[Owasp-appsensor-project] appsensor dashboard design prep for appsec eu

John Melton jtmelton at gmail.com
Fri May 29 15:56:28 UTC 2015


Thanks Colin.

Yes, I'm not a UX designer, so I'll definitely be looking for feedback
frequently. I'll post to this list and the dev list as well looking for
comments and feedback.

Thanks,
John

On Fri, May 29, 2015 at 2:37 AM, Colin Watson <colin.watson at owasp.org>
wrote:

> I have aggregated these comments, and added my own, at:
>
>
> https://docs.google.com/spreadsheets/d/1Ez7JBp7xEueFgMtOhEvAeVFcKR4jcgil-PxT6Rxieps/edit?usp=sharing
>
> When I develop, I quite like the flexibility of laying things out as I
> go. I like to see the output and can't design it all in advance. So
> I'd be happy to comment on mocks/screenshots of work in progress if
> that would help further.
>
> Colin
>
>
>
>
> On 18 May 2015 at 04:52, John Melton <jtmelton at gmail.com> wrote:
> > Ok, waited a few days. Here were my original notes which are a bit of a
> > brain dump:
> >
> > - who are the target audience(s) for the dashboard?
> >     - operations, developers
> > - what are the use cases that need to be handled? ops room view, attack
> > research, etc.
> >     - dashboard on the wall
> >     - research on attack(s) in progress
> >
> > - what is the "normal state" - nothing on the screen at all???
> >     - same as with "active issues", maybe a message about no data found.
> > Need to differentiate so we know we're not missing data b/c of a bad
> > connection. Maybe have a "connected to backend" message displayed
> somewhere.
> >
> > - what is usefully displayed?
> >     - "main" chart of a sliding window (last 5 minutes?), possibly
> >         - stacked chart with all detection points with sum total
> >         - something like colin's video of the red/orange/yellow nodes for
> > each detection point, growing darker the more active they are
> >         - a bubble chart, bubble per detection point, growing based on
> > activity (another version of colin's example)
> >     - some other statistics on the main dashboard:
> >         - total events over varied recent time ranges (minute, hour, day)
> >         - scrolling list of recently logged events, attacks, responses
> >         - most "active" users or IPs
> >         - avg events/attacks/responses per minute/hour/day, etc. - give
> some
> > sort of useful guage to know if "now" is better/worse than usual.
> >
> > - what sort of patterns would a typical attack look like, and how would
> > visualisation help highlight this?
> >     - not sure, need some help from ops folks on this one
> >
> > - what drill down/view might be useful?
> >     - by user
> >         - see data charted over a sliding window of time (default to last
> > hour?)
> >         - see what client applications saw this user
> >         - see a thread of activity (timeline) showing what the user's
> been
> > seen doing when
> >     - by detection point (label - ie. specific detection point)
> >         - see data charted over a sliding window of time (default to last
> > hour?)
> >         - group by client application (20 total, 2 on app A, 18 on app
> B, 0
> > on C/D/E)
> >     - (not for v1) - by metadata
> >         - if a developer defines custom metadata, we could allow
> grouping on
> > some key name - might be useful in custom situations
> >     - configuration editor
> >         - need a UI to expose the configuration for detection points and
> > their associated responses (need admin role)
> >         - need a serializer/deserializer for save/read
> >
> > - what do you want to be there for sure?
> >     - simple, understandable, useful visualizations
> >     - config editor
> >
> > - what do you NOT want to be there for sure?
> >     - too much on the screen
> >     - the wrong visualizations
> >
> > - sample tools/views you find helpful?
> >     - charts using some library ???
> >     - would like to use websockets - need to beef up support
> >     - backend likely spring boot / spring security
> >     - bootstrap
> >     - jquery
> >     - not sure about javascript frameworks ... need help :>
> >     -
> >
> https://dribbble.com/shots/1315388-Dashboard-Web-App-UI-Job-Summary/attachments/184703
> >     - http://startbootstrap.com/template-overviews/sb-admin/
> >     - https://www.almsaeedstudio.com/preview
> >     -
> >
> http://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/
> >
> > - any UI patterns we should use / not use?
> >     - relying on bootstrap
> >     - no pie charts :>
> >
> > Thanks,
> > John
> >
> > On Tue, May 12, 2015 at 1:40 AM, Timo Goosen <timo.goosen at owasp.org>
> wrote:
> >>
> >> >- who are the target audience(s) for the dashboard?
> >> People in operations who are running infrastructure that the application
> >> is hosted on.
> >>
> >>
> >> >- what are the use cases that need to be handled? ops room view, attack
> >> > research, etc.
> >> Attack research, ops rooms. Would also be nice to see appsensor used
> >> BlueTeam vs Red Team CTF competitions , could be used by the Blue Teams.
> >> Would be a good place to put Appsensor to the test. Would be cool to use
> >> AppSensor to monitor an app running in a competition like this:
> >>
> http://www.echothrust.com/blogs/du-selects-echothrust-solutions-its-first-hacking-competition-dubai
> >>
> >> >- what is the "normal state" - nothing on the screen at all???
> >> Normal traffic, no anomalies in log data.
> >>
> >> - what is usefully displayed?
> >> - what sort of patterns would a typical attack look like, and how would
> >> visualisation help highlight this?
> >> >- what drill down/view might be useful?
> >> Would be interesting and helpful to see information especially at the
> >> enumeration stage of an attack. Also would be interesting to see traffic
> >> coming from blacklisted IP's.
> >>
> >> - what do you want to be there for sure?
> >> - what do you NOT want to be there for sure?
> >> - sample tools/views you find helpful?
> >> >- any UI patterns we should use / not use?
> >> Not sure what is meant by this question. But I'd like to see us
> something
> >> like Elasticsearch+Logstash+Kibana. I'm still figuring out myself how
> to use
> >> this "ELK" stack which can make really nice looking dashboards like
> these:
> >>
> https://www.elastic.co/blog/kibana-4-for-investigating-pacs-super-pacs-and-your-neighbors
> >> and check this link:
> >> https://www.elastic.co/blog/kibana-4-beta-3-now-more-filtery/
> >>
> >>
> >> I'm going to try attend both sessions.  I will be in Amsterdam. Looking
> >> forward to meeting all of you smart people.
> >>
> >> Regards.
> >> Timo
> >>
> >> On Mon, May 11, 2015 at 5:39 AM, John Melton <jtmelton at gmail.com>
> wrote:
> >>>
> >>> All,
> >>>
> >>> Colin is running a couple of sessions at appsec eu related to
> appsensor.
> >>> The first is on Tuesday (5/19) for documentation updates. The second
> is the
> >>> reason for this email.
> >>>
> >>> The actual session is Wednesday (5/20) from 13:30 - 17:00 local time
> >>> (Amsterdam, NL).
> >>> (
> https://www.owasp.org/index.php/OWASP_Project_Summit_2015/Home#13:30_.E2.80.93_17:00_AppSensor_.28Code.29_.E2.80.93_Dashboard
> )
> >>>
> >>> The expectation of the session is: "... [design of] a reporting
> >>> dashboard. This session is to brainstorm ideas and layouts for the
> >>> dashboard, and identify what tools/libraries can assist in the
> creation of
> >>> the dashboard. Bring ideas, energy, URLs, paper and pens! The outputs
> will
> >>> be dashboard mockups."
> >>>
> >>> In preparation for this meeting, we'd like to give everyone an
> >>> opportunity for early input. Specifically, we are looking for:
> >>>
> >>> - who are the target audience(s) for the dashboard?
> >>> - what are the use cases that need to be handled? ops room view, attack
> >>> research, etc.
> >>> - what is the "normal state" - nothing on the screen at all???
> >>> - what is usefully displayed?
> >>> - what sort of patterns would a typical attack look like, and how would
> >>> visualisation help highlight this?
> >>> - what drill down/view might be useful?
> >>> - what do you want to be there for sure?
> >>> - what do you NOT want to be there for sure?
> >>> - sample tools/views you find helpful?
> >>> - any UI patterns we should use / not use?
> >>>
> >>> These questions are just examples to get you thinking. ANY and ALL
> input
> >>> is valuable.
> >>>
> >>> Let me be clear - THIS IS YOUR CHANCE TO INFLUENCE THE UI ! Feedback /
> >>> input is critical at this point. This will be the main development
> effort
> >>> for the next couple of months, so input now is crucial to building
> something
> >>> useful.
> >>>
> >>> We're also considering holding a phone call this week or early next if
> >>> people would find that useful as a way to provide input. Please let me
> or
> >>> Colin know if you'd be interested in joining a call, and if there's
> >>> interest, we'll set it up.
> >>>
> >>> Thanks,
> >>> John
> >>>
> >>> _______________________________________________
> >>> Owasp-appsensor-project mailing list
> >>> Owasp-appsensor-project at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> >>>
> >>
> >
> >
> > _______________________________________________
> > Owasp-appsensor-project mailing list
> > Owasp-appsensor-project at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-appsensor-project/attachments/20150529/3bfb4f1d/attachment.html>


More information about the Owasp-appsensor-project mailing list