Raffael Marty, profile picture
Uploaded byRaffael Marty
PDF, PPTX21,936 views

AfterGlow

The document describes the Afterglow tool for processing data and turning it into visual insights, detailing features such as node filtering, color coding, and graph visualizations. It includes configuration options for customizing how data is displayed and parsed, with examples of usage and command line options. Additionally, the document highlights future developments and resources related to Afterglow.

Embed presentation

Download as PDF, PPTX
turning data into actionable insights copyright (c) 2013pixlcloud | afterglow.sf.net
copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
copyright (c) 2013pixlcloud | turning data into actionable insights Features • Computes DOT files • Filtering Nodes - Based on name - Based on number of occurrences • Fan Out Filtering • Coloring - Edges - Nodes • Clustering Fan Out: 3 •Edge Thickness •Node Sizes - Auto adjustment •Variables - do anything you want ‣ lookup in files ‣ computations ‣ transformations
copyright (c) 2013pixlcloud | turning data into actionable insights Configuration l Coloring: color.[source|event|target|edge|sourcetarget]= <perl expression returning a color name> l Array @fields contains input-line, split into tokens: color.event=“red” if ($fields[1] =~ /^192..*/) l Filter nodes with “invisible” color: color.target=“invisible” if ($fields[0] eq “IIS Action”)
copyright (c) 2013pixlcloud | turning data into actionable insights a b c d e End-To-End Example Output: Input Data: a,b a,c d,e a b c d e Command: cat file | ./afterglow –c simple.properties –t | neato –Tgif –o test.gif simple.properties: color.source=“green” if ($fields[0] ne “d”) color.target=“blue” if ($fields[1] ne “e”) color.source=“red” color=“green”
copyright (c) 2013pixlcloud | turning data into actionable insights More Configuration l Clustering: cluster.[source|event|target]= <perl expression returning a cluster name> l Node Sizes: size.[source|event|target]= <perl expression returning a number> maxnodesize=<value> sum.[source|event|target]=[0|1]
copyright (c) 2013pixlcloud | turning data into actionable insights Variables / Code l Variables l Definition: l Use: l There are no limits on what to do with the “variables” keyword! You can put entire scripts in there! # Watch Lists variable=@privileged=( "aaerchak" ); color.target="gold" if (grep(/$fields[0]/,@privileged));
copyright (c) 2013pixlcloud | turning data into actionable insights Node Labels •xlabels=0 •xlabels=1 (default) •especially nice for longer node labels
copyright (c) 2013pixlcloud | turning data into actionable insights Command Line Options Usage: afterglow.pl [-adhkmnqrstvx] [-b lines] [-c conffile] [-e length] [-f threshold ] [-g threshold] [-l lines] [-o threshold] [-p mode] [-x color] [-m maxsize] -a : turn off labelelling of the output graph with the configuration used -b lines : number of lines to skip (e.g., 1 for header line) -c conffile : config file -d : print node count -e length : edge length -f threshold : source fan out threshold -g threshold : event fan out threshold (only in three node mode) -h : this (help) message -i file : read from input file, instead of from STDIN -k : output in GDF format instead of DOT -l lines : the maximum number of lines to read -m : the maximum size for a node -n : don't print node labels -o threshold : omit threshold (minimum count for nodes to be displayed) Non-connected nodes will be filtered too. -p mode : split mode for predicate nodes where mode is 0 = only one unique predicate node (default) 1 = one predicate node per unique subject node. 2 = one predicate node per unique target node. 3 = one predicate node per unique source/target node. -q : suppress all output. Attention! You should use -w to write output to a file! -r : print source node names -s : split subject and object nodes -t : two node mode (skip over objects) -v : verbose output -w file : write output to a file instead of STDOUT -x : text label color
copyright (c) 2013pixlcloud | turning data into actionable insights New Command Line Options ./afterglow.pl -i input_file ./afterglow.pl -w output_file -q ./afterglow.pl -k ... GDF output ./afterglow.pl -j ... GraphSON output
copyright (c) 2013pixlcloud | turning data into actionable insights Sample Configurations # Variable and Color variable=@violation=("Backdoor Access", "HackerTool Download”); color.target="orange" if (grep(/$fields[1]/,@violation)); color.target="palegreen" # Node Size and Threshold maxnodesize=1; size.source=$fields[2] size=0.5 sum.source=0; threshold.source=14; # Color and Cluster color.source="palegreen" if ($fields[0] =~ /^111/) color.source="red" color.target="palegreen" cluster.source=regex_replace("(d+).d+")."/8"
copyright (c) 2013pixlcloud | turning data into actionable insights Advanced Configuration • match() match("[0-9]") - matches the current field and returns 0 or 1 • field() "red" if (field() eq "foo"); • subnet() subnet($fields[0],0.0.0.0/7) - returns 0 or 1 depending on whether the value is in the given subnet • regex_replace() cluster.source=regex_replace("(d+.d+)")."/16" if (!match("^(212.254.110|195.141.69)")) - if one of the two ranges match(), then return the first two octets of the source IP and add the "/16" string. • get_severity() color.source=get_severity($fields[2], 10) - use a 10 step color range based on the third columns value
copyright (c) 2013pixlcloud | turning data into actionable insights GraphViz • dot - hierarchical layouts • neato - spring model • circo - circular layout • fdp - force directed spring model • twopi - radial layout • lneato - interactive
copyright (c) 2013pixlcloud | turning data into actionable insights AfterGlow Cloud - easy point and click configuration! http://afterglow.secviz.org
copyright (c) 2013pixlcloud | turning data into actionable insights Future •AfterGlow 1.6.4 -GraphSON output •AfterGlow Cloud 2.0 -New, interactive Web interface
copyright (c) 2013pixlcloud | turning data into actionable insights Resources AfterGlow 1.6.4 AfterGlow for Splunk SecViz Community
copyright (c) 2013pixlcloud | turning data into actionable insights pixlcloud Powered By: info@pixlcloud.com

