AfterGlow

Raffael Marty
Raffael MartyGeneralManager Cybersecurity at ConnectWise
turning data into actionable insights copyright (c) 2013pixlcloud | afterglow.sf.net
copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
copyright (c) 2013pixlcloud | turning data into actionable insights Features • Computes DOT files • Filtering Nodes - Based on name - Based on number of occurrences • Fan Out Filtering • Coloring - Edges - Nodes • Clustering Fan Out: 3 •Edge Thickness •Node Sizes - Auto adjustment •Variables - do anything you want ‣ lookup in files ‣ computations ‣ transformations
copyright (c) 2013pixlcloud | turning data into actionable insights Configuration l Coloring: color.[source|event|target|edge|sourcetarget]= <perl expression returning a color name> l Array @fields contains input-line, split into tokens: color.event=“red” if ($fields[1] =~ /^192..*/) l Filter nodes with “invisible” color: color.target=“invisible” if ($fields[0] eq “IIS Action”)
copyright (c) 2013pixlcloud | turning data into actionable insights a b c d e End-To-End Example Output: Input Data: a,b a,c d,e a b c d e Command: cat file | ./afterglow –c simple.properties –t | neato –Tgif –o test.gif simple.properties: color.source=“green” if ($fields[0] ne “d”) color.target=“blue” if ($fields[1] ne “e”) color.source=“red” color=“green”
copyright (c) 2013pixlcloud | turning data into actionable insights More Configuration l Clustering: cluster.[source|event|target]= <perl expression returning a cluster name> l Node Sizes: size.[source|event|target]= <perl expression returning a number> maxnodesize=<value> sum.[source|event|target]=[0|1]
copyright (c) 2013pixlcloud | turning data into actionable insights Variables / Code l Variables l Definition: l Use: l There are no limits on what to do with the “variables” keyword! You can put entire scripts in there! # Watch Lists variable=@privileged=( "aaerchak" ); color.target="gold" if (grep(/$fields[0]/,@privileged));
copyright (c) 2013pixlcloud | turning data into actionable insights Node Labels •xlabels=0 •xlabels=1 (default) •especially nice for longer node labels
copyright (c) 2013pixlcloud | turning data into actionable insights Command Line Options Usage: afterglow.pl [-adhkmnqrstvx] [-b lines] [-c conffile] [-e length] [-f threshold ] [-g threshold] [-l lines] [-o threshold] [-p mode] [-x color] [-m maxsize] -a : turn off labelelling of the output graph with the configuration used -b lines : number of lines to skip (e.g., 1 for header line) -c conffile : config file -d : print node count -e length : edge length -f threshold : source fan out threshold -g threshold : event fan out threshold (only in three node mode) -h : this (help) message -i file : read from input file, instead of from STDIN -k : output in GDF format instead of DOT -l lines : the maximum number of lines to read -m : the maximum size for a node -n : don't print node labels -o threshold : omit threshold (minimum count for nodes to be displayed) Non-connected nodes will be filtered too. -p mode : split mode for predicate nodes where mode is 0 = only one unique predicate node (default) 1 = one predicate node per unique subject node. 2 = one predicate node per unique target node. 3 = one predicate node per unique source/target node. -q : suppress all output. Attention! You should use -w to write output to a file! -r : print source node names -s : split subject and object nodes -t : two node mode (skip over objects) -v : verbose output -w file : write output to a file instead of STDOUT -x : text label color
copyright (c) 2013pixlcloud | turning data into actionable insights New Command Line Options ./afterglow.pl -i input_file ./afterglow.pl -w output_file -q ./afterglow.pl -k ... GDF output ./afterglow.pl -j ... GraphSON output
copyright (c) 2013pixlcloud | turning data into actionable insights Sample Configurations # Variable and Color variable=@violation=("Backdoor Access", "HackerTool Download”); color.target="orange" if (grep(/$fields[1]/,@violation)); color.target="palegreen" # Node Size and Threshold maxnodesize=1; size.source=$fields[2] size=0.5 sum.source=0; threshold.source=14; # Color and Cluster color.source="palegreen" if ($fields[0] =~ /^111/) color.source="red" color.target="palegreen" cluster.source=regex_replace("(d+).d+")."/8"
copyright (c) 2013pixlcloud | turning data into actionable insights Advanced Configuration • match() match("[0-9]") - matches the current field and returns 0 or 1 • field() "red" if (field() eq "foo"); • subnet() subnet($fields[0],0.0.0.0/7) - returns 0 or 1 depending on whether the value is in the given subnet • regex_replace() cluster.source=regex_replace("(d+.d+)")."/16" if (!match("^(212.254.110|195.141.69)")) - if one of the two ranges match(), then return the first two octets of the source IP and add the "/16" string. • get_severity() color.source=get_severity($fields[2], 10) - use a 10 step color range based on the third columns value
copyright (c) 2013pixlcloud | turning data into actionable insights GraphViz • dot - hierarchical layouts • neato - spring model • circo - circular layout • fdp - force directed spring model • twopi - radial layout • lneato - interactive
copyright (c) 2013pixlcloud | turning data into actionable insights AfterGlow Cloud - easy point and click configuration! http://afterglow.secviz.org
copyright (c) 2013pixlcloud | turning data into actionable insights Future •AfterGlow 1.6.4 -GraphSON output •AfterGlow Cloud 2.0 -New, interactive Web interface
copyright (c) 2013pixlcloud | turning data into actionable insights Resources AfterGlow 1.6.4 AfterGlow for Splunk SecViz Community
copyright (c) 2013pixlcloud | turning data into actionable insights pixlcloud Powered By: info@pixlcloud.com
1 of 18

