Tools for visualizing IDS output
Pictures

© tasosk, 123RF
Spot intruders with these easy security visualization tools.
The flood of raw data generated by intrusion detection systems (IDS) is often overwhelming for security specialists, and telltale signs of intrusion are sometimes overlooked in all the noise. Security visualization tools provide an easy, intuitive means for sorting through the dizzying data and spotting patterns that might indicate intrusion.
Certain analysis and detection tools use PCAP, the Packet Capture library, to capture traffic. Several PCAP-enabled applications are capable of saving the data collected during a listening session into a PCAP file, which is then read and analyzed with other tools. PCAP files offer a convenient means for preserving and replaying intrusion data.
In this article, I'll use PCAPs to explore a few popular free visualization tools. For each scenario, I'll show you how the attack looks to the Snort intrusion detection system [1], then I'll describe how the same incident would appear through a security visualization application.
[...]
Buy this article as PDF
(incl. VAT)