Marcus, > I'm not convinced of the value of such systems outside of the > cool-factor but it's mostly because I keep seeing them as > just different ways of accessing the same underlying metaphors > and presenting them in new ways. So far I agree with you. Visualization techniques cannot produce information. We all are operating on the same sets of data, either events from some kind of a system or raw packet dumps. Visualization does certainly not generate new information. > The underlying metaphors are really moving averages, runs tests, > and distances from the mean. I don't quite understand what you mean by this. There are more factors that you can visualize. It's not all about statistical analysis and graphing. What about event-graphs (or link-graphs)? They don't have anything to do with moving averages, runs or distances from the mean. Maybe I am missing your point here. > What we haven't figured out how to do is use them in a > way that helps, so visualizing is really just a cool way of > graphically twiddling the "gain" "bass" and "treble" to see > what comes out. Here I vastly disagree. I don't think it's just a "cool" way of twiddling data. I think it's a very powerful way of quickly analyzing big amounts of data and getting a feeling for what is going on in a dataset. No report can show you the amount of information that a graph can. A visual representation of several thousend events can give you a very good understanding on what's going on in the data and even uncover anomalies. Cheers -Raffy Disclaimer: Raffy's opinions might not be ArcSight's policy. -- Raffael Marty, CISSP raffael.marty@private Senior Security Engineer Content Team @ ArcSight Inc. 5 Results Way Cupertino, CA 95014 (408) 864-2662 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 09:54:53 PDT