Ontic Platform Glossary
Platform Terms
Platform: the Ontic application as a whole.
Workspace: a segmented environment within Ontic which maps to a specific client organization, with the purpose of serving multiple-segmented groups that may have different objectives or segmented datasets. Users may be given permissions to one or multiple workspaces depending on the company’s own organizational structure. Example: a client may set up different workspaces in Ontic for the Insider Threat and Executive Protection teams.
Entity: any person, event, or group entered into Ontic as an object of interest. Some Ontic clients may interchange Ontic entities with the standard industry term “POI” but we use the broader term Entity because it encompasses more than just persons of interest.
Profile: an individual with an unassigned threat level. Once a threat level is assigned, that individual would be classified as an Entity within Ontic. Profiles can also be derived from social media handles whose associated posts were identified via a set of social listening Topics, or from guest lists uploaded via the Rapid Scan feature.
Principal: assets being protected (person, location or event). Principals in Ontic can be associated with an Entity or a Topic.
Signal: any piece of data that was brought into the Platform by integrated data sources or manual user inputs.
BOLO: acronym for Be On the Lookout. In Ontic, can be used as a designation for an Entity and also the ability to generate a BOLO report in PDF format for dissemination.
Intelligence Research / Research: The function in Ontic to tap into external data providers to find additional identifying information about individuals. Research can be conducted both on existing Entities or “from scratch” if an entity does not already exist.
Incident Management:
Incidents: events associated with a vehicle, a person, or a situation that could lead to loss of, or disruption to, an organization's operations, services, personnel or functions. These observations can be captured in a consistent, time-sensitive manner and stored within the Ontic platform to log incident report data.
Investigations: a section of the Ontic platform to build a rich case history of selected observations and conduct systematic examinations of reported incidents. Each investigation can capture basic details of the case, reference the source data, enable collaboration, visualize associations, notes, timeline of case activity, evidence, and conclusion summaries.
Assessments: digitization of proprietary threat assessment forms and workflows to help facilitate a standard and repeatable assessment process within the Ontic platform.
Universal Search: The search bar always at the top of the screen in Ontic that allows you to search for text in Entities, Signals and even text-based Documents stored in Ontic. Documents such as stored files and images can be searched for their content as well as their file names.
Rapid Group Scan: function that allows you to cross-reference a list of individuals or pieces of data against the known Entities that exist within the platform. This process can identify matches of data between an imported list for things like events, facility visitors etc. Formerly known as Guest List Verification
Identity Research: a function of the Ontic platform that assists in resolving the identity of individuals or Entities. Identity Research is powered by third party data sources and allows you to gain greater insight into individuals’ or Entities’ physical and digital presence (addresses, phone numbers, email addresses, social media accounts etc).
User Collections: act as a “pin-board” on the individual User level. You can add Signals or Entities to a User Collection for quick reference.
On-Demand Strategic Services: On-demand, curated risk insights delivered to your workspace from Ontic’s investigative team.
Metrics: visual tools in Ontic that provide a high-level overview of activity and trends of your Entities, signals, and consumption of information.
Database Terms
Database Entity Activity and Sources
Criminal Activity: Represented as a “light box” in the Entity Details tab to show activation status, sourced from Public Records
Identity: Represented as a “light box” in the Entity Details tab to show activation status, Sourced from Identity Research
Location Detection: Represented as a “light box” in the Entity Details tab to show activation status, sourced from Entity Vehicle data input and License Plate Recognition sources. Real-time information showing locational data for a POI based on the license plate. The activation of this feature requires either an Entity’s full License Plate Number or VIN number to be entered into the Entity Details section.
TLOxp: an integrated data source for Identity Research. Questions about Integrations should be directed to your Ontic team.
Database Details Fields
Reason for Inclusion (RFI): section in the Security Overview in the Entity Details tab. The general reason for including an Entity within the Platform, such as “Suspicious Activity” or “Excessive Letter Writing.” RFIs can be customized by your Platform Admin.
RFI Date: section in the Security Overview in the Entity Details tab. The date when the Entity was first identified as an interest to the organization.
Security Directive: user-defined instructions in the Entity Details tab on necessary steps for personnel to take if an entity is observed. Examples include “Contact Security Manager” or “Notify Police.”
Database Entity Tab Sections
Public Records: Data source within the Ontic platform that provides discovered public records on an Entity (includes information on criminal arrests, criminal incarceration release, criminal cases, civil cases, traffic citations, liens, and bankruptcy filings). The ability to receive Public Records historically and moving forward are automatically activated if the following information is associated with an Entity:
First and Last Name
AND at least one of the following:
Date of Birth
Full Social Security Number
Driver’s License Number
This data can be viewed either in the Public Records tab of a given entity, or in an Intelligence Feed.
