Picviz 'No blackcomb in March' 0.5 is out. * What is Picviz? *
When considering log files for security, usual applications available today either look for patterns using signature databases or use a behavioral approach. In both cases, information can be missed. The problem becomes bigger with systems receiving a massive amount of logs. Parallel coordinates is an answer to display an infinity of events in multiple dimensions. As security data are multivariate, parallel coordinates provides a neat way to display and ease abnormal behaviors detection. Picviz implements the use of parallel coordinates on acquired data, such as logs, to create a parallel coordinates image. Using this image, the analyst can use Picviz to improve the output image, filter information and visually detect things. * Download * Everything, including download, installation instructions and documentation, are available on the project webpage: http://www.wallinfire.net/picviz Tarball file size: 1754982 Tarball MD5: 5b22cf41993eca347f8014650fffc03d Tarball SHA1: 5e9b129b2bcf712e081f6616e55bcbf5540fa5ca * Learn how to use it * o The picviz manual page is kept up to date. o Slides of the Usenix Workshop on the Analysis of System Logs: http://www.wallinfire.net/files/picviz-usenix-wasl2008.pdf * Miscellaneous * Parallel coordinates are broader than security stuff. For example, Eric Leblond generated the picture of the ulogd2 project, to see who started, was the most active etc. This gives an interesting picture: http://home.regit.org/~regit/data/ulogd2-full.png * Changelog * o New variables types: enum, ln and port. o New properties: print and bgcolor. o Real-time mode enabled. o Improved 'color' property to let people write (r,g,b) format o Filters can be used in the GUI command line o Snort parser o GIT log stats parser o OSSEC template for real-time _______________________________________________ Picviz mailing list Picviz@wallinfire.net http://www.wallinfire.net/cgi-bin/mailman/listinfo/picviz