Graph Exchange

This image is a Gelphi generated undirected graph showing the EXPORT header entries from windows 7 DLL's and other DLL's. You can find the Python code used to generate it and high resolution imagine here on my blog http://cybersecpaul.blogspot.com

Most tools/charts only display the Total amount of particular IDs (the most common is a pie chart).
This is difficult when you want to know the behavior of such IDs over time. So I came up with this :D

I've created a small set of scripts that takes the Top-Syslog-IDs from Cisco ASA Logs for plot them a line chart.

The "Top-Syslog-IDs" represents the IDs with more entries in the logs in the last N minutes.

This particular graphic shows the top 15 syslog IDs in the last 30 minutes.

Tools: bash, sqlite3 (for storing time + ids), Gnuplot

This is an example of OSSEC alerts visualization. Alerts are extracted from the OSSEC database using a Perl script and parsed by Afterglow.
More details here: http://blog.rootshell.be/2011/10/24/mapping-ossec-alerts-with-afterglow/

AfterGlow to Gephi example of an email log

This is my third try at graphing SSHd logs from honeynet.org's Challenge 5. I'm in the process of switching from Perl to Python, so I used Python this time along with Chart Director. However, this is a blatant knock off of Nathan Yau's much better chart: http://flowingdata.com/2011/06/13/largest-data-breaches-of-all-time/. I was just curious to see if I could recreate it with Python and Chart Director using different data.

If you're not familiar with SSHd logs:

"F" stands for "Failed" meaning the wrong password was tried.
"I" for "Invalid" meaning the wrong username was tried.
"A" for "Accepted" meaning the login attempt succeeded.

The numbers show how many "F", "I" or "A" were caused by the IP.

This is my second try at graphing SSHd logs from honeynet.org's Challenge 5. Perl and Chart Director were used to make this chart. The chart has a lot less "chart junk," and is much easier to understand the percentages than my first attempt. Red means there was at least one successful login, while blue means all login attempts failed.

Plotted exit nodes on maps. Full details on page of Tor Exit Nodes Visualized. Links to images on page are dynamic and updated daily. Uses Google Dynamic Map chart visualization tool.