More Related Content

PDF
Visualization Lifecycle
byRaffael Marty
 
PPT
The MATLAB Low-Level HDF5 Interface
byThe HDF-EOS Tools and Information Center
 
PDF
How to use Parquet as a basis for ETL and analytics
byJulien Le Dem
 
PDF
R statistics with mongo db
byMongoDB
 
PDF
Monitoring Your ISP Using InfluxDB Cloud and Raspberry Pi
byInfluxData
 
PDF
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
byJulien Le Dem
 
PPT
Mapreduce in Search
byAmund Tveit
 
PPTX
Apache Flink - Hadoop MapReduce Compatibility
byFabian Hueske
 
Visualization Lifecycle
byRaffael Marty
 
The MATLAB Low-Level HDF5 Interface
byThe HDF-EOS Tools and Information Center
 
How to use Parquet as a basis for ETL and analytics
byJulien Le Dem
 
R statistics with mongo db
byMongoDB
 
Monitoring Your ISP Using InfluxDB Cloud and Raspberry Pi
byInfluxData
 
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
byJulien Le Dem
 
Mapreduce in Search
byAmund Tveit
 
Apache Flink - Hadoop MapReduce Compatibility
byFabian Hueske
 

What's hot

PPTX
Hadoop - Stock Analysis
byVaibhav Jain
 
PDF
Efficient Data Storage for Analytics with Apache Parquet 2.0
byCloudera, Inc.
 
PDF
A Rusty introduction to Apache Arrow and how it applies to a time series dat...
byAndrew Lamb
 
PDF
Don’t optimize my queries, optimize my data!
byJulian Hyde
 
PDF
Time Series Meetup: Virtual Edition | July 2020
byInfluxData
 
PPTX
Spark meetup v2.0.5
byYan Zhou
 
PDF
Intro To Cascading
byNate Murray
 
PDF
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
byInfluxData
 
PDF
Datastax day 2016 : Cassandra data modeling basics
byDuyhai Doan
 
PPTX
How to understand and analyze Apache Hive query execution plan for performanc...
byDataWorks Summit/Hadoop Summit
 
PPTX
Powering a Virtual Power Station with Big Data
byDataWorks Summit/Hadoop Summit
 
PDF
Spark Dataframe - Mr. Jyotiska
bySigmoid
 
PDF
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
bySpark Summit
 
PPTX
Advanced goldengate training ⅰ
byoggers
 
PPTX
AWS Hadoop and PIG and overview
byDan Morrill
 
PDF
Hive Functions Cheat Sheet
byHortonworks
 
PDF
Data correlation using PySpark and HDFS
byJohn Conley
 
PDF
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
bySpark Summit
 
PDF
Scaling up data science applications
byKexin Xie
 
PPTX
Python and Data Analysis
byPraveen Nair
 
Hadoop - Stock Analysis
byVaibhav Jain
 
Efficient Data Storage for Analytics with Apache Parquet 2.0
byCloudera, Inc.
 
