Ergo Witness is now open source!

I have officially made Ergo Witness open source! It is capable of building to Android, Windows, Mac, and Linux. It is under the MIT License, so please feel free to fork it and use to to visualize whatever data you want!! The wiki is there with information about all methods that I have written, and which classes do what.

Click here to check it out

This visualization was used in the national CCDC competition, NCIS, and IRSeC successfully. Keep in mind that I built this for a target audience of people who do not fully understand networking, and I wanted to give them a general idea of what was going on.

This is also released on the Google Play store! Check it out!

Windows, Mac, and Linux builds are available here.

If you do need help setting this visualization for your own competition, please let me know! I would be happy to help out! The same goes for if you have questions about why I made one class the way that I did, etc.

Ergo Witness Update

Ergo Witness

 

What’s new?

  1. Much improved visuals and UI/UX.
  2. Options menu to configure your settings on start instead of going into files to do so.
  3. Camera speed control.
  4. Color coding groups based on the options menu configuration.
  5. Audio queues that play when specific protocols appear.
  6. DNS traffic is now represented .
  7. Click on a node to query it against your Logstash server.
  8. Linux, Mac, and Android support.

What’s coming?

  1. VR experience of being able to analyze data in a fun and interactive environment.
  2. Saving your options menu so that you don’t have to re-enter it every time.
  3. Improved audio and 3D models.

Prototype of “Ergo Witness”

 

What is Ergo Witness?

Ergo Witness is a 3D visualization of network data for a national computing security competition called CCDC. The video above is just one prototype concept that I have made in the past 6 or so weeks.

Who is the intended audience?

The intended audience for this visualization are people who understand what the competition is about, have a basic understanding of network traffic, but cannot necessarily follow all of the in depth updates through the competition.

What is happening?

The spheres represent a device on the network, and their color is determined by if they are on the red or blue team. If they are not on either team, then they are just orange for now. The teams are determined by if they have the same first 3 numbers of their IPv4 address the same. For example “192.168.137.100” would be in the same group as “192.168.137.1”.

The lines and particles that are being drawn in between represent netflow traffic, and their color varies based on the protocol.

The white glow surrounding some spheres represents their different sub net values. This is something that I have been really struggling to represent in a good way, and I am currently searching for a better alternative.

How do I get the data?

I am gathering the network data by running Bro and Packetbeat on a CentOS 7 box, and sending their logs to a Logstash server. I then make HTTP Post requests, which you can learn more about in my post here.

Why is this important?

There is a distinct lack of network data visualizations, especially interactive experiences. By using a game engine to do this there are endless possibilities for VR data visualisations that could be legitimate tools to help professionals do their jobs better. Imagine, one headset, with 360 degrees of viewing space to add as many virtual screens as the user wants. No longer would people need to but 15 different computer monitors, they could just by one headset. And if you developed for something like the Hololens, then the user can still see through to their keyboard and their surroundings. Amazing.