AfterGlow

Download to read offline
Technology

AfterGlow is a script that assists with the visualization of log data. It reads CSV files and converts them into a Graph description. Check out http://afterglow.sf.net for more information also. This short presentation gives an overview of AfterGlow and outlines the features and capabilities of the tool. It discusses some of the harder to understand features by showing some configuration examples that can be used as a starting point for some more sophisticated setups. AftterGlow is one the most downloaded security visualization tools with over 17,000 downloads.

Raffael Marty
Raffael MartyGeneralManager Cybersecurity at ConnectWise

Recommended

Visualization Lifecycle by
Visualization LifecycleVisualization Lifecycle
Visualization LifecycleRaffael Marty
2.8K views32 slides
The MATLAB Low-Level HDF5 Interface by
The MATLAB Low-Level HDF5 InterfaceThe MATLAB Low-Level HDF5 Interface
The MATLAB Low-Level HDF5 InterfaceThe HDF-EOS Tools and Information Center
1.4K views17 slides
How to use Parquet as a basis for ETL and analytics by
How to use Parquet as a basis for ETL and analyticsHow to use Parquet as a basis for ETL and analytics
How to use Parquet as a basis for ETL and analyticsJulien Le Dem
11.9K views46 slides
R statistics with mongo db by
R statistics with mongo dbR statistics with mongo db
R statistics with mongo dbMongoDB
15.1K views36 slides
Monitoring Your ISP Using InfluxDB Cloud and Raspberry Pi by
Monitoring Your ISP Using InfluxDB Cloud and Raspberry PiMonitoring Your ISP Using InfluxDB Cloud and Raspberry Pi
Monitoring Your ISP Using InfluxDB Cloud and Raspberry PiInfluxData
228 views47 slides
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014 by
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014
Efficient Data Storage for Analytics with Parquet 2.0 - Hadoop Summit 2014Julien Le Dem
16.6K views40 slides

More Related Content

What's hot

Hadoop - Stock Analysis by
Hadoop - Stock AnalysisHadoop - Stock Analysis
Hadoop - Stock AnalysisVaibhav Jain
3.4K views11 slides
Efficient Data Storage for Analytics with Apache Parquet 2.0 by
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0Cloudera, Inc.
158.6K views40 slides
A Rusty introduction to Apache Arrow and how it applies to a time series dat... by
A Rusty introduction to Apache Arrow and how it applies to a time series dat...A Rusty introduction to Apache Arrow and how it applies to a time series dat...
A Rusty introduction to Apache Arrow and how it applies to a time series dat...Andrew Lamb
345 views25 slides
Don’t optimize my queries, optimize my data! by
Don’t optimize my queries, optimize my data!Don’t optimize my queries, optimize my data!
Don’t optimize my queries, optimize my data!Julian Hyde
4.4K views49 slides
Time Series Meetup: Virtual Edition | July 2020 by
Time Series Meetup: Virtual Edition | July 2020Time Series Meetup: Virtual Edition | July 2020
Time Series Meetup: Virtual Edition | July 2020InfluxData
190 views29 slides
Spark meetup v2.0.5 by
Spark meetup v2.0.5Spark meetup v2.0.5
Spark meetup v2.0.5Yan Zhou
4.2K views26 slides

What's hot(20)

