I spend a lot of time using R, theprogramming language and software environment for statistical computing and graphics. Its incredibly useful for visualization and analysis, consider Data-Driven Security as a great starting point and reference, along with this article,if youre further interested.
One of my recent discoveries (I">system toinvoke">system, in two lines I can call Log Parser, pull the Windows security event log, write it to CSV, and create a data frame out of it that I can then do any number of other cool things with. Note: to pull the Windows security event log you need to be running with elevated privilege and need to run R as admin for this example scenario.
In short:
Set a working directory:">setwd(D:/coding/R/EventVizWork)
Call Log Parser with system:">system(logparser Select * into security.csv from Security -i:evt -o:csv)
Statistics:
-----------
Elements processed: 112155
Elements output: 112155
Execution time: 26.80 seconds
Read the results into a data frame:">secevtlog - read.csv(security.csv)
Tomorrow I">|">@holisticinfosec
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.