Screenshots

  • Close

    Event Dashboard

  • Close

    Event Dashboard - more graphics

  • Close

    Visualization of automatically generated server groups. (Ex. Group 'Cluster 4' refers to the identified Web Servers, and 'Cluster 5' the email servers

  • Close

    Visualization of an Operating System inventory, generated automatically using sFlows.

  • Close

    Dashboard to visualize basic information available in sFlows.

  • Close

    List of some Hogzilla IDS events

  • Close

    Details about an specific Hogzilla IDS event

  • Close

    Searching an IP it is possible to see events and collected flows. It is useful to analyse incidents.

The Hogzilla’s outputs can be seen in GrayLog. By this architecture, the GrayLog’s features such as dashboards, graphs and searches are available.

Below there are some screenshots, which illustrate what can be done.

1. Event Dashboard

a Slide Show

a Slide Show

2. Visualization of automatically generated server groups

E.g. Servers in “Cluster 4”, “usually” receive 91% of incoming connections in port 80. We can assume that this group refers to the Web Servers. The grouping process is dynamic and it is updated every 6h.

Slide Show

3. Visualization of an Operating System inventory, generated automatically

To create this inventory, Hogzilla uses information available in sFlows.

Slide Show

4. Dashboard to visualize basic information available in sFlows.

It is possible to also send sFlows directly to GrayLog and keep them for future searches. Image below illustrates a dashboard using this information, which enables a low cost network visibility.

Slide Show

5. List of some Hogzilla IDS events

Slide Show

6. Details about a specific Hogzilla IDS event

Hogzilla provides details about the flows considered in the respective event. A proper notation is used:

  • “<?>” means that the flow direction could not be determined
  • ”=>” and “<=” indicates the flow direction (when it is possible)
  • “[!]” means that the connection occurred (ie, it is not just a packet in a scan)
  • “L-to-R” and “R-to-L” means “Left to Right” and “Right to Left”

Slide Show

7. Searching an IP

An IP search returns collected sFlows and events regarding the IP. This integration simplifies incident analysis.

Slide Show