Hadoop - Stock Analysis by Vaibhav Jain
Hadoop - Stock AnalysisHadoop - Stock Analysis
Hadoop - Stock Analysis
Vaibhav Jain3.4K views
Efficient Data Storage for Analytics with Apache Parquet 2.0 by Cloudera, Inc.
Efficient Data Storage for Analytics with Apache Parquet 2.0Efficient Data Storage for Analytics with Apache Parquet 2.0
Efficient Data Storage for Analytics with Apache Parquet 2.0
Cloudera, Inc.158.6K views
A Rusty introduction to Apache Arrow and how it applies to a time series dat... by Andrew Lamb
A Rusty introduction to Apache Arrow and how it applies to a time series dat...A Rusty introduction to Apache Arrow and how it applies to a time series dat...
A Rusty introduction to Apache Arrow and how it applies to a time series dat...
Andrew Lamb345 views
Don’t optimize my queries, optimize my data! by Julian Hyde
Don’t optimize my queries, optimize my data!Don’t optimize my queries, optimize my data!
Don’t optimize my queries, optimize my data!
Julian Hyde4.4K views
Time Series Meetup: Virtual Edition | July 2020 by InfluxData
Time Series Meetup: Virtual Edition | July 2020Time Series Meetup: Virtual Edition | July 2020
Time Series Meetup: Virtual Edition | July 2020
InfluxData190 views
Spark meetup v2.0.5 by Yan Zhou
Spark meetup v2.0.5Spark meetup v2.0.5
Spark meetup v2.0.5
Yan Zhou4.2K views
Intro To Cascading by Nate Murray
Intro To CascadingIntro To Cascading
Intro To Cascading
Nate Murray12.6K views
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira... by InfluxData
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
Meet the Experts: Visualize Your Time-Stamped Data Using the React-Based Gira...
InfluxData329 views
Datastax day 2016 : Cassandra data modeling basics by Duyhai Doan
Datastax day 2016 : Cassandra data modeling basicsDatastax day 2016 : Cassandra data modeling basics
Datastax day 2016 : Cassandra data modeling basics
Duyhai Doan1K views
How to understand and analyze Apache Hive query execution plan for performanc... by DataWorks Summit/Hadoop Summit
How to understand and analyze Apache Hive query execution plan for performanc...How to understand and analyze Apache Hive query execution plan for performanc...
How to understand and analyze Apache Hive query execution plan for performanc...
DataWorks Summit/Hadoop Summit28.1K views
Powering a Virtual Power Station with Big Data by DataWorks Summit/Hadoop Summit
Powering a Virtual Power Station with Big DataPowering a Virtual Power Station with Big Data
Powering a Virtual Power Station with Big Data
DataWorks Summit/Hadoop Summit770 views
Spark Dataframe - Mr. Jyotiska by Sigmoid
Spark Dataframe - Mr. JyotiskaSpark Dataframe - Mr. Jyotiska
Spark Dataframe - Mr. Jyotiska
Sigmoid2K views
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by... by Spark Summit
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
Engineering Fast Indexes for Big-Data Applications: Spark Summit East talk by...
Spark Summit1.3K views
Advanced goldengate training ⅰ by oggers
Advanced goldengate training ⅰAdvanced goldengate training ⅰ
Advanced goldengate training ⅰ
oggers4.7K views
AWS Hadoop and PIG and overview by Dan Morrill
AWS Hadoop and PIG and overviewAWS Hadoop and PIG and overview
AWS Hadoop and PIG and overview
Dan Morrill4.3K views
Hive Functions Cheat Sheet by Hortonworks
Hive Functions Cheat SheetHive Functions Cheat Sheet
Hive Functions Cheat Sheet
Hortonworks9.3K views
Data correlation using PySpark and HDFS by John Conley
Data correlation using PySpark and HDFSData correlation using PySpark and HDFS
Data correlation using PySpark and HDFS
John Conley913 views
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H... by Spark Summit
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
Spark Summit2.6K views
Scaling up data science applications by Kexin Xie
Scaling up data science applicationsScaling up data science applications
Scaling up data science applications
Kexin Xie123 views
Python and Data Analysis by Praveen Nair
Python and Data AnalysisPython and Data Analysis
Python and Data Analysis
Praveen Nair945 views

Viewers also liked

Cyber Security – How Visual Analytics Unlock Insight by
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock InsightRaffael Marty
33K views44 slides
Workshop: Big Data Visualization for Security by
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for SecurityRaffael Marty
22.1K views59 slides
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed by
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedRaffael Marty
4.5K views29 slides
MOLOCH: Search for Full Packet Capture (OA Cyber Summit) by
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)Open Analytics
7.5K views26 slides
Carteles de paraguay by
Carteles de paraguayCarteles de paraguay
Carteles de paraguayxcris
1.4K views31 slides
Disaster Information Management System (DIMS) by
Disaster Information Management System (DIMS)Disaster Information Management System (DIMS)
Disaster Information Management System (DIMS)BeGood Cafe -NGO-
1.4K views9 slides

Viewers also liked(20)