A Rusty introduction to Apache Arrow and how it applies to a time series dat...
byAndrew Lamb
 
Don’t optimize my queries, optimize my data!
byJulian Hyde
 
Time Series Meetup: Virtual Edition | July 2020
byInfluxData
 
Spark meetup v2.0.5
byYan Zhou
 
Intro To Cascading
byNate Murray
 
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
byInfluxData
 
Datastax day 2016 : Cassandra data modeling basics
byDuyhai Doan
 
How to understand and analyze Apache Hive query execution plan for performanc...
byDataWorks Summit/Hadoop Summit
 
Powering a Virtual Power Station with Big Data
byDataWorks Summit/Hadoop Summit
 
Spark Dataframe - Mr. Jyotiska
bySigmoid
 
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
bySpark Summit
 
Advanced goldengate training ⅰ
byoggers
 
AWS Hadoop and PIG and overview
byDan Morrill
 
Hive Functions Cheat Sheet
byHortonworks
 
Data correlation using PySpark and HDFS
byJohn Conley
 
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
bySpark Summit
 
Scaling up data science applications
byKexin Xie
 
Python and Data Analysis
byPraveen Nair
 

Viewers also liked

PDF
Cyber Security – How Visual Analytics Unlock Insight
byRaffael Marty
 
PDF
Workshop: Big Data Visualization for Security
byRaffael Marty
 
PPTX
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
byRaffael Marty
 
PPTX
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
byOpen Analytics
 
PPS
Carteles de paraguay
byxcris
 
PPTX
Disaster Information Management System (DIMS)
byBeGood Cafe -NGO-
 
PDF
What Happens Before the Kill Chain
byOpenDNS
 
PDF
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
byJason Trost
 
PDF
Final Project Report-SIEM
byRangan Yoga
 
PDF
Security Visualization - Let's Take A Step Back
byRaffael Marty
 
PDF
Blackhat USA 2015: BGP Stream Presentation
byOpenDNS
 
PDF
Applications of Mind Mapping automation in the analysis of information securi...
byJosé M. Guerrero
 
PPTX
Fools your enemy with MikroTik
byDidiet Kusumadihardja
 
PDF
Elasticsearch Query DSL - Not just for wizards...
byclintongormley
 
PDF
The top 10 windows logs event id's used v1.0
byMichael Gough
 
PPTX
Capturing Network Traffic into Database
byTigran Tsaturyan
 
PDF
FireEye Use Cases — FireEye Solution Deployment Experience
byValery Yelanin
 
PPTX
The Six Stages of Incident Response
byDarren Pauli
 
PPTX
SOC2016 - The Investigation Labyrinth
bychrissanders88
 
PPTX
Convert Wireshark PCAP Files to Sequence Diagrams
byEventHelix.com Inc.
 
Cyber Security – How Visual Analytics Unlock Insight
byRaffael Marty
 
Workshop: Big Data Visualization for Security
byRaffael Marty
 
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
byRaffael Marty
 
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
byOpen Analytics
 
Carteles de paraguay
byxcris
 
Disaster Information Management System (DIMS)
byBeGood Cafe -NGO-
 
What Happens Before the Kill Chain
byOpenDNS
 
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
byJason Trost
 
Final Project Report-SIEM
byRangan Yoga
 
Security Visualization - Let's Take A Step Back
byRaffael Marty
 
Blackhat USA 2015: BGP Stream Presentation
byOpenDNS
 
Applications of Mind Mapping automation in the analysis of information securi...
byJosé M. Guerrero
 
Fools your enemy with MikroTik
byDidiet Kusumadihardja
 
Elasticsearch Query DSL - Not just for wizards...
byclintongormley
 
The top 10 windows logs event id's used v1.0
byMichael Gough
 
Capturing Network Traffic into Database
byTigran Tsaturyan
 
FireEye Use Cases — FireEye Solution Deployment Experience
byValery Yelanin
 
The Six Stages of Incident Response
byDarren Pauli
 
SOC2016 - The Investigation Labyrinth
bychrissanders88
 
Convert Wireshark PCAP Files to Sequence Diagrams
byEventHelix.com Inc.
 

Similar to AfterGlow

PDF
Insider Threat Visualization - HITB 2007, Kuala Lumpur
byRaffael Marty
 
PDF
Insider Threat Visualization - HackInTheBox 2007
byRaffael Marty
 
PDF
Ln monitoring repositories
bysnyff
 
PDF
From Zero To Visibility
bybridgetkromhout
 
PPTX
An Introduction to Prometheus (GrafanaCon 2016)
byBrian Brazil
 
PDF
breed_python_tx_redacted
byRyan Breed
 
PDF
Data science for infrastructure dev week 2022
byZainAsgar1
 
PDF
SIGRed - Monitoring and Detecting with Splunk
byAnthony Reinke
 
PDF
OSMC 2023 | Replacing NSClient++ for Windows Monitoring by Sven Nielein
byNETWAYS
 
PDF
SNClient+ - General purpose monitoring agent
bySven Nierlein
 
PDF
Graphing Grifters: Identify & Display Patterns of Corruption With Oracle Graph
byJim Czuprynski
 
PPT
Applied Detection and Analysis with Flow Data - SO Con 2014
bychrissanders88
 
PDF
Bids talk 9.18
byTravis Oliphant
 
PDF
Graph chi
byJay Rathod
 
PPTX
100X Investigations - Graphistry / Microsoft BlueHat
bygraphistry
 
PDF
Analyzing Log Data With Apache Spark
bySpark Summit
 
PPT
Integris Security - Hacking With Glue ℠
byIntegris Security LLC
 
PPTX
Prometheus - Open Source Forum Japan
byBrian Brazil
 
PPTX
Scaling graph investigations with Math, GPUs, & Experts
bygraphistry
 
PDF
ASGARD Splunk Conf 2016
byKeith Kraus
 
Insider Threat Visualization - HITB 2007, Kuala Lumpur
byRaffael Marty
 
Insider Threat Visualization - HackInTheBox 2007
byRaffael Marty
 
Ln monitoring repositories
bysnyff
 
From Zero To Visibility
bybridgetkromhout
 
An Introduction to Prometheus (GrafanaCon 2016)
byBrian Brazil
 
breed_python_tx_redacted
byRyan Breed
 
Data science for infrastructure dev week 2022
byZainAsgar1
 
SIGRed - Monitoring and Detecting with Splunk
byAnthony Reinke
 
OSMC 2023 | Replacing NSClient++ for Windows Monitoring by Sven Nielein
byNETWAYS
 
SNClient+ - General purpose monitoring agent
bySven Nierlein
 
Graphing Grifters: Identify & Display Patterns of Corruption With Oracle Graph
byJim Czuprynski
 
Applied Detection and Analysis with Flow Data - SO Con 2014
bychrissanders88
 
Bids talk 9.18
byTravis Oliphant
 
Graph chi
byJay Rathod
 
100X Investigations - Graphistry / Microsoft BlueHat
bygraphistry
 
Analyzing Log Data With Apache Spark
bySpark Summit
 
Integris Security - Hacking With Glue ℠
byIntegris Security LLC
 
Prometheus - Open Source Forum Japan
byBrian Brazil
 
Scaling graph investigations with Math, GPUs, & Experts
bygraphistry
 
ASGARD Splunk Conf 2016
byKeith Kraus
 

More from Raffael Marty

PDF
Exploring the Defender's Advantage
byRaffael Marty
 
PDF
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 
PPTX
How To Drive Value with Security Data
byRaffael Marty
 
PDF
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
byRaffael Marty
 
PDF
Artificial Intelligence – Time Bomb or The Promised Land?
byRaffael Marty
 
PDF
Understanding the "Intelligence" in AI
byRaffael Marty
 
PDF
Security Chat 5.0
byRaffael Marty
 
PDF
AI & ML in Cyber Security - Why Algorithms are Dangerous
byRaffael Marty
 
PDF
AI & ML in Cyber Security - Why Algorithms Are Dangerous
byRaffael Marty
 
PPTX
Delivering Security Insights with Data Analytics and Visualization
byRaffael Marty
 
PDF
Security Insights at Scale
byRaffael Marty
 
PDF
Creating Your Own Threat Intel Through Hunting & Visualization
byRaffael Marty
 
