Picviz 0.5 released

["Sebastien Tricaud" <stricaud () inl fr>]

Picviz 'No blackcomb in March' 0.5 is out.

* What is Picviz? *

When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.

Parallel coordinates is an answer to display an infinity of events in multiple
dimensions. As security data are multivariate, parallel coordinates provides
a neat way to display and ease abnormal behaviors detection. Picviz implements
the use of parallel coordinates on acquired data, such as logs, to create a
parallel coordinates image.

Using this image, the analyst can use Picviz to improve the output image,
filter information and visually detect things.


* Download *

Everything, including download, installation instructions and
documentation, are available on the project webpage:
http://www.wallinfire.net/picviz

Tarball file size: 1754982
Tarball MD5: 5b22cf41993eca347f8014650fffc03d
Tarball SHA1: 5e9b129b2bcf712e081f6616e55bcbf5540fa5ca


* Learn how to use it *

    o The picviz manual page is kept up to date.
    o Slides of the Usenix Workshop on the Analysis of System Logs:
       http://www.wallinfire.net/files/picviz-usenix-wasl2008.pdf


* Miscellaneous *

Parallel coordinates are broader than security stuff. For example, Eric Leblond
generated the picture of the ulogd2 project, to see who started, was the
most active etc. This gives an interesting picture:
http://home.regit.org/~regit/data/ulogd2-full.png


* Changelog *

    o New variables types: enum, ln and port.
    o New properties: print and bgcolor.
    o Real-time mode enabled.
    o Improved 'color' property to let people write (r,g,b) format
    o Filters can be used in the GUI command line
    o Snort parser
    o GIT log stats parser
    o OSSEC template for real-time