| 01/01/08 | AfterGlow works with Splunk |
| 11/01/07 | AfterGlow in ISSA Journal: Argus: Auditing network activity |
| | |
| | |
| 09/12/07 | AfterGlow 1.5.9 Released |
| | Adding property to add a URL element to nodes. This can be used, for example, to integreate with Splunk. |
| | Adding label property to change labels on nodes. This overwrites the old label.(source|event|destination) to use not only boolean values. |
| | |
| 08/17/07 | AfterGlow Logo |
| | You might have noticed that AfterGlow finally got a LOGO. Thanks a lot to Jef, the graphic desiger at my work! You should see him navigate PhotoShop... |
| 06/17/07 | AfterGlow 1.5.8 Released |
| | As part of the First conference in Seville, Spain, I am teaching a workshop on how to visualize insider threat. I am using this occasion to release a new and much improved version of AfterGlow. |
| | Node sizes can be configured. |
| | Updated and improved color assignment heuristic. |
| | Per node thresholds |
| | A few bug fixes! |
| | As always more information in src/perl/graph/README |
| 02/08/07 | AfterGlow 1.5.7 Released |
| | Removed the database scripts from the distro. Get them from CSV if you need them. |
| | Added feature to color nodes separately which are sources AND targets. |
| | Adding label to the graph (-a command line option) |
| | Added Text::CSV to parse the input data. (Thx Neil) |
| 02/04/07 | Anonymization Script |
| | Added anonymization scripts to anonymize CSV files. To safe you some hassle, also download the Anonymous.pm file if you want to anonymize IP addresses. |
| 01/06/07 | Unix Review Article on Snort 2.6 and AfterGlow |
| | I just stumbled accross an article that talks about how to use Snort 2.6 in conjunction with AfterGlow. And yet another blog entry which talks about Afterglow. |
| 11/27/06 | Security Visualization Portal - Launched |
| | Finally, the secviz.org portal is launched. You can find resources around the topic of security data visualization there! A definite have to see for AfterGlow users. You will see many examples of how to use the tool! |
| 07/03/06 | AfterGlow 1.5.6 Released |
| | Fixed bug related to -g (fan out filtering) where source node was not drawn |
| | Fixed bug related to -p 1 -f 1 options where too many nodes where drawn |
| | New configuration option: variable |
| | Removed regex() function. Duplicate of match(). |
| 06/30/06 | DefCon 2006 (August 2006 in Las Vegas) |
| | A presentation will feature AfterGlow and show how a firewall log can be visualized. Step by step instructions on how to build property files, and how to use all the other features. |
| 04/15/06 | AfterGlow 1.5.1 is in CVS! |
| | Making parsing of property file a bit more flexible |
| | Adding subnet() function |
| | Adding field() function, returning the current field value |
| | Adding version information to usage(); |
| | Fixing error message "not a color: " that showed all the time it was checking edge colors when they were not even defined |
| | Don't evaluate clusters, if no clusters defined. |
| | Trying to do some code optimization by checking whether a certain feature is needed |
| | Doing some optimization by intorudcing a color cache! MUCH faster! |
| 03/20/06 | Another release of AfterGlow. Version 1.5 features: |
| | Adding fan-out filtering capability! Way cool! |
| | Minor bug fixes for property files. |
| | Adding "exit" statement for property files. |
| 03/09/06 | This is a combined release of AfterGlow 1.3 and 1.4. Lots of new features: |
| | Fixing omit-threshold bug. Only draw edges if BOTH nodes have a higher threshold, not just one of them. |
| | Introducting cluster capability. This will cluster
multiple nodes into one: (cluster=expression or cluster.{source,event,target}=expression) |
| | Introduction of functions to work with colors and clusters: any_regex(), regex(), match(), regex_replace() |
| | Adding capability to define colors independant of the node (color=...) |
| | Introducing label.{source,event,targate}=[0|1] to disable labels |
| 02/21/06 | AfterGlow 2.0 released during EuSecWest 2006 in London. |
| 02/18/06 | AfterGlow 2.0 is close! I will release it at EuSecWest 2006 in London. |
| | A new framework written in Java, based on the infovis libraries. |
| | For now "AfterGlow 2.0 - Java" and "AfterGlow 1.1.6 - Perl" will live concurrently. Version 3.0 will combine the capabilities of both versions! |
| | AfterGlow 2.0 supports treemap output. In future versions more will be added (especially link graphs). |
| 02/17/06 | AfterGlow 1.1.6 released! This release fixes a problem with the node-counts! |
| 02/17/06 | Lots of changes: |
| | Cleaned up the the directories. |
| | afterglow-database and afterglow-parsers is gone. Everything is in afterglow-1.1.6.tar.gz now. |
| | Added README to the perl directories. |
| | Added more examples and cleaned them up. |
| 11/11/05 | Finally, a first version of the manual is available and some more pages got added on this Web page. |
| 09/19/05 | The Web page is finally launched. A lot of sections are still missing, but stay put! |
| 09/01/05 | Version 2.0 of AfterGlow got released with fixes to the node counts! |
| 08/01/05 | Raffy presented at DefCon about visual log analysis. Here is the description on the DefCon page. The presentation is also available. |