PDF
Creating Your Own Threat Intel Through Hunting & Visualization
byRaffael Marty
 
PDF
Visualization in the Age of Big Data
byRaffael Marty
 
PDF
Big Data Visualization
byRaffael Marty
 
PDF
The Heatmap
 - Why is Security Visualization so Hard?
byRaffael Marty
 
PDF
Visualization for Security
byRaffael Marty
 
PDF
The Heatmap
 - Why is Security Visualization so Hard?
byRaffael Marty
 
PDF
DAVIX - Data Analysis and Visualization Linux
byRaffael Marty
 
PDF
Cloud - Security - Big Data
byRaffael Marty
 
Exploring the Defender's Advantage
byRaffael Marty
 
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
byRaffael Marty
 
How To Drive Value with Security Data
byRaffael Marty
 
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
byRaffael Marty
 
Artificial Intelligence – Time Bomb or The Promised Land?
byRaffael Marty
 
Understanding the "Intelligence" in AI
byRaffael Marty
 
Security Chat 5.0
byRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
byRaffael Marty
 
AI & ML in Cyber Security - Why Algorithms Are Dangerous
byRaffael Marty
 
Delivering Security Insights with Data Analytics and Visualization
byRaffael Marty
 
Security Insights at Scale
byRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
byRaffael Marty
 
Creating Your Own Threat Intel Through Hunting & Visualization
byRaffael Marty
 
Visualization in the Age of Big Data
byRaffael Marty
 
Big Data Visualization
byRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
byRaffael Marty
 
Visualization for Security
byRaffael Marty
 
The Heatmap
 - Why is Security Visualization so Hard?
byRaffael Marty
 
DAVIX - Data Analysis and Visualization Linux
byRaffael Marty
 
Cloud - Security - Big Data
byRaffael Marty
 

Recently uploaded

PPTX
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PDF
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PDF
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
PPTX
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
PPTX
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 
Conversational Agents – Building Intelligent Assistants [Virtual Hands-on Wor...
byUiPathCommunity
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
Security Forum Sessions from Houston 2025 Event
byMark Simos
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
The year in review - MarvelClient in 2025
bypanagenda
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Our Digital Tribe_ Cultivating Connection and Growth in Our Slack Community 🌿...
bysanjeetmishra30
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
Cybersecurity: Safeguarding Digital Assets
byYasir Naveed Riaz
 
Cybercrime in the Digital Age: Risks, Impact & Protection
byYasir Naveed Riaz
 
Chapter 3 Introduction to number system.pptx
byGetachewAbera9
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
DevFest El Jadida 2025 - Product Thinking
byElmehdi AMLOU
 