Cyber Security – How Visual Analytics Unlock Insight by Raffael Marty
Cyber Security – How Visual Analytics Unlock InsightCyber Security – How Visual Analytics Unlock Insight
Cyber Security – How Visual Analytics Unlock Insight
Raffael Marty33K views
Workshop: Big Data Visualization for Security by Raffael Marty
Workshop: Big Data Visualization for SecurityWorkshop: Big Data Visualization for Security
Workshop: Big Data Visualization for Security
Raffael Marty22.1K views
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed by Raffael Marty
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't ChangedAI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
AI & ML in Cyber Security - Welcome Back to 1999 - Security Hasn't Changed
Raffael Marty4.5K views
MOLOCH: Search for Full Packet Capture (OA Cyber Summit) by Open Analytics
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
MOLOCH: Search for Full Packet Capture (OA Cyber Summit)
Open Analytics7.5K views
Carteles de paraguay by xcris
Carteles de paraguayCarteles de paraguay
Carteles de paraguay
xcris1.4K views
Disaster Information Management System (DIMS) by BeGood Cafe -NGO-
Disaster Information Management System (DIMS)Disaster Information Management System (DIMS)
Disaster Information Management System (DIMS)
BeGood Cafe -NGO-1.4K views
What Happens Before the Kill Chain by OpenDNS
What Happens Before the Kill Chain What Happens Before the Kill Chain
What Happens Before the Kill Chain
OpenDNS4.7K views
Clairvoyant Squirrel: Large Scale Malicious Domain Classification by Jason Trost
Clairvoyant Squirrel: Large Scale Malicious Domain ClassificationClairvoyant Squirrel: Large Scale Malicious Domain Classification
Clairvoyant Squirrel: Large Scale Malicious Domain Classification
Jason Trost5.7K views
Final Project Report-SIEM by Rangan Yoga
Final Project Report-SIEMFinal Project Report-SIEM
Final Project Report-SIEM
Rangan Yoga2.9K views
Security Visualization - Let's Take A Step Back by Raffael Marty
Security Visualization - Let's Take A Step BackSecurity Visualization - Let's Take A Step Back
Security Visualization - Let's Take A Step Back
Raffael Marty3K views
Blackhat USA 2015: BGP Stream Presentation by OpenDNS
Blackhat USA 2015: BGP Stream PresentationBlackhat USA 2015: BGP Stream Presentation
Blackhat USA 2015: BGP Stream Presentation
OpenDNS6.4K views
Applications of Mind Mapping automation in the analysis of information securi... by José M. Guerrero
Applications of Mind Mapping automation in the analysis of information securi...Applications of Mind Mapping automation in the analysis of information securi...
Applications of Mind Mapping automation in the analysis of information securi...
José M. Guerrero3K views
Fools your enemy with MikroTik by Didiet Kusumadihardja
Fools your enemy with MikroTikFools your enemy with MikroTik
Fools your enemy with MikroTik
Didiet Kusumadihardja1.6K views
Elasticsearch Query DSL - Not just for wizards... by clintongormley
Elasticsearch Query DSL - Not just for wizards...Elasticsearch Query DSL - Not just for wizards...
Elasticsearch Query DSL - Not just for wizards...
clintongormley10.9K views
The top 10 windows logs event id's used v1.0 by Michael Gough
The top 10 windows logs event id's used v1.0The top 10 windows logs event id's used v1.0
The top 10 windows logs event id's used v1.0
Michael Gough22K views
Capturing Network Traffic into Database by Tigran Tsaturyan
Capturing Network Traffic into Database Capturing Network Traffic into Database
Capturing Network Traffic into Database
Tigran Tsaturyan15.3K views
FireEye Use Cases — FireEye Solution Deployment Experience by Valery Yelanin
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
Valery Yelanin3.5K views
The Six Stages of Incident Response by Darren Pauli
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
Darren Pauli13.6K views
SOC2016 - The Investigation Labyrinth by chrissanders88
SOC2016 - The Investigation LabyrinthSOC2016 - The Investigation Labyrinth
SOC2016 - The Investigation Labyrinth
chrissanders882.2K views
Convert Wireshark PCAP Files to Sequence Diagrams by EventHelix.com Inc.
Convert Wireshark PCAP Files to Sequence DiagramsConvert Wireshark PCAP Files to Sequence Diagrams
Convert Wireshark PCAP Files to Sequence Diagrams
EventHelix.com Inc.4.3K views

