AfterGlow

AfterGlow is a tool which facilitates the process of generating graphs. It is the most downloaded security visualization tool of all times with over 17,000 downloads! Learn more about AfterGlow here.

News:

07/08/13	AfterGlow 1.6.5 released! Edge labels! Also see this blog post for a description of the latest updates.

07/11/13	I released a short slide deck on AfterGlow: Overview, features, and a few great examples.
07/08/13	AfterGlow 1.6.4 released!
	Adds the capability to generate ouput in GraphSON format. (Credit to Tanya Guza for implementing this as part of GSOC)
05/13/13	New AfterGlow for Splunk release - Fixing issues with Windows installations Download
04/14/13	The latest source code is no longer on sourceforge, but can now be found on github: AfterGlow Source
	The tar-balls have moved too.
12/01/12	AfterGlow Cloud is life! Check it out!
	The source code is available as well, in case you want to run your own AfterGlow Cloud instance.
	Some more information can be found on the honeynet blog
05/13/12	AfterGlow was part of google summer of code (GSOC) through the honeynet project!
04/09/12	Blog post about PCAP analysis with AfterGlow
04/09/12	Blog post about how to use variables in AfterGlow
02/19/12	AfterGlow is part of Squert, a Web application to view event data stored in the Sguil database.
01/04/12	AfterGlow 1.6.2 for Splunk released!
	This bug fix release will fix AfterGlow to work correctly with Splunk 4.2.x
10/16/11	AfterGlow 1.6.2 released!
	GDF output format support (-k) to support tools like Gephi.
	Join a community that has downloaded AfterGlow 14,000 times!!
04/02/11	Burpdot added a feature to output data for AfterGlow.
03/22/10	AfterGlow 1.6.0 released!
	A historic day! I finally decided that it was time to release AfterGlow 1.6.0!
	Adding edge thickness option
	New command line options to redirect STDIN and STDOUT to and from AfterGlow
	New property file function: get_severity()
	Couple of bug fixes. As always, check afterglow.pl for exact details.
09/16/09	Check out the CVS for a version of AfterGlow that allows for changing edge thickness! Release will follow soon!
09/16/09	AfterGlow gets a mention in Linux Magazine.
08/07/09	You can now your AfterGlow with Splunk 4. The integration is much nicer through a UI module, not a search command anymore.
03/26/09	AfterGlow is part of the Google Summer of Code project through the HoneyNet alliance! Sign up and help improve AfterGlow!
02/07/09	sudosecure.net published an analysis of the Waledac botnet. The analysis was performed with AfterGlow.
11/25/08	The 2.0 release of AfterGlow was removed from the download. It is confusing to users that there was a 2.0 version that did not provide the link graph feature. The initial idea was that the new code would support treemaps and link graphs, but that never took off. The 2.0 branch is abandoned at this point.
11/18/08	A short tutorial on how AfterGlow can be used with NetFlow data is posted on IT World.
01/01/08	AfterGlow works with Splunk
11/01/07	AfterGlow in ISSA Journal: Argus: Auditing network activity
09/20/07	Bro + Afterglow == Flow Insight with Link Graph
09/12/07	AfterGlow 1.5.9 Released
	Adding property to add a URL element to nodes. This can be used, for example, to integrate with Splunk.
	Adding label property to change labels on nodes. This overwrites the old label.(source\|event\|destination) to use not only boolean values.

08/17/07	AfterGlow Logo
	You might have noticed that AfterGlow finally got a LOGO. Thanks a lot to Jef, the graphic designer at my work! You should see him navigate PhotoShop...
06/17/07	AfterGlow 1.5.8 Released
	As part of the First conference in Seville, Spain, I am teaching a workshop on how to visualize insider threat. I am using this occasion to release a new and much improved version of AfterGlow.
	Node sizes can be configured.
	Updated and improved color assignment heuristic.
	Per node thresholds
	A few bug fixes!
	As always more information in src/perl/graph/README
02/08/07	AfterGlow 1.5.7 Released
	Removed the database scripts from the distro. Get them from CSV if you need them.
	Added feature to color nodes separately which are sources AND targets.
	Adding label to the graph (-a command line option)
	Added Text::CSV to parse the input data. (Thx Neil)
02/04/07	Anonymization Script
	Added anonymization scripts to anonymize CSV files. To safe you some hassle, also download the Anonymous.pm file if you want to anonymize IP addresses.
01/06/07	Unix Review Article on Snort 2.6 and AfterGlow
	I just stumbled accross an article that talks about how to use Snort 2.6 in conjunction with AfterGlow. And yet another blog entry which talks about Afterglow.
11/27/06	Security Visualization Portal - Launched
	Finally, the secviz.org portal is launched. You can find resources around the topic of security data visualization there! A definite have to see for AfterGlow users. You will see many examples of how to use the tool!
07/03/06	AfterGlow 1.5.6 Released
	Fixed bug related to -g (fan out filtering) where source node was not drawn
	Fixed bug related to -p 1 -f 1 options where too many nodes where drawn
	New configuration option: variable
	Removed regex() function. Duplicate of match().
06/30/06	DefCon 2006 (August 2006 in Las Vegas)
	A presentation will feature AfterGlow and show how a firewall log can be visualized. Step by step instructions on how to build property files, and how to use all the other features.
04/15/06	AfterGlow 1.5.1 is in CVS!
	Making parsing of property file a bit more flexible
	Adding subnet() function
	Adding field() function, returning the current field value
	Adding version information to usage();
	Fixing error message "not a color: " that showed all the time it was checking edge colors when they were not even defined
	Don't evaluate clusters, if no clusters defined.
	Trying to do some code optimization by checking whether a certain feature is needed
	Doing some optimization by introducing a color cache! MUCH faster!
03/20/06	Another release of AfterGlow. Version 1.5 features:
	Adding fan-out filtering capability! Way cool!
	Minor bug fixes for property files.
	Adding "exit" statement for property files.
03/09/06	This is a combined release of AfterGlow 1.3 and 1.4. Lots of new features:
	Fixing omit-threshold bug. Only draw edges if BOTH nodes have a higher threshold, not just one of them.
	Introducing cluster capability. This will cluster multiple nodes into one: (cluster=expression or cluster.{source,event,target}=expression)
	Introduction of functions to work with colors and clusters: any_regex(), regex(), match(), regex_replace()
	Adding capability to define colors independent of the node (color=...)
	Introducing label.{source,event,targate}=[0\|1] to disable labels
02/21/06	AfterGlow 2.0 released during EuSecWest 2006 in London.
02/18/06	AfterGlow 2.0 is close! I will release it at EuSecWest 2006 in London.
	A new framework written in Java, based on the infovis libraries.
	For now "AfterGlow 2.0 - Java" and "AfterGlow 1.1.6 - Perl" will live concurrently. Version 3.0 will combine the capabilities of both versions!
	AfterGlow 2.0 supports treemap output. In future versions more will be added (especially link graphs).
02/17/06	AfterGlow 1.1.6 released! This release fixes a problem with the node-counts!
02/17/06	Lots of changes:
	Cleaned up the directories.
	afterglow-database and afterglow-parsers is gone. Everything is in afterglow-1.1.6.tar.gz now.
	Added README to the perl directories.
	Added more examples and cleaned them up.
11/11/05	Finally, a first version of the manual is available and some more pages got added on this Web page.
09/19/05	The Web page is finally launched. A lot of sections are still missing, but stay put!
09/01/05	Version 2.0 of AfterGlow got released with fixes to the node counts!
08/01/05	Raffy presented at DefCon about visual log analysis. Here is the description on the DefCon page. The presentation is also available.