Ergo Witness is a network visualisation tool that shows network data in a creative way in 3D spaces. On the backend, the data is gathered by running tools like Bro, Packetbeat, and Snort, and pushing their logs in JSON format to the ELK stack (Elasticsearch).
The ‘front end’ as I call it, is developed in the Unity game engine, pulling the information it needs down from the server with HTTP requests. By using a game engine like Unity to represent network data, there are not only possibilities of fun, interactive data analysis, but also the beginning of what could possibly be a very powerful Virtual Reality toolkit for network professionals.
Using Ergo Witness is very simple to setup.
In order for this visualization to work, you need a source of network traffic. For network data, Bro, Filebeat, and Packetbeat are run on a capture server. These services then forward their JSON formatted logs directly to Logstash, which is where the data is aggregated. Then, Unity queries Elasticsearch using the web API.