> Funny - Jose and I were having a similar discussion offline. > My theory is that visualization is mostly useful as an exploratory > tool. Basically, you've got your "Bass" "Treble" and "Volume" > knobs you can mess with, and you can change the position of > the antennas and mess with the UHF knob until the picture > comes clear. The underlying goo driving it all is statistics of > some sort or another. But once you've used the visualization > tool to explore the data set you might go "Wow. This one is useful!" > Then you can fine-tune to collect that value in a less-expensive > format (i.e.: a pie chart or whatever) and you can start to > optimize by precomputing values you now know are of interest. What you are saying is true, but if you analyze IDS logs, that's exactly the same story. It doesn't help you to look at them with "more" either. In the end you usually want to go back to the packets that triggered your events to verify and understand what happened. In that respect visualization is at least as good as looking at the raw IDS/Firewall/... logs. -raffy -- Raffael Marty, CISSP raffael.marty@private Senior Security Engineer Content Team @ ArcSight Inc. 5 Results Way Cupertino, CA 95014 (408) 864-2662 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 11:32:54 PDT