Sunday, April 22, 2007

SGUIL/BIRT: SGUIL Reports Built Using BIRT, Description Available on Sguil WIKI

Sometime ago I had some brief discussions with David Bianco from Vorant about writing a series of functional reports using BIRT. I never managed to get past the initial discussion (EclipseCon, book project, major life changes, etc), however he continued on and has completed some amazing work. He wrote an article about it, with a sample report, and wrote a very detailed entry on the Sguil Wiki page.

I have been trying for some time to get BIRT into the world of SGUIL and NSM, since I've believed from my beginnings into the world of NSM in 2001 that the reporting features of tools for analysts was lacking, so I am very glad to see someone else agreed with me and made headway in this area. BIRT is a very versatile tool, and I am glad to see that its capabilities are able to assist security analysts in detecting patterns and help security personnel make informed decisions. Some of the features of the finished reports aren't visible in the example reports, such as the the hostname fields in the reports which are real-time reverse DNS lookups. Using these reports as an example, a whole slew of additional functionality can be added, such as SANS lookups of offending IP's and ports, and a possible detail section at the end of the report explaining each alert might be beneficial (don't know if there are still sights out there that provide explanations of SNORT alerts), especially if being viewed by not so technically included managers.

Good job David.

BIRT: Style Sheets and Themes

One of the things that I have the tendency to completely overlooked are style sheets. I typically just regard them as tricks for graphic designers, and have little to no consequence for a developer. However, with BIRT, I actually have an opportunity to play with and learn how to apply style sheets since BIRT supports style sheets for reports.

Style sheets are a means of creating a layout configuration that can be reused consistently throughout a page. This allows for uniform and consistent layouts, and helps prevent developers from having to constantly redo the same graphical properties, such as font attributes, alignment, colors, and so forth.

Creating style-sheets in BIRT is a fairly simple task, and in practice doesn’t deviate too much from web design environments such as Dreamweaver. With BIRT, however, you have pre-defined styles that will automatically apply to various sections of your report, such as to table rows, headers, or footers. This is nice since you can build a whole slew of these in a library and use them in reports as themes, and keep a consistent look and feel among all your reports.

In the below examples, we will demonstrate how to build a theme into a library and apply them to a report.

First thing you need to do is create a new library. So in your BIRT report projects, from the Project Navigator, right mouse click on the project, and select new library. For my example, I called my library styles.rptlibrary. Open up the Outline tab, and look under the Themes group. This is where your themes and your styles get stored in libraries. Themes are overall, general layouts for reports, and contain any number of styles. Styles are individual style-sheets. These apply to a single report entity, such as report headers, table headers, rows, cells, etc. For our example, I want to create a new Theme called CheeseStyles that will contain a very simple theme for my demo reports.

Figure 1. The CheeseStyle Theme with a few styles

As illustrated in my above screenshot, I already have created 2 styles, one for my table detail rows and one for my table header. The requirements for my layouts are that my headers have an all black background with bolded white text for the column headers, and that my detail rows alternate between light grey to light blue, with black text. In order to accomplish this, I will create a few style sheets, one for the header and one for the detail row.

Since the header row is the easier one of the two to create, I will demonstrate it first. In order to create it I will select my Theme, right-mouse click, and choose New Style. I could create a new style, but there are already pre-defined style elements for most of visual report elements, so I will choose “table-header” from the list of predefined styles. Once selected, I will select the following properties:

  • -Font:
    • -- Color = White
    • -- Size = Large
    • -- Weight = Bolder
  • -Background:
    • -- Color = Black
  • -Text Block:
    • -- Text Alignment = Left
  • -Box:
    • -- All Padding Elements = 1 Points
  • -Border:
    • -- Color:
      • ---- All Elements = Black

This will take care of all of my headers for my reports when I apply this theme to them. Next I want to create my row details (table-detail from predefined styles), and will use the following parameters:

  • -Background:
    • -- Background Color = Silver
  • - Box:
    • -- Padding All parameters = 1 Points
  • -Border:
    • -- Color All parameters = White
  • -Highlights:
    • -- This one is a little tricky to set up. What you want to do is create a new highlight rule, with the condition set to “(row.__rownum % 2) equal 0”. Set the background color to RGB(128, 128, 255). This will allow every other row in the style to alternate background colors, right from a style sheet.