Similar to AfterGlow

Visual Exploration of Large Data sets with D3, crossfilter and dc.js by
Visual Exploration of Large Data sets with D3, crossfilter and dc.jsVisual Exploration of Large Data sets with D3, crossfilter and dc.js
Visual Exploration of Large Data sets with D3, crossfilter and dc.jsFlorian Georg
7.4K views44 slides
Anthony Starks - deck by
Anthony Starks - deckAnthony Starks - deck
Anthony Starks - deckArtem Kovardin
2.1K views68 slides
ELK Stack - Turn boring logfiles into sexy dashboard by
ELK Stack - Turn boring logfiles into sexy dashboardELK Stack - Turn boring logfiles into sexy dashboard
ELK Stack - Turn boring logfiles into sexy dashboardGeorg Sorst
5.4K views12 slides
5 R Tutorial Data Visualization by
5 R Tutorial Data Visualization5 R Tutorial Data Visualization
5 R Tutorial Data VisualizationSakthi Dasans
1.5K views33 slides
Reproducible Computational Research in R by
Reproducible Computational Research in RReproducible Computational Research in R
Reproducible Computational Research in RSamuel Bosch
333 views25 slides
Dynamic Data Visualization With Chartkick by
Dynamic Data Visualization With ChartkickDynamic Data Visualization With Chartkick
Dynamic Data Visualization With ChartkickDax Murray
5.8K views21 slides

Similar to AfterGlow(20)

Visual Exploration of Large Data sets with D3, crossfilter and dc.js by Florian Georg
Visual Exploration of Large Data sets with D3, crossfilter and dc.jsVisual Exploration of Large Data sets with D3, crossfilter and dc.js
Visual Exploration of Large Data sets with D3, crossfilter and dc.js
Florian Georg7.4K views
Anthony Starks - deck by Artem Kovardin
Anthony Starks - deckAnthony Starks - deck
Anthony Starks - deck
Artem Kovardin2.1K views
ELK Stack - Turn boring logfiles into sexy dashboard by Georg Sorst
ELK Stack - Turn boring logfiles into sexy dashboardELK Stack - Turn boring logfiles into sexy dashboard
ELK Stack - Turn boring logfiles into sexy dashboard
Georg Sorst5.4K views
5 R Tutorial Data Visualization by Sakthi Dasans
5 R Tutorial Data Visualization5 R Tutorial Data Visualization
5 R Tutorial Data Visualization
Sakthi Dasans1.5K views
Reproducible Computational Research in R by Samuel Bosch
Reproducible Computational Research in RReproducible Computational Research in R
Reproducible Computational Research in R
Samuel Bosch333 views
Dynamic Data Visualization With Chartkick by Dax Murray
Dynamic Data Visualization With ChartkickDynamic Data Visualization With Chartkick
Dynamic Data Visualization With Chartkick
Dax Murray5.8K views
Big Data Day LA 2015 - Compiling DSLs for Diverse Execution Environments by Z... by Data Con LA
Big Data Day LA 2015 - Compiling DSLs for Diverse Execution Environments by Z...Big Data Day LA 2015 - Compiling DSLs for Diverse Execution Environments by Z...
Big Data Day LA 2015 - Compiling DSLs for Diverse Execution Environments by Z...
Data Con LA553 views
Graph computation by Sigmoid
Graph computationGraph computation
Graph computation
Sigmoid427 views
State of the Art Web Mapping with Open Source by OSCON Byrum
State of the Art Web Mapping with Open SourceState of the Art Web Mapping with Open Source
State of the Art Web Mapping with Open Source
OSCON Byrum6K views
Deck: A Go Package for Presentations by Anthony Starks
Deck: A Go Package for PresentationsDeck: A Go Package for Presentations
Deck: A Go Package for Presentations
Anthony Starks870 views
Data Analysis in Python by Richard Herrell
Data Analysis in PythonData Analysis in Python
Data Analysis in Python
Richard Herrell4.3K views
GraphQL & Prisma from Scratch by Nikolas Burk
GraphQL & Prisma from ScratchGraphQL & Prisma from Scratch
GraphQL & Prisma from Scratch
Nikolas Burk693 views
Odp by Mark McNasby
OdpOdp
Odp
Mark McNasby480 views
Big Data Analytics with Scala at SCALA.IO 2013 by Samir Bessalah
Big Data Analytics with Scala at SCALA.IO 2013Big Data Analytics with Scala at SCALA.IO 2013
Big Data Analytics with Scala at SCALA.IO 2013
Samir Bessalah9.5K views
Refactoring to Macros with Clojure by Dmitry Buzdin
Refactoring to Macros with ClojureRefactoring to Macros with Clojure
Refactoring to Macros with Clojure
Dmitry Buzdin3.5K views
Groovy On Trading Desk (2010) by Jonathan Felch
Groovy On Trading Desk (2010)Groovy On Trading Desk (2010)
Groovy On Trading Desk (2010)
Jonathan Felch2K views
Graphs made easy with SAS ODS Graphics Designer (PAPER) by Kevin Lee
Graphs made easy with SAS ODS Graphics Designer (PAPER)Graphs made easy with SAS ODS Graphics Designer (PAPER)
Graphs made easy with SAS ODS Graphics Designer (PAPER)
Kevin Lee1.1K views
A Shiny Example-- R by Dr. Volkan OBAN
A Shiny Example-- RA Shiny Example-- R
A Shiny Example-- R
Dr. Volkan OBAN469 views
Data Pipeline at Tapad by Toby Matejovsky
Data Pipeline at TapadData Pipeline at Tapad
Data Pipeline at Tapad
Toby Matejovsky8.1K views
Introduction To Groovy 2005 by Tugdual Grall
Introduction To Groovy 2005Introduction To Groovy 2005
Introduction To Groovy 2005
Tugdual Grall856 views

