Digging into SIEM Alerts with Visual Graph Analytics presented at BSidesLasVegas 2016

by Jeff Bryner, Paden Tomasello,

Summary : Our responsibilities are expanding to include larger infrastructures, more applications, and a multitude of security products. As a result, security investigators must navigate big, inter-connected data. Traditional data visualization techniques, like lists, charts, and tables, are great for summaries, but hide individual entities and relationships. Graph visualization, on the other hand, models these entities and relationships as nodes and edges. By exposing structural and temporal information, we can reveal suspicious patterns and anomalies. Over the last year, I’ve been using Graphistry’s visual graph explorer to analyze one of our customer’s ArcSight SIEM. In this talk, I will share how I used graph visualization to better understand and detect malicious attack patterns hidden within millions of security logs.