Interesting! For example, OSSEC rules may be visualized similar to the "program profile" as shown in http://www.graphviz.org/content/profile . It looks like we just need to convert OSSEC rules into this format: http://www.graphviz.org/Gallery/directed/profile.gv.txt .
On Monday, August 20, 2012 1:03:20 PM UTC-7, Jason Frisvold wrote: > > On Aug 20, 2012, at 1:45 PM, Michael Starks wrote: > > I'm trying to map the OSSEC ruleset, visually. It would help to > understand where we are today and how best to (re)structure future rules. > Can anyone suggest a tool that could take the rules and would understand a > hierarchical structure (i.e. multiple child rules, if_group), etc. We have > the rule data in csv format so it need not understand XML. Thanks. > > I believe it requires a little programming, but graphviz would likely give > you what you're looking for... > > --------------------------- > Jason 'XenoPhage' Frisvold > [email protected] <javascript:> > --------------------------- > "Any sufficiently advanced magic is indistinguishable from technology." > - Niven's Inverse of Clarke's Third Law > > > >