More from Raffael Marty

Exploring the Defender's Advantage by
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's AdvantageRaffael Marty
137 views36 slides
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti... by
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Raffael Marty
977 views19 slides
How To Drive Value with Security Data by
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security DataRaffael Marty
3.4K views7 slides
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Raffael Marty
6.4K views30 slides
Artificial Intelligence – Time Bomb or The Promised Land? by
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?Raffael Marty
1K views20 slides
Understanding the "Intelligence" in AI by
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AIRaffael Marty
942 views12 slides

More from Raffael Marty(20)

Exploring the Defender's Advantage by Raffael Marty
Exploring the Defender's AdvantageExploring the Defender's Advantage
Exploring the Defender's Advantage
Raffael Marty137 views
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti... by Raffael Marty
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Extended Detection and Response (XDR) An Overhyped Product Category With Ulti...
Raffael Marty977 views
How To Drive Value with Security Data by Raffael Marty
How To Drive Value with Security DataHow To Drive Value with Security Data
How To Drive Value with Security Data
Raffael Marty3.4K views
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes? by Raffael Marty
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Cyber Security Beyond 2020 – Will We Learn From Our Mistakes?
Raffael Marty6.4K views
Artificial Intelligence – Time Bomb or The Promised Land? by Raffael Marty
Artificial Intelligence – Time Bomb or The Promised Land?Artificial Intelligence – Time Bomb or The Promised Land?
Artificial Intelligence – Time Bomb or The Promised Land?
Raffael Marty1K views
Understanding the "Intelligence" in AI by Raffael Marty
Understanding the "Intelligence" in AIUnderstanding the "Intelligence" in AI
Understanding the "Intelligence" in AI
Raffael Marty942 views
Security Chat 5.0 by Raffael Marty
Security Chat 5.0Security Chat 5.0
Security Chat 5.0
Raffael Marty449 views
AI & ML in Cyber Security - Why Algorithms are Dangerous by Raffael Marty
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty7.2K views
AI & ML in Cyber Security - Why Algorithms Are Dangerous by Raffael Marty
AI & ML in Cyber Security - Why Algorithms Are DangerousAI & ML in Cyber Security - Why Algorithms Are Dangerous
AI & ML in Cyber Security - Why Algorithms Are Dangerous
Raffael Marty13.9K views
Delivering Security Insights with Data Analytics and Visualization by Raffael Marty
Delivering Security Insights with Data Analytics and VisualizationDelivering Security Insights with Data Analytics and Visualization
Delivering Security Insights with Data Analytics and Visualization
Raffael Marty3.7K views
Security Insights at Scale by Raffael Marty
Security Insights at ScaleSecurity Insights at Scale
Security Insights at Scale
Raffael Marty2.5K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty2.7K views
Creating Your Own Threat Intel Through Hunting & Visualization by Raffael Marty
Creating Your Own Threat Intel Through Hunting & VisualizationCreating Your Own Threat Intel Through Hunting & Visualization
Creating Your Own Threat Intel Through Hunting & Visualization
Raffael Marty25.2K views
Visualization in the Age of Big Data by Raffael Marty
Visualization in the Age of Big DataVisualization in the Age of Big Data
Visualization in the Age of Big Data
Raffael Marty6.9K views
Big Data Visualization by Raffael Marty
Big Data VisualizationBig Data Visualization
Big Data Visualization
Raffael Marty41.5K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty2.5K views
Visualization for Security by Raffael Marty
Visualization for SecurityVisualization for Security
Visualization for Security
Raffael Marty7.7K views
The Heatmap
 - Why is Security Visualization so Hard? by Raffael Marty
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty8K views
DAVIX - Data Analysis and Visualization Linux by Raffael Marty
DAVIX - Data Analysis and Visualization LinuxDAVIX - Data Analysis and Visualization Linux
DAVIX - Data Analysis and Visualization Linux
Raffael Marty4.2K views
Cloud - Security - Big Data by Raffael Marty
Cloud - Security - Big DataCloud - Security - Big Data
Cloud - Security - Big Data
Raffael Marty2.1K views