And that’s it, my basic theme is created and stored in my library. Now, what I want to do is create a new report. In my example I created a report called testStyleReport.rptdesign. I used the Classic Cars database as my data source, and used the following query:

select *


I drag over this new data set to my report design in order to create my report. Now that I have a basic report, I want to apply my new theme. In order to do this, I go over to the Library Explorer, and under Shared Libraries, I select my style.rptlibrary file, right-mouse click, and choose Use Library. Now that this library is included in my report design, I go to the outline, choose my testStyleReport main root element from the tree view, and under the Property Editor, I open the General tab, and under the Themes drop down list, I select styles.CheeseStyle. That’s all there is to it. I now have my Theme applied to my report.

Figure 2. Report with Theme Applied

Wednesday, April 11, 2007

Programming: Where to Start as a Beginning Programmer

I was reading this article on OSNews and it got me thinking, where does a beginner go to start programming. There were lots of suggestions that I liked, such as Eifle, Python and a few others. However, I have a different path in mind.

I started programming in Pascal. I prefer Pascal as a starter language for a number of reasons. The biggest of which is its forced structure. Pascal forces you to declare variables before their use, it uses a more English like syntax than other languages such as C/C++ and Java, where a lot of symbols are used. Thats just a preference.

So what should a programmer study? What makes the foundation for a good programmer? Thats a fairly straight forward answer. I like to use SADO as a shorthand to describe this. SO what does that stand for?

S: Structure - under standing proper programming structure, and structured programming techniques. Understanding basic variables types would go here. Maybe introducing pointers as well would come a little later. Where variables are declared and how they are used. Good psuedo coding practices are also encouraged at this state.

A: Algorithms - Understanding basic algorithms and how to put them togeteher. Using programming constructus such as conditional logic, for loops, while loops, and moving on to more advanced algorithms such as sorts, searches, and so forth.

D: Data Structures - Understanding basic data structure techniques, like building records, linked lists, maps, arrays, vectors, and so forth are vital. This is combined with Algorithms.

O: Object Oriented Programming - I like to leave this as a last topic to cover in programming since a fundemental understanding in the previous 3 topics since objects are, in a way, an advanced data structure with functional components.

At some point after these basic principles are in place, moving on to lower level programming is highly recommended. What do I mean by that? Well, either working with languages that allow much lower level access to hardware, such as C/C++, or working directly with assembly or inline assembly. This gives a great introduction to how the internals of the modern PC work. (For this very reason, I really do miss the older DOS systems, which allowed direct access to hardware).

Once a programmer can visualize how to solve problems in their head, everything else is just syntax.

At this point in a programmers development, learning tools to assist development is highly recommended. With so much programming knowledge behind them, the first answer for everything is to write a program, often times forgetting that there are a lot of tools already out there. Need a budget, don't write a budget program, use a spreadsheet. Need to keep track of contacts, don't write a program, use a PIM, or a small desktop database. It is also highly recommended to learn some 3rd gen languages, scripting languages, and SQL. Learn command line scripting tools can assist you. Often times, a quick script and a some piping can solve problems more efficiently than a full blown program. I remember one programming challenge one time where the participant needed to make a socket request to a site, get the number that the site would respond with, and figure out some really complicated math operation, and respond with the answer within 3 seconds. Reading the newsgroups for this, people were trying to figure out how to use sockets. My solution was a little easier, a small C program to do the math, some pipes, and Netcat to handle the network connection. Its not that I couldn't do the socket, its just that there was already something out there that handled it for me.

And finally, keep reading. Lots and lots of reading.

I had tons of programming logic and design books that I started out with (unfourtuntly, most of which have since passed on, so their names escape me). These books were all in Pascal, then I moved on to C, C++, Asm, Java, and Visual Basic.

Friday, April 06, 2007

Gaming: Guitar Hero II

As my PHP gig is winding to an end, with tons of notes and topics to write about, I've taken a few minutes here and there to unwind with the recent release of Guitar Hero II for the XBox 360. I'm not going to review it, since that has been done in about a million other game sites. So what I offer is an unbiased view of what is the current hot topic in gaming at the moment.

Guitar Hero is a fun game, bottom line. If you have a partner, its even more fun. I only have 2 real complaints.

1: Price, which is my biggest complaint. 80 something dollars for the guitar and game bundle, then another 50 bucks for an additional guitar.

2: No online play. But since this is a music game, and there would be too big of a latency issue I would think between onscreen timing, music, and network. But then again, the wizards in the gaming industry have pulled some rabits out of their hats before, so maybe network play is still in the pipeline.

A few things. If your a guitarist already (or former in my case), this can be a hinderance in the game as you tend to go with the rhythm of the music instead of the onscreen queues. But you adapt quickly.

Outside of those few things, this game, much like the Wii, is a badly needed breath of fresh air. Hopefully the gaming industry will clue in that first person shooters aren't nearly as exciting as they used to be and make more games like this.