Apache Superset is an easy-to-use data exploration and data visualization platform.

You can install it on your local and also you can use it as a service.

• Installing Superset Locally Using Docker Compose
• Preset Cloud

In this page, I will demonstrate how you can use SuperSet to visualize Mihari data.

Connect to the database

Go to Data → Databases, click + Database button and fill the form.

Visualize artifact data

In SQL Editor, you can write a SQL query to generate the dataset to analyze/visualize.

(Note: The DB schemas of Mihari are written in Database schemas)

For example, let's filter the IP address data based on a tag and visualize the data with the country map and the time series chart.

SELECT artifacts.data, artifacts.data_type, tags.name, geolocations.country_code, artifacts.created_at FROM artifacts 
LEFT OUTER JOIN taggings ON taggings.alert_id = artifacts.alert_id
LEFT OUTER JOIN tags ON taggings.tag_id = tags.id
LEFT OUTER JOIN geolocations ON geolocations.artifact_id  = artifacts.id
WHERE artifacts.data_type = 'ip' AND tags.name = 'tag_to_filter'
ORDER BY artifacts.created_at DESC;

This query generates results like the following.

Then click the Explore and set the following conditions to generate the country map:

• Visualization type: World Map

• Country column: country_code

• Metric for color: count