Recently uploaded

Initiating and Advancing Your Strategic GIS Governance Strategy by
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance StrategySafe Software
176 views68 slides
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...ShapeBlue
180 views18 slides
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
158 views59 slides
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...ShapeBlue
106 views12 slides
Qualifying SaaS, IaaS.pptx by
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
1K views8 slides
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...ShapeBlue
139 views29 slides

Recently uploaded(20)

Initiating and Advancing Your Strategic GIS Governance Strategy by Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software176 views
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha... by ShapeBlue
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
Mitigating Common CloudStack Instance Deployment Failures - Jithin Raju - Sha...
ShapeBlue180 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash158 views
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And... by ShapeBlue
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
Enabling DPU Hardware Accelerators in XCP-ng Cloud Platform Environment - And...
ShapeBlue106 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1K views
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti... by ShapeBlue
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
DRaaS using Snapshot copy and destination selection (DRaaS) - Alexandre Matti...
ShapeBlue139 views
Ransomware is Knocking your Door_Final.pdf by Security Bootcamp
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
Security Bootcamp96 views
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ... by ShapeBlue
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
Backroll, News and Demo - Pierre Charton, Matthias Dhellin, Ousmane Diarra - ...
ShapeBlue186 views
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava... by ShapeBlue
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
Centralized Logging Feature in CloudStack using ELK and Grafana - Kiran Chava...
ShapeBlue145 views
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue by ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlueWhat’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
What’s New in CloudStack 4.19 - Abhishek Kumar - ShapeBlue
ShapeBlue263 views
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue by ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlueVNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
VNF Integration and Support in CloudStack - Wei Zhou - ShapeBlue
ShapeBlue203 views
Kyo - Functional Scala 2023.pdf by Flavio W. Brasil
Kyo - Functional Scala 2023.pdfKyo - Functional Scala 2023.pdf
Kyo - Functional Scala 2023.pdf
Flavio W. Brasil457 views
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT by ShapeBlue
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBITUpdates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
Updates on the LINSTOR Driver for CloudStack - Rene Peinthor - LINBIT
ShapeBlue206 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE79 views
Why and How CloudStack at weSystems - Stephan Bienek - weSystems by ShapeBlue
Why and How CloudStack at weSystems - Stephan Bienek - weSystemsWhy and How CloudStack at weSystems - Stephan Bienek - weSystems
Why and How CloudStack at weSystems - Stephan Bienek - weSystems
ShapeBlue238 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10123 views
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates by ShapeBlue
Keynote Talk: Open Source is Not Dead - Charles Schulz - VatesKeynote Talk: Open Source is Not Dead - Charles Schulz - Vates
Keynote Talk: Open Source is Not Dead - Charles Schulz - Vates
ShapeBlue252 views
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ... by ShapeBlue
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
Backup and Disaster Recovery with CloudStack and StorPool - Workshop - Venko ...
ShapeBlue184 views
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or... by ShapeBlue
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
Zero to Cloud Hero: Crafting a Private Cloud from Scratch with XCP-ng, Xen Or...
ShapeBlue198 views
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f... by TrustArc
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc170 views

