A Framework for Effective Alert Visualization

Any organization/department that provides security typically deals with a large volume of alerts and logs generated from a variety of sources. These could be from firewalls, intrusion detection/prevention devices and agents, vulnerability scanners, etc. It would seem like a good idea to apply as much correlation as possible to this data in order to be able to see things from a bird's eye perspective. Even at this point, a human could use some additional help in deciphering the situation. The authors believe that visualization is a key component to this end. This paper describes general methods and principles that allow the use of visualization as an efficient tool for alert analysis.