VIAssist can accumulate information from multiple data sources, including:

• intrusion detection / protection sensors and logs

• traffic analyzers
• sniffing devices
• system logs (in development)
• IDS databases, e.g., Snort (in development)
  

While configured to visualization network connection data by default, VIAssist is capable of visualizing any relational database. Main tables, called Fact Tables, located in the VIAssist data repository contain data that conceptually describes network assets such as Hosts, Events, Sensors, etc.  Database tables from the originating relational database must be matched to database tables in the VIAssist data repository. Client specific database tables that are not part of the VIAssist database schema can be easily created in the VIAssist data repository before importing data from each client specific table.

Limitations

VIAssist is not an intrusion detection system or a network sniffer, nor does VIAssist poll a database at regular intervals.  Therefore, VIAssist is a pseudo real-time analyzer of network data because VIAssist displays data exported from the database containing real-time information from an IDS or Traffic Analyzer.

Additionally, the display time of large datasets grows linearly with the volume of data that is retrieved from the VIAssist repository.  To ensure a reasonable display time, the use of VIAssist’s Smart Aggregator is suggested to intelligently aggregate large dataset into manageable, clustered datasets.  Also recommended is the use of VIAssist’s Expression Builder to fetch a subset of a large data source from the data repository based on user-defined criteria.