AfterGlow

  • 1. turning data into actionable insights copyright (c) 2013pixlcloud | afterglow.sf.net
  • 2. copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
  • 3. copyright (c) 2013pixlcloud | turning data into actionable insights Data Processing CSV File AfterGlow Graph LanguageFile digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; "aaelenes" -> "Printing Resume" ; "abbe" -> "Information Encryption" ; "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; } aaelenes,Printing Resume abbe,Information Encrytion aanna,Patent Access aatharuy,Ping Parser Grapher
  • 4. copyright (c) 2013pixlcloud | turning data into actionable insights Features • Computes DOT files • Filtering Nodes - Based on name - Based on number of occurrences • Fan Out Filtering • Coloring - Edges - Nodes • Clustering Fan Out: 3 •Edge Thickness •Node Sizes - Auto adjustment •Variables - do anything you want ‣ lookup in files ‣ computations ‣ transformations
  • 5. copyright (c) 2013pixlcloud | turning data into actionable insights Configuration l Coloring: color.[source|event|target|edge|sourcetarget]= <perl expression returning a color name> l Array @fields contains input-line, split into tokens: color.event=“red” if ($fields[1] =~ /^192..*/) l Filter nodes with “invisible” color: color.target=“invisible” if ($fields[0] eq “IIS Action”)
  • 6. copyright (c) 2013pixlcloud | turning data into actionable insights a b c d e End-To-End Example Output: Input Data: a,b a,c d,e a b c d e Command: cat file | ./afterglow –c simple.properties –t | neato –Tgif –o test.gif simple.properties: color.source=“green” if ($fields[0] ne “d”) color.target=“blue” if ($fields[1] ne “e”) color.source=“red” color=“green”
  • 7. copyright (c) 2013pixlcloud | turning data into actionable insights More Configuration l Clustering: cluster.[source|event|target]= <perl expression returning a cluster name> l Node Sizes: size.[source|event|target]= <perl expression returning a number> maxnodesize=<value> sum.[source|event|target]=[0|1]
  • 8. copyright (c) 2013pixlcloud | turning data into actionable insights Variables / Code l Variables l Definition: l Use: l There are no limits on what to do with the “variables” keyword! You can put entire scripts in there! # Watch Lists variable=@privileged=( "aaerchak" ); color.target="gold" if (grep(/$fields[0]/,@privileged));
  • 9. copyright (c) 2013pixlcloud | turning data into actionable insights Node Labels •xlabels=0 •xlabels=1 (default) •especially nice for longer node labels
  • 10. copyright (c) 2013pixlcloud | turning data into actionable insights Command Line Options Usage: afterglow.pl [-adhkmnqrstvx] [-b lines] [-c conffile] [-e length] [-f threshold ] [-g threshold] [-l lines] [-o threshold] [-p mode] [-x color] [-m maxsize] -a : turn off labelelling of the output graph with the configuration used -b lines : number of lines to skip (e.g., 1 for header line) -c conffile : config file -d : print node count -e length : edge length -f threshold : source fan out threshold -g threshold : event fan out threshold (only in three node mode) -h : this (help) message -i file : read from input file, instead of from STDIN -k : output in GDF format instead of DOT -l lines : the maximum number of lines to read -m : the maximum size for a node -n : don't print node labels -o threshold : omit threshold (minimum count for nodes to be displayed) Non-connected nodes will be filtered too. -p mode : split mode for predicate nodes where mode is 0 = only one unique predicate node (default) 1 = one predicate node per unique subject node. 2 = one predicate node per unique target node. 3 = one predicate node per unique source/target node. -q : suppress all output. Attention! You should use -w to write output to a file! -r : print source node names -s : split subject and object nodes -t : two node mode (skip over objects) -v : verbose output -w file : write output to a file instead of STDOUT -x : text label color
  • 11. copyright (c) 2013pixlcloud | turning data into actionable insights New Command Line Options ./afterglow.pl -i input_file ./afterglow.pl -w output_file -q ./afterglow.pl -k ... GDF output ./afterglow.pl -j ... GraphSON output
  • 12. copyright (c) 2013pixlcloud | turning data into actionable insights Sample Configurations # Variable and Color variable=@violation=("Backdoor Access", "HackerTool Download”); color.target="orange" if (grep(/$fields[1]/,@violation)); color.target="palegreen" # Node Size and Threshold maxnodesize=1; size.source=$fields[2] size=0.5 sum.source=0; threshold.source=14; # Color and Cluster color.source="palegreen" if ($fields[0] =~ /^111/) color.source="red" color.target="palegreen" cluster.source=regex_replace("(d+).d+")."/8"
  • 13. copyright (c) 2013pixlcloud | turning data into actionable insights Advanced Configuration • match() match("[0-9]") - matches the current field and returns 0 or 1 • field() "red" if (field() eq "foo"); • subnet() subnet($fields[0],0.0.0.0/7) - returns 0 or 1 depending on whether the value is in the given subnet • regex_replace() cluster.source=regex_replace("(d+.d+)")."/16" if (!match("^(212.254.110|195.141.69)")) - if one of the two ranges match(), then return the first two octets of the source IP and add the "/16" string. • get_severity() color.source=get_severity($fields[2], 10) - use a 10 step color range based on the third columns value
  • 14. copyright (c) 2013pixlcloud | turning data into actionable insights GraphViz • dot - hierarchical layouts • neato - spring model • circo - circular layout • fdp - force directed spring model • twopi - radial layout • lneato - interactive
  • 15. copyright (c) 2013pixlcloud | turning data into actionable insights AfterGlow Cloud - easy point and click configuration! http://afterglow.secviz.org
  • 16. copyright (c) 2013pixlcloud | turning data into actionable insights Future •AfterGlow 1.6.4 -GraphSON output •AfterGlow Cloud 2.0 -New, interactive Web interface
  • 17. copyright (c) 2013pixlcloud | turning data into actionable insights Resources AfterGlow 1.6.4 AfterGlow for Splunk SecViz Community
  • 18. copyright (c) 2013pixlcloud | turning data into actionable insights pixlcloud Powered By: info@pixlcloud.com