Add Post   Gallery
This is a community portal. Sign up on the left and start posting about analytics and visualization of security data.



REQUEST for Hilbert Curves

I was just looking for some examples of IPv4 Hilbert Curves and realized there were non in the image gallery. Does anyone have examples of IPv4 space visualizations of that sort? They are also called IPv4 Heatmaps. I have never generated any of them myself and didn't just want to post a screenshot of someone else's images.

Free Conference Pass to FOSE

FOSE is a conference focused around Technology Solutions for the Business of Government. The FOSE conference donated a free conference pass for the secviz readers. In order to get the pass, tweet the following:

@secviz is raffling off a ticket to the FOSE conference, which is taking part March 23-25, 2010. Retweet to be part of the raffle. See for details. #FOSETix

UPDATE: We have a winner: @fifth_sentinel ! Congrats!

The winner will be the tweeter that tweeted exactly at the position in the middle of all tweets. So, if there were 20 tweets, the 10th tweeter (we'll round down for odd numbers).

Here is a word from the sponsor:

Explore targeted technology areas, educational theaters, and thousands of cutting edge products. Plus, network with a wealth of industry experts.

You are well aware of the challenges we as a CyberSecurity community face from rapid changes in the technology landscape. FOSE 2010 is the place to discover opportunities and solutions along with changing expectations for government IT professionals.

Register today for the FOSE 2010 experience

You can expect:

- 3 days of IT resources helping you navigate today's shifting tech landscape
- 2 full conference days packed with education on emerging technologies, trends, and new improvements to existing solutions
- Thousands of products on the FREE* EXPO floor allowing you to gain one-on-one insight into the capabilities of our exhibitors through demos, theater presentations and FREE Education.
- Attend the Accenture CyberSecurity Pavilion or Focus on Digital Forensics.

*FOSE is a must-attend free show for government, military, and government contractors.



The goal is to analyze Snort logs in order to get a general view of the network events. At your left you have the atacker view, where is ploted a sector graph with quantity(radius) and priorities of atack (red, yellow, green) at your right you have the victims view with same information. there is the abilty to filter by protocol ( TCP, UDP, ICMP ) and priorities, this graph have interaction, and you can get the original log with a mouse right click .
This is the abstract of the paper, the original was written in portuguese.
The compromising of computer systems generate evidences on various devices such as routers, operating systems and applications. Monitoring and analyzing this large amount of data is a challenge for network administrators. One way for analyzing large amounts of data like the generated in these cases, is to use information visualization to provide one or more graphics capable to summarize data and translating them into information. This work presents a study on the use of visualization techniques applied to information security and monitoring of computer networks, with emphasis on visual analysis of logs generated by the intrusion detection system Snort. It also reports the development of a software called Apoena, which aims to analyze the alerts generated by Snort, using graphs and pie charts for displaying of the network events.



SOI 2.1 Cisco IPS view

I've tried to add a new visualization for the cisco part of the upcomig (very very soon) of the 2.1 release of soi. Tell me what you think , im still tweaking it so this is a rough view...I'll still keep the map, timeline matrix etc for the pix but just wanted to add a different view for it...(oh and the colors will be more "pastel"....:) )


VizSec 2010 - International Symposium on Visualization for Cyber Security

International Symposium on Visualization for Cyber Security (VizSec)
14 Sept 2010
Ottawa Canada
Co-Located the Internat’l Symposium on Recent Advances in Intrusion Detection

The International Symposium on Visualization for Cyber Security (VizSec) brings together researchers and practitioners in information visualization to provide opportunities for the two communities to collaborate and share insights about meeting security needs through visualization approaches.
VizSec 2010 will be held on September 14th in Ottawa, Canada and is co-located with 11th International Symposium on Recent Advances in Intrusion Detection (RAID). This year our focus is on understanding what makes effective visual interfaces for different cyber security tasks.

Papers offering novel contributions in security visualization are solicited. Papers may present techniques, applications, practical experience, theory, or experiments and evaluations. Papers are encouraged on technologies and methods that have been demonstrated to be useful for improving information systems security and that address lessons from actual application.

Information regarding submission dates will be available on the website.


Hi , im an apprentice to Sec Viz technology.
I used Afterglow to do some visualizing. i need to know how to do aggregation in that.Though I used the coding in Raffy's book, I couldn't make it. I am using the DAVIX and it's file.The code that I have used was

color=”yellow” if (field() =~ /ˆ111\.222\..*/);
color.event=”green” if ($fields[1]<1024)
if ($fields[1] eq "80")

Is this Ok? I don't get a different output .Pls let me know where have i gone wrong...


Pkviz: Packet Visualizer / Animator tool Available for Download (Mac OS X)

Pkviz: Packet Visualizer / Animator tool Available for Download (Mac OS X)

Per my earlier packet visualizer post, I have an app available for Mac OS X users to download. You can grab it here:

The app takes tcpdump ascii-hex output (the -X option) and animates through all the packets in a file. It splits the packets into bytes, with position in the packet providing the X axis values and byte value in a given position providing the Y values. You can select a window of packets to display at once (defaults to 30) to see patterns over time. If packet headers are more interesting than payload, there is an option to expand the proportion of space taken by header data so it's easier to see. There are also options to pause the animation, move fwd and back one packet at a time, and jump to specific packts. Finally, if you want to look at the base data for a given packet, you can display the packet in hex.

Right now, I've found there's a rough top limit of 3000 packets, but it really depends on your machine.

Treemaps for Windows firewall log

Does anyone have a parser for using Windows firewall logs with Treemap???

Augmented Reality

Augmented Reality