Blogs: visualization

The second in our workshop series for the Splunk Admin / Owner / Program Manager is a session to introduce new and experienced users to Splunk reports and dashboards.

It was a little surprising, but not uncommon, to learn from some of our veteran Splunkers they didn’t know Splunk could create interactive, smart visuals (also known as graphs/charts/reports) and arrange them quickly on custom dashboards. This 30-45 minute workshop will catapult searchers into a whole new world of visualizations.

For the past year I have been working on a book about visualization. It will be called “Applied Security Visualization“. The book is going to talk about all the aspects of visualizing security data. Anything from important data sources and graphs to use-cases and open source tools for visualization. The main use-cases I write about evolve around Perimeter Threat, Compliance, and Insider Threat.

Last year during RSA, Addison-Wesley (my publisher) recorded some videos, where I talk about the book and some of its contents. Here are the links to the videocasts:

• Security visualization
• Bridging security and visualization

At this point, I have one more chapter to write before the book is done. A rough-cut version should be available…

Have you ever looked into visualizing your IT data? If you have been using Splunk 3.0 and you have been using the enhanced reporting, your answer would be yes. Maybe you have heard of, or even worked with a tool called AfterGlow. This is a tool that I co-authored with one of my old co-workers. AfterGlow is a tool that helps you visualize your IT data as link graphs. It is extremely simple to use. It is completely command line driven, uses CSV as input and generates a DOT description for a graph, according to some predefined conditions that are provided in the form of a properties file. the DOT file can then be visualized with one of many…