Attack of the Day

Attack Maps

This isn’t really an attack of the day.. it’s more of a “I needed to learn Javascript and this was my project” type thing. The map is fun for about 10 minutes; after that, not as much.  It is cool to see where things are coming from and what is being thrown away, though.  Want to see this glorious map? *updated: 8/3/15* Well, too bad. I broke it and am not really interested in fixing it. Sorry.

How the Map Works

Data Collection:  All of the data is collected in Splunk via syslog.  Yes, I fully understand I could have created a very similar dashboard in Splunk without having to build a backend node.js server and a bunch of client side Javascript.  But the point was to learn Javascript, so Splunk’s role in the was that of Data Aggregator/Normalizer and GeoIP Lookup Engine.  There are a few sources that feed into Splunk, so it made it easy to rename fields in reports and made the node.js part very easy.

Data Streaming:  Node.js custom application.  This was written using a few libraries to speed things along.  Primus was a primary component.  It’s named after some Transformers thing, I guess. I prefer to believe it was named after the band.. It handles all the WebSockets to/from the client.  There is an http client request that periodically grabs data from Splunk, makes sure it’s ok before dropping it in mongoDb.  Is mongoDb really necessary?  Not at all.. I just wanted to play with it, so I made it the primary queuing point for data to be sent to clients.

Data Visualization:  Again, lots of libraries in use here.  The map is a service called MapBox.  It’s free for kids like me with no traffic and seemed to be the nicest thing going.  Being based on Leaflet was an added perk since it’s well supported in the community.  Vega, based on DS3, provided the framework for the spectacular bar chart at the bottom. The supporting detail tab is a quick web socket call back to node.js/mongodb for the most recent list of whatever port was requested.

It took about a week of development, mainly because I had nearly no idea what I was doing.  I spent a lot of time reading Professional Javascript for Web Developers and a ton of time on Google.  I’ll don’t imagine I’ll continue to update the code, mainly because everything I’m doing could be done directly in Splunk with far less effort.  I have a few ideas about some non-map visualization, so if I get motivated this project could morph into something new..  We’ll see, I guess.  Overall it was a good experience, I learned (some) Javascript and have a cute map to show for it.  Victory is mine.

Leave a Reply

Your email address will not be published. Required fields are marked *