AfterGlow

  • 1.
    turning data intoactionable insights copyright (c) 2013pixlcloud | afterglow.sf.net
  • 2.
    copyright (c) 2013pixlcloud| turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
  • 3.
    copyright (c) 2013pixlcloud| turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
  • 4.
    copyright (c) 2013pixlcloud| turning data into actionable insights Features • Computes DOT files • Filtering Nodes - Based on name - Based on number of occurrences • Fan Out Filtering • Coloring - Edges - Nodes • Clustering Fan Out: 3 •Edge Thickness •Node Sizes - Auto adjustment •Variables - do anything you want ‣ lookup in files ‣ computations ‣ transformations
  • 5.
    copyright (c) 2013pixlcloud| turning data into actionable insights Configuration l Coloring: color.[source|event|target|edge|sourcetarget]= <perl expression returning a color name> l Array @fields contains input-line, split into tokens: color.event=“red” if ($fields[1] =~ /^192..*/) l Filter nodes with “invisible” color: color.target=“invisible” if ($fields[0] eq “IIS Action”)
  • 6.
    copyright (c) 2013pixlcloud| turning data into actionable insights a b c d e End-To-End Example Output: Input Data: a,b a,c d,e a b c d e Command: cat file | ./afterglow –c simple.properties –t | neato –Tgif –o test.gif simple.properties: color.source=“green” if ($fields[0] ne “d”) color.target=“blue” if ($fields[1] ne “e”) color.source=“red” color=“green”
  • 7.
    copyright (c) 2013pixlcloud| turning data into actionable insights More Configuration l Clustering: cluster.[source|event|target]= <perl expression returning a cluster name> l Node Sizes: size.[source|event|target]= <perl expression returning a number> maxnodesize=<value> sum.[source|event|target]=[0|1]
  • 8.
    copyright (c) 2013pixlcloud| turning data into actionable insights Variables / Code l Variables l Definition: l Use: l There are no limits on what to do with the “variables” keyword! You can put entire scripts in there! # Watch Lists variable=@privileged=( "aaerchak" ); color.target="gold" if (grep(/$fields[0]/,@privileged));
  • 9.
    copyright (c) 2013pixlcloud| turning data into actionable insights Node Labels •xlabels=0 •xlabels=1 (default) •especially nice for longer node labels
  • 10.
    copyright (c) 2013pixlcloud| turning data into actionable insights Command Line Options Usage: afterglow.pl [-adhkmnqrstvx] [-b lines] [-c conffile] [-e length] [-f threshold ] [-g threshold] [-l lines] [-o threshold] [-p mode] [-x color] [-m maxsize] -a : turn off labelelling of the output graph with the configuration used -b lines : number of lines to skip (e.g., 1 for header line) -c conffile : config file -d : print node count -e length : edge length -f threshold : source fan out threshold -g threshold : event fan out threshold (only in three node mode) -h : this (help) message -i file : read from input file, instead of from STDIN -k : output in GDF format instead of DOT -l lines : the maximum number of lines to read -m : the maximum size for a node -n : don't print node labels -o threshold : omit threshold (minimum count for nodes to be displayed) Non-connected nodes will be filtered too. -p mode : split mode for predicate nodes where mode is 0 = only one unique predicate node (default) 1 = one predicate node per unique subject node. 2 = one predicate node per unique target node. 3 = one predicate node per unique source/target node. -q : suppress all output. Attention! You should use -w to write output to a file! -r : print source node names -s : split subject and object nodes -t : two node mode (skip over objects) -v : verbose output -w file : write output to a file instead of STDOUT -x : text label color
  • 11.
    copyright (c) 2013pixlcloud| turning data into actionable insights New Command Line Options ./afterglow.pl -i input_file ./afterglow.pl -w output_file -q ./afterglow.pl -k ... GDF output ./afterglow.pl -j ... GraphSON output
  • 12.
    copyright (c) 2013pixlcloud| turning data into actionable insights Sample Configurations # Variable and Color variable=@violation=("Backdoor Access", "HackerTool Download”); color.target="orange" if (grep(/$fields[1]/,@violation)); color.target="palegreen" # Node Size and Threshold maxnodesize=1; size.source=$fields[2] size=0.5 sum.source=0; threshold.source=14; # Color and Cluster color.source="palegreen" if ($fields[0] =~ /^111/) color.source="red" color.target="palegreen" cluster.source=regex_replace("(d+).d+")."/8"
  • 13.
    copyright (c) 2013pixlcloud| turning data into actionable insights Advanced Configuration • match() match("[0-9]") - matches the current field and returns 0 or 1 • field() "red" if (field() eq "foo"); • subnet() subnet($fields[0],0.0.0.0/7) - returns 0 or 1 depending on whether the value is in the given subnet • regex_replace() cluster.source=regex_replace("(d+.d+)")."/16" if (!match("^(212.254.110|195.141.69)")) - if one of the two ranges match(), then return the first two octets of the source IP and add the "/16" string. • get_severity() color.source=get_severity($fields[2], 10) - use a 10 step color range based on the third columns value
  • 14.
    copyright (c) 2013pixlcloud| turning data into actionable insights GraphViz • dot - hierarchical layouts • neato - spring model • circo - circular layout • fdp - force directed spring model • twopi - radial layout • lneato - interactive
  • 15.
    copyright (c) 2013pixlcloud| turning data into actionable insights AfterGlow Cloud - easy point and click configuration! http://afterglow.secviz.org
  • 16.
    copyright (c) 2013pixlcloud| turning data into actionable insights Future •AfterGlow 1.6.4 -GraphSON output •AfterGlow Cloud 2.0 -New, interactive Web interface
  • 17.
    copyright (c) 2013pixlcloud| turning data into actionable insights Resources AfterGlow 1.6.4 AfterGlow for Splunk SecViz Community
  • 18.
    copyright (c) 2013pixlcloud| turning data into actionable insights pixlcloud Powered By: info@pixlcloud.com