Apache Superset is an easy-to-use data exploration and data visualization platform.
You can install it on your local and also you can use it as a service.
In this page, I will demonstrate how you can use SuperSet to visualize Mihari data.
Go to Data → Databases, click + Database
button and fill the form.
In SQL Editor, you can write a SQL query to generate the dataset to analyze/visualize.
(Note: The DB schemas of Mihari are written in Database schemas)
For example, let's filter the IP address data based on a tag and visualize the data with the country map and the time series chart.
SELECT artifacts.data, artifacts.data_type, tags.name, geolocations.country_code, artifacts.created_at FROM artifacts
LEFT OUTER JOIN taggings ON taggings.alert_id = artifacts.alert_id
LEFT OUTER JOIN tags ON taggings.tag_id = tags.id
LEFT OUTER JOIN geolocations ON geolocations.artifact_id = artifacts.id
WHERE artifacts.data_type = 'ip' AND tags.name = 'tag_to_filter'
ORDER BY artifacts.created_at DESC;
This query generates results like the following.
Then click the Explore
and set the following conditions to generate the country map:
Visualization type: World Map
Country column: country_code
Metric for color: count