How did this start?
Over this past spring break of 2017, I set up a small group project for people to do over break. This was part of the club that I am the current Vice President of, RIT Game Development Club. The process started out with a group meeting where we all picked out roles that we would like to fulfill. In the end, most people had preventing circumstances and the project fell on just me and one other person who recorded some audio for the game.
About the game
The basic mechanic of this game is that the player shoots “black holes” at the opposing player. trying to get the other player stuck and lose a life. The black holes merge together when they hit each other, creating large black holes. The larger the hole is, the more attraction force it will have. The orange obstacles are bouncy obstacles that can send players off into unwanted directions, or they might just save them from a couple close calls too.
See this project on GitHub
What is Ergo Witness?
Ergo Witness is a 3D visualization of network data for a national computing security competition called CCDC. The video above is just one prototype concept that I have made in the past 6 or so weeks.
Who is the intended audience?
The intended audience for this visualization are people who understand what the competition is about, have a basic understanding of network traffic, but cannot necessarily follow all of the in depth updates through the competition.
What is happening?
The spheres represent a device on the network, and their color is determined by if they are on the red or blue team. If they are not on either team, then they are just orange for now. The teams are determined by if they have the same first 3 numbers of their IPv4 address the same. For example “192.168.137.100” would be in the same group as “192.168.137.1”.
The lines and particles that are being drawn in between represent netflow traffic, and their color varies based on the protocol.
The white glow surrounding some spheres represents their different sub net values. This is something that I have been really struggling to represent in a good way, and I am currently searching for a better alternative.
How do I get the data?
I am gathering the network data by running Bro and Packetbeat on a CentOS 7 box, and sending their logs to a Logstash server. I then make HTTP Post requests, which you can learn more about in my post here.
Why is this important?
There is a distinct lack of network data visualizations, especially interactive experiences. By using a game engine to do this there are endless possibilities for VR data visualisations that could be legitimate tools to help professionals do their jobs better. Imagine, one headset, with 360 degrees of viewing space to add as many virtual screens as the user wants. No longer would people need to but 15 different computer monitors, they could just by one headset. And if you developed for something like the Hololens, then the user can still see through to their keyboard and their surroundings. Amazing.
Not many people use Unity(or really any game engine) for data visualization. I think that the main reason for this is that Unity is not marketed as a data visualization tool, and there is already a large market for such things that companies would rather use. I am currently exploring the different possibilities for interactive data visualization using Unity and the Logstash pipeline. Logstash is just one part of something much bigger called the ELK stack(Elasticsearch, Logastah, and Kibana).
For more information on what exactly the ELK stack is, or want a great guide to installing it, check out my friend’s website for help. This was a HUGE resource for me when it came to installing the ELK stack on CentOS (which I have never used before 3 days ago) .
What makes Logstash so great in my eyes, is that it outputs in JSON format that is easily accessible. You can get JSON data from the ELK stack by posting an HTTP request in Unity via the WWW component. You can also do this more broadly in C# using the HttpWebRequest class. The reason I use WWW is because it is more optimized for game engines. After you store this data in a string (depending on what post query you use), you can use Unity’s JsonUtility to parse through it and make it accessible like any other C# data. I made a more detailed post about how to this here.
Once you have the data in C#, the possibilities are endless. A particularly interesting application of this is what I am doing on my current co-op, which is network data visualization. Reading the logs from tools like Bro, Snort, and Tshark into Logstash via Filebeat, I can effectively visualization the devices that are on the network, and the netflow data going between them. Since we are using Unity, we can be as creative as we want with how we show this, instead of just a 2D graph like most network visualizations.
I am particularly interested in using VR to show the network data. Image walking through some netflow data in real time, that would be pretty cool!