New to version 0.9 is a tabbed interface. This is the default landing page (you can change this) which provides a very high level summary.




The IP tab has a breakdown of top IPs, ports and countries.


Nothing much has changed here accept that the date ribbon can be used to manipulate the date controls.



A tag cloud can be primed prior to event queries to give an approximation of geographic distribution. The countries can be added to the query filter by clicking on the name.



A typical query. This one is filtered by country and we are excluding any signatures that match RBN. The colouring used in the grid and event column is the items 'weight'. The input boxes are controlled by a context menu that shows up when you left click on an object. Additional functions can be performed from the menu as well.


The grid can be handy to visualize a particular event (or events) over a period of time as can be seen below. With certain event types the effect is quite illuminating.


Maps can be created at any time by simply expanding the map section.


If you expand the "create" pane, you will see a few controls that allow you to create a link graph using the information from the current query. Afterglow is used to create the DOT language file which is then fed to Graphviz to create the image. The edges scale from white to black depending on the event count.