Tutorial 7: Feature highlight / pre-tutorial on Risk Maps

October 15, 2008 | Dominique Karg
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Introduction

Today I would to share something interesting we’re working on: Risk/Availability/Vulnerability indicator Maps.

The purpose was to fit the most important information that can be gained from ossim all over it’s interface, into a simple to use, simple to manage and simple to analyze interface.

We already had an approach to both, to using maps (images) and to aggregate/organize different input into meta-objets (what we called business processes). But, both of them had the same problem: they were complex and they were ugly.

So now, using the data from that part, we tried to make an interface that was as appealing to the user as possible, but which also was foolproof so that it could be used by less-skilled users (*cough* management *cough*). And here is the result.

I’d love to express my sincere gratitude to Juan Manuel Albarracin, who’s coded up the groundworks for all of this in less than four days. Kudos :-).

Also, the screenshots shown here might not reflect the final release. This is work in progress, I’m going to commit code for it to the cvs very soon (tomorrow or monday/tuesday) and it will be in the 1.1 installer release, but of course we’‘ll be polishing the look and functionality before that.

Sample setup

Final result

The screenshot below these lines shows a finished map of our office, with icons matching people and some specific hosts/environments.

(Image removed, broken link, I’m very sorry. DK.).

On that map you can see the basic object which make up the new map:

  1. The background shape. Usually this would be a network map for your infrastructure, but can be anything from geopolitical maps, to logos, to blank pages or whatever you want.
  2. Configurable icons. A standard set will be provided, custom icons can be uploaded.
  3. Each element can be freely dragged around (during configuration)
  4. Every element can be linked to some url (some part of ossim, another map, an external place)
  5. Each element features it’s own easy to understand (green/yellow/red :P) Risk/Vulnerability/Availability indicators

Configuration

Our next screenshot features the configuration interface for all of this.

(Image removed, broken link, I’m very sorry. DK.) And again, with the upload part collapsed:

(Image removed, broken link, I’m very sorry. DK.).

You’ve got options to upload maps and icons (icons require a custom name). After having uploaded all the maps you want to configure and all the icons you want to use (besides the default provided ones), you’re ready to go.

Toggling away the maps section (we’ll replace that nasty link with something niftier) would be a nice first step, leaving only the map and the lower section.

After this, we’ve got four things to decide:

  1. Choose an icon
  2. Choose an element to report on (more on this later)
  3. Assign a name
  4. Link to another map or to a random url (want to exted this to provide links to standard places across ossim)

Except the link url, the other three elements are mandatory.

The next image shows the nifty icon selector, which uses Lytebox [www.dolem.com/lytebox/] as backend. It allows you to choose icons of your own or select from a set of default icons.

(Image removed, broken link, I’m very sorry. DK.).

As for objects, those usable for placement include:

  • Hosts
  • Networks
  • Host groups
  • Network groups
  • Servers
  • Sensors
  • Businessprocesses

Once that is choosen, you’ll add a new indicator. This will place the icon along with it’s indicator on the map, allowing you to move it

Last but not least, there’s also the ability to add “hot-zones” for those areas where you want to delve into deeper detail. The next image shows a square around Australia, which we could link to a site with info about it, or even better, to a more detailed map with provices/areas and indicators.

(Image removed, broken link, I’m very sorry. DK.).

This has been a brief introduction to the subject, more in-depth information along with how those three final indicators are being calculated will be posted on a follow-up.

From here on what you do is up to your imagination, I guess more obvious environments are those mapping a high level network map of your company to some lower level ones, drilling down on host and network status that way.

Dominique Karg

About the Author: Dominique Karg
Read more posts from Dominique Karg ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL