in
parallel.
However, once I saw scapy I realized someone had done most of the work
already, and done it better. Just need to figure out how to do the
plotting with it, if someone hasn't done it already. Also would like to
add an option to plot only the deltas. Other ideas include adding a 3rd
dimension to the graph (time), do it up like a waterfall plot. You're
dealing with potentially massive amounts of data, capture everything to
a database so you can do more in depth stuff later. Who knows.
Has anyone used afterglow (afterglow.sourceforge.net) and has come up with
some neat ways of visualizing data? Maybe some really cool way of
representing a certain type of log file?
I'm not familiar with that bit of software, but I will certainly take a
look into it now :) Thanks for the tip.
Cheers,
Byron
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