Connections: describes visually how one entity is connected or associated with another entity, event, group, or social signal in the Platform. Can be accessed via the Connections tab within an Entity.
Link Analysis: an action performed in the Connections section to understand the relationships between Entities.
Files: section of Entities where files of any type can be stored and accessed.
Timeline: an interactive, historical view of Entity data and actions taken by Platform users including Observations, notes, audit trail, and more.
Intelligence Terms
Topic: A boolean search query related to a particular investigative area that taps into social media information. For example, threat words in relation to your organization’s Principals. Topics are configured by those with Admin roles, but Topic results can be viewed by all users regardless of role.
Query: boolean text strings used to define the scope of the social listening searches within a Topic, The terms in a query define what keywords will be captured within Ontic Topic Intelligence Feeds. ; they are made up of terms and operators.
Intelligence Dashboards: dashboards that surface the results of OSINT searches as well as other customizable results coming from other intelligence sources such as Public Records, Identity Intelligence, Location Detection, Image Detection, etc. Intelligence Dashboards are built on the user-level but can be shared with other Users or User Groups.
Intelligence Feeds: visual way to consume signals in Ontic. Such signals can come from Topics, Entity activity, system alerts, as well as data integrations.
Topics Stream: a type of Intelligence feed, allows you to consume the Signals from online media sources (most commonly social media) in a column in your dashboard view.
Entity Signals: data that is associated with a specific Entity stored within Ontic. Entity Signals can come into Ontic through various channels automatically (example) or can be manually entered by a user.
Live Preview: A real-time live stream coming from Twitter based on keyword parameters set by a user.
System Alerts: Ontic specific alerts that can be viewed either in the Notifications icon in the Navigation bar or as an Intelligence Feed. System Alert preferences can be set within User Preferences found by clicking on your User Name in the Navigation Bar and clicking on Preferences.
Team Collaboration: a type of Intelligence Feed type that allows you to view all @mentions of your User Name within Ontic. This centralized view allows you to see where you have been @mentioned within the Notes section by your teammates. Team collaboration can be conducted through various entry points in the platform: in the Entity Notes tab, within an Investigation, or on individual signals viewed in an intelligence dashboard.
Subscribed Topics: Subscribed Topics is an Intelligence Feed type that allows you to view all of the Signals from the Topics of which you are subscribed. Topic Subscriptions can be set on the Topic page.
Subscribed Entities: Subscribed Entities are the Entities that you have manually chosen to Subscribe to. Notification preferences can be set within User Preferences found by clicking on your User Name in the Navigation Bar and clicking on Preferences.
Assessment Terms
Form Library: section of the platform used to create and store configurable question and answer forms to be leveraged in assessments.
Assessment Flow: section of the platform used to create decision trees and automated workflows that trigger based on how assessment forms are completed.
Incident Terms
Investigations: The ability to start (open) an investigation within the Ontic platform and manage the case lifecycle until the investigation has been completed and closed.
Investigation Source: the observation or external signal that triggered the start of an investigation.
Team: the team assigned to work on an investigation. Specific roles & permissions can be applied by the lead investigator to each member who contributes to the case.
Associations: an observation, entity, or profile who could be connected to the case. These linkages can help visualize connections between individuals or other recorded events.
Evidence: the available body of facts or information that could be attached to the case / investigation.
Conclusion: a written executive summary of the overall case along with the time spent on the investigation by the team.
Administration Terms
Administrator (Admin): Ontic User Role; a Platform user with the highest level User permissions. Admins have the ability to add users, manage user roles, reset passwords, edit workspace labels, perform bulk entity import, and build topics; in addition to all the permissions of “Analyst” users.
Analyst: Ontic User Role; able to perform all functions within the Platform that have been granted by the admin. These functions include viewing, adding, editing, analysis, and research of Entities or Signals.
User Group: administration function to associate users of the Ontic platform to named groups (aka. distribution lists)
Label: Customizable Ontic terms relating to general platform nomenclature
BOLO Templates: administrative function to manage custom BOLO report creation and display formatting with a set of new stylized report templates.
Custom Fields: A user can configure additional fields for Entity details or User profiles that provides a more customized and flexible view of that entity beyond the standard fields available in Ontic. These fields can be defined with explicit options and made available in specific locations on the Entity page.
Rules: Rules in Ontic allow you to automate the changes to Entities and notifications about Entities when certain conditions happen.
Tags: custom tags (labels) to any major object in the Ontic platform.