IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Picviz 0.4 released

From: "Sebastien Tricaud" <stricaud () inl fr>
Date: Tue, 28 Oct 2008 00:10:40 +0100 (CET)
Picviz 'Needle 24/7' 0.4 is *out*.

NEWS
====

I will give a lecture on Picviz for the upcoming Usenix
Workshop on the Analysis of System Logs (WASL 08) in San Diego.

This is a good opportunity to meet and learn what you can do
with Picviz. More information available on the conference website:
http://www.usenix.org/event/wasl08/tech/


What is Picviz ?
================

Picviz is a parallel coordinates plotter, written to help people
finding a needle in a haystack when dealing with numerous events
on their system and struggling to maintain an acceptable level of
security.

It is a computer security visualization program, written in C with
high performances in mind. Python bindings are available, and are
used by the Picviz Frontend that you can use to dig into your graph.

Parallel coordinates, the core visualization technique used by Picviz
allows to represent graphs in N dimensions to see correlations among
variables, making it a useful data mining software.


Download!
=========

Everything, including download, installation instructions and
documentation, are available on the project webpage:
http://www.wallinfire.net/picviz

It is now highly recommended to compile Picviz with the cairo
output plugin, since it is now the officially recommended output.

Tarball file size: 1587160
Tarball MD5: 92aecf1465a278095611d01fb4e86d28
Tarball SHA1: 1a5fb65e4b64b47d357baad8623d9a415ad9a9a2


Changelog
=========

* CSV to Picviz script

* Heatlines: in order to do line frequency analysis. The more the line
  comes is drawn, the more red it becomes. This is a gradient from green
  to red via yellow. Two modes are supported:
 - Axis pair: look for the highest frequency between two axes
 - Virus: look for the highest pair of axes frequency and every line touching
   it is drawn in the highest frequency color
 This greatly help the log analysis, to sort things that are normal (usually
 red) from things that occur just a few times.
 Usage: pcv -Tpngcairo -Rheatline file.pcv > file.png

* Relative as axis property: instead of having it global with the engine
  section.

* Learning mode: To decide automatically what is the most appropriate string
  placing algorithm.

* Cairo plugin: Replaces the old plplot plugin (making it deprecated). This is
  now the default and recommended plugin.

* Resolution can be changed on the fly: pcv -r..(rr) that more you add 'r', the
  bigger the image will be.

* Height as image property

* Multiple conditions for filtering: breaking the old way of doing it. To see
  only lines above 50% of the first axis AND 20% under the fifth you can type:
  pcv -Tpngcairo file.pcv 'show plot > 50% on axis 1 and plot < 20% on axis 5'
  -- Contributed by Yoann Vandoorselaere <yoann at prelude dash ids dot org>

* Parser scripts rewritten

* DansGuardian log 2 Picviz -- Contributed by Julien Miotte

* SquidGuard log 2 Picviz -- Contributed by Olivier Delhomme



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: