[Owasp-appsensor-project] appsensor dashboard design prep for appsec eu
colin.watson at owasp.org
Fri May 29 06:37:04 UTC 2015
I have aggregated these comments, and added my own, at:
When I develop, I quite like the flexibility of laying things out as I
go. I like to see the output and can't design it all in advance. So
I'd be happy to comment on mocks/screenshots of work in progress if
that would help further.
On 18 May 2015 at 04:52, John Melton <jtmelton at gmail.com> wrote:
> Ok, waited a few days. Here were my original notes which are a bit of a
> brain dump:
> - who are the target audience(s) for the dashboard?
> - operations, developers
> - what are the use cases that need to be handled? ops room view, attack
> research, etc.
> - dashboard on the wall
> - research on attack(s) in progress
> - what is the "normal state" - nothing on the screen at all???
> - same as with "active issues", maybe a message about no data found.
> Need to differentiate so we know we're not missing data b/c of a bad
> connection. Maybe have a "connected to backend" message displayed somewhere.
> - what is usefully displayed?
> - "main" chart of a sliding window (last 5 minutes?), possibly
> - stacked chart with all detection points with sum total
> - something like colin's video of the red/orange/yellow nodes for
> each detection point, growing darker the more active they are
> - a bubble chart, bubble per detection point, growing based on
> activity (another version of colin's example)
> - some other statistics on the main dashboard:
> - total events over varied recent time ranges (minute, hour, day)
> - scrolling list of recently logged events, attacks, responses
> - most "active" users or IPs
> - avg events/attacks/responses per minute/hour/day, etc. - give some
> sort of useful guage to know if "now" is better/worse than usual.
> - what sort of patterns would a typical attack look like, and how would
> visualisation help highlight this?
> - not sure, need some help from ops folks on this one
> - what drill down/view might be useful?
> - by user
> - see data charted over a sliding window of time (default to last
> - see what client applications saw this user
> - see a thread of activity (timeline) showing what the user's been
> seen doing when
> - by detection point (label - ie. specific detection point)
> - see data charted over a sliding window of time (default to last
> - group by client application (20 total, 2 on app A, 18 on app B, 0
> on C/D/E)
> - (not for v1) - by metadata
> - if a developer defines custom metadata, we could allow grouping on
> some key name - might be useful in custom situations
> - configuration editor
> - need a UI to expose the configuration for detection points and
> their associated responses (need admin role)
> - need a serializer/deserializer for save/read
> - what do you want to be there for sure?
> - simple, understandable, useful visualizations
> - config editor
> - what do you NOT want to be there for sure?
> - too much on the screen
> - the wrong visualizations
> - sample tools/views you find helpful?
> - charts using some library ???
> - would like to use websockets - need to beef up support
> - backend likely spring boot / spring security
> - bootstrap
> - jquery
> - http://startbootstrap.com/template-overviews/sb-admin/
> - https://www.almsaeedstudio.com/preview
> - any UI patterns we should use / not use?
> - relying on bootstrap
> - no pie charts :>
> On Tue, May 12, 2015 at 1:40 AM, Timo Goosen <timo.goosen at owasp.org> wrote:
>> >- who are the target audience(s) for the dashboard?
>> People in operations who are running infrastructure that the application
>> is hosted on.
>> >- what are the use cases that need to be handled? ops room view, attack
>> > research, etc.
>> Attack research, ops rooms. Would also be nice to see appsensor used
>> BlueTeam vs Red Team CTF competitions , could be used by the Blue Teams.
>> Would be a good place to put Appsensor to the test. Would be cool to use
>> AppSensor to monitor an app running in a competition like this:
>> >- what is the "normal state" - nothing on the screen at all???
>> Normal traffic, no anomalies in log data.
>> - what is usefully displayed?
>> - what sort of patterns would a typical attack look like, and how would
>> visualisation help highlight this?
>> >- what drill down/view might be useful?
>> Would be interesting and helpful to see information especially at the
>> enumeration stage of an attack. Also would be interesting to see traffic
>> coming from blacklisted IP's.
>> - what do you want to be there for sure?
>> - what do you NOT want to be there for sure?
>> - sample tools/views you find helpful?
>> >- any UI patterns we should use / not use?
>> Not sure what is meant by this question. But I'd like to see us something
>> like Elasticsearch+Logstash+Kibana. I'm still figuring out myself how to use
>> this "ELK" stack which can make really nice looking dashboards like these:
>> and check this link:
>> I'm going to try attend both sessions. I will be in Amsterdam. Looking
>> forward to meeting all of you smart people.
>> On Mon, May 11, 2015 at 5:39 AM, John Melton <jtmelton at gmail.com> wrote:
>>> Colin is running a couple of sessions at appsec eu related to appsensor.
>>> The first is on Tuesday (5/19) for documentation updates. The second is the
>>> reason for this email.
>>> The actual session is Wednesday (5/20) from 13:30 - 17:00 local time
>>> (Amsterdam, NL).
>>> The expectation of the session is: "... [design of] a reporting
>>> dashboard. This session is to brainstorm ideas and layouts for the
>>> dashboard, and identify what tools/libraries can assist in the creation of
>>> the dashboard. Bring ideas, energy, URLs, paper and pens! The outputs will
>>> be dashboard mockups."
>>> In preparation for this meeting, we'd like to give everyone an
>>> opportunity for early input. Specifically, we are looking for:
>>> - who are the target audience(s) for the dashboard?
>>> - what are the use cases that need to be handled? ops room view, attack
>>> research, etc.
>>> - what is the "normal state" - nothing on the screen at all???
>>> - what is usefully displayed?
>>> - what sort of patterns would a typical attack look like, and how would
>>> visualisation help highlight this?
>>> - what drill down/view might be useful?
>>> - what do you want to be there for sure?
>>> - what do you NOT want to be there for sure?
>>> - sample tools/views you find helpful?
>>> - any UI patterns we should use / not use?
>>> These questions are just examples to get you thinking. ANY and ALL input
>>> is valuable.
>>> Let me be clear - THIS IS YOUR CHANCE TO INFLUENCE THE UI ! Feedback /
>>> input is critical at this point. This will be the main development effort
>>> for the next couple of months, so input now is crucial to building something
>>> We're also considering holding a phone call this week or early next if
>>> people would find that useful as a way to provide input. Please let me or
>>> Colin know if you'd be interested in joining a call, and if there's
>>> interest, we'll set it up.
>>> Owasp-appsensor-project mailing list
>>> Owasp-appsensor-project at lists.owasp.org
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
More information about the Owasp-appsensor-project