Log information is gathered by computer systems constantly, especially alert logs by security tools. These logs are textual and it is hard to get a sense of what is happening and what (if anything) is different from the norm.
The visualization built and tested is a treemap of alerts generated by a network IDS system (Bro). Log are parsed into fields that a treemapping tool can parse and the treemap will be ordered in different ways to see if it provides insight into current or historical activity.
Class presentation on Security Visualization Tool
Final writeup of visualization tool
And...a thumbnail! 