The field of security visualization is in need of a paradigm shift in order to allow visualization tools to be practically used by security engineers. Security engineers must complete two different tasks, that of discovery of a pattern, and that of searching for a pattern in a data set. Current security visualizations do not aid the user in creating symbolic rules that represent visual patterns. Transforming visual patterns to symbolic rules requires effort by the security engineer and detracts from their main task of discovering interesting patterns. In this paper we describe the idea of closing-the-loop, a system where symbolic rules are created from visual patterns.