[lizen_one]

That sounds really interesting! Can you give a few more details how you use Graphviz? How does it give such a great advantage "to do in a couple of hours what typically would take client staff months."

Did I understand it correctly that you use it to discover patterns? Are these patterns discovered by just using the layout engines? Arent' other tools, e.g. networkx in Python or cytoscape in javascript easier to use interactively in a REPL? What is the typical workflow (maybe plot, find interesting pattern, change query/data in a loop)?

I'm really interested in how Graphviz can be so great. I am currently working with the other mentioned tools for visualization purposes.

[motohagiography]

Really simply, I typically use Neo4j, but if I have flat homegenous data, I just use Graphviz because the dot markup format lends itself to parsing easily in awk command lines. The times I have used networkx was when I needed a graph abstraction layer to reason about another graph query, so networkx wasn't used as a persistent graph store, but more of an intermediate data structure for orchestrating multiple service and api calls, like a low rent graphql. I'm a crap developer, but the graphs were what i needed to piece the logic together coherently.

One example of clients taking months is mapping counterparties to agreements. Let's say you have inherited a division that has file share full of contracts and you want to understand the line of business. You get the counterparties out of the contracts and find all the paths for obligations between entities within the division and their counterparties. The graphviz/dot layout gives you a map of all those parties in a single slide and shows clusters, instead of a 3 lb. document with a paragraph for each of them that would have cost a massive amount of consulting time, or interviewing several people to get their narrative understanding of how the business worked, the graph provides an objective map. You could just use D3js, but for me the dot markup was faster on the command line than structuring json.

The idea is if you can formulate a conceptual, narrative ontology of an organization, you can create a grammar of things and relationships, and then you can plug data (contract counterparties) into that model and form a fairly complete map.

Another recent use case was enterprise vulnerability scan data over a very full /16 address block, allocated across multiple divisions under different management hierarchies with thousands of hosts. By linking the host ownership data to projects and an org chart with the types of vulnerabilities, I could demonstrate in a couple of slides what the highest impact patching strategy would be. Again, graphviz for sketching up the ontology, then Neo to do the lifting.

On a much simpler scale that was more graphviz/dot oriented, I did some work for a startup where I worked with the executive team who had acquired a codebase and talent, and created an ontology of their pipeline customers, their stated needs, implied product features, platform dependencies, our service interfaces, their code bases, and demonstrated the flow of how work on the code bases flowed through to impact revenue. This ultimately got represented as a Sankey diagram, but it was graphviz/dot I used to sketch up the initial ontology.

[jcims]

Have you tried gephi? It's not exactly an alternative to graphviz (eg. you can't cluster nodes) but it handles much larger graphs and has a bit more flexibility in layout. It has plugins for both dot and neo4j input.

Graphs and infosec go very well together.

[motohagiography]

Wow that looks cool. It reminds me of what Orange.app was for regular data viz, this Gephi is for graphs.

It's pretty notable that the coolest data viz is for discovery, whereas most managers just need to know whether the line has gone up or down. I'm thinking there may be a fundamentally different cognitive orientation to whether one is hunting for opportunity or managing a resource.

[momirlan]

Gephi is fantastic, unfortunately it it hasn't seen a new release since 0.9.2 in 2017.