Open Source Software for modeling real time security events in 3D.

• NEW VIDEO! Modeling Twitter relationships with Tw3dr
• VIDEO: Example network and events
• VIDEO: Controls like zoom, rotate, pan, viewpoints
• VIDEO: Traffic Routed through Proxy
• Original Gibson video trailer
• Shmoocon Presentation (Open Office)
• Shmoocon Presentation (Power Point)
• Gibson / 3D Visualization White Paper

You must also install Panda 3D from panda3d.org. You'll need the Plugin or SDK for the .p3d package, while the tar file requires the SDK.

Documentation (yes, this is it for now!)

1. Install Panda, as described above. Make sure you can run one of the samples.
2. Run an nmap scan of the desired address range(s): nmap -sT [-sU] -O -o X output.xml [addresses]
3. Copy the file random.conf to gibson.conf and edit to reflect your subnets and what security zones you want them in. You must have at least one security zone. E.g.:
   security_zones=local_nets
   local_nets=192.168.1.0/24
4. Or you can use the sample data files, random.conf and random.xml
5. Run Gibson: ppython gibson.py -c random.conf -x random.xml (Or use the gibson.conf and output.xml files you created earlier.)

• For Bro, use the default alarm.log file and type "ppython event_daemon.py localhost 1723 bro < alarm.log"
• For snort, use "fast alert" format and type "ppython event_daemon.py localhost 1723 snort < [snort_log_file]
• For syslog, type "ppython event_daemon.py localhost 1723 syslog < [syslog_file.log]
• Note: You must specify which filter to use: bro, snort, or syslog.

Copyright (c) 2011, Dan Klinedinst
Licensed under the Gnu Public License. For details, see: http://www.gnu.org/copyleft/gpl.html