Honeypots
Picviz 0.4 released Oct 27 2008 11:10PM
Sebastien Tricaud (stricaud inl fr) (1 replies)
Picviz 'Needle 24/7' 0.4 is *out*.

NEWS
====

I will give a lecture on Picviz for the upcoming Usenix
Workshop on the Analysis of System Logs (WASL 08) in San Diego.

This is a good opportunity to meet and learn what you can do
with Picviz. More information available on the conference website:
http://www.usenix.org/event/wasl08/tech/

What is Picviz ?
================

Picviz is a parallel coordinates plotter, written to help people
finding a needle in a haystack when dealing with numerous events
on their system and struggling to maintain an acceptable level of
security.

It is a computer security visualization program, written in C with
high performances in mind. Python bindings are available, and are
used by the Picviz Frontend that you can use to dig into your graph.

Parallel coordinates, the core visualization technique used by Picviz
allows to represent graphs in N dimensions to see correlations among
variables, making it a useful data mining software.

Download!
=========

Everything, including download, installation instructions and
documentation, are available on the project webpage:
http://www.wallinfire.net/picviz

It is now highly recommended to compile Picviz with the cairo
output plugin, since it is now the officially recommended output.

Tarball file size: 1587160
Tarball MD5: 92aecf1465a278095611d01fb4e86d28
Tarball SHA1: 1a5fb65e4b64b47d357baad8623d9a415ad9a9a2

Changelog
=========

* CSV to Picviz script

* Heatlines: in order to do line frequency analysis. The more the line
comes is drawn, the more red it becomes. This is a gradient from green
to red via yellow. Two modes are supported:
- Axis pair: look for the highest frequency between two axes
- Virus: look for the highest pair of axes frequency and every line touching
it is drawn in the highest frequency color
This greatly help the log analysis, to sort things that are normal (usually
red) from things that occur just a few times.
Usage: pcv -Tpngcairo -Rheatline file.pcv > file.png

* Relative as axis property: instead of having it global with the engine
section.

* Learning mode: To decide automatically what is the most appropriate string
placing algorithm.

* Cairo plugin: Replaces the old plplot plugin (making it deprecated). This is
now the default and recommended plugin.

* Resolution can be changed on the fly: pcv -r..(rr) that more you add 'r', the
bigger the image will be.

* Height as image property

* Multiple conditions for filtering: breaking the old way of doing it. To see
only lines above 50% of the first axis AND 20% under the fifth you can type:
pcv -Tpngcairo file.pcv 'show plot > 50% on axis 1 and plot < 20% on axis 5'
-- Contributed by Yoann Vandoorselaere <yoann at prelude dash ids dot org>

* Parser scripts rewritten

* DansGuardian log 2 Picviz -- Contributed by Julien Miotte

* SquidGuard log 2 Picviz -- Contributed by Olivier Delhomme

[ reply ]
regarding malicious domains becoming inactive Nov 04 2008 06:35AM
Bhatnagar, Mayank (mbhatnagar ipolicynetworks com) (2 replies)
Re: regarding malicious domains becoming inactive Nov 04 2008 04:28PM
Sushant Sinha (sushant umich edu) (1 replies)
Re: regarding malicious domains becoming inactive Nov 05 2008 06:16AM
yelukati mahendra (mahendra_yn yahoo com)
Re: regarding malicious domains becoming inactive Nov 04 2008 04:22PM
Andre D. Correa (andre correa pobox com)


 

Privacy Statement
Copyright 2010, SecurityFocus