Picviz 0.5 out

The new release 0.5 of Picviz is out. This version comes with real-time mode enabled (and adds the libevent dependency) among other things, such as new properties and variables.

Get it from the usual place.

What is Picviz?

When considering log files for security, usual applications available today
either look for patterns using signature databases or use a behavioral
approach. In both cases, information can be missed. The problem becomes
bigger with systems receiving a massive amount of logs.

Parallel coordinates is an answer to display an infinity of events in multiple
dimensions. As security data are multivariate, parallel coordinates provides
a neat way to display and ease abnormal behaviors detection. Picviz implements
the use of parallel coordinates on acquired data, such as logs, to create a
parallel coordinates image.

Using this image, the analyst can use Picviz to improve the output image,
filter information and visually detect things.