Release Notes: Here's What's New in Your Ontic Platform
Release Date: March 26, 2022
Real-Time Threat Detection New Product Offering
What it is: Ontic’s Advanced Real-Time Threat Detection package is now ready for general availability.
Why it matters: Visualize real-time and historical intelligence signals. Contextualize potential risk signals in relation to principals. This offering includes 3 new data providers - Real-time events, Weather, and RSS.
Please contact your Ontic team for more information about Real-Time Threat Detection in Ontic.
Real Time Threat Detection Components
The Geo Risks component of Real Time Threat Detection enables teams to quickly gain situational awareness by plotting all signals with a geolocation on a map.
The Feeds component of Real Time Threat Detection will be familiar to current Ontic users as it is a key feature of the Ontic platform. Ontic’s feeds allows you to view all the data on the map in a feed view so you can quickly see signals grouped by most recent or by signal type.
New Data Sources
Ontic is introducing three new data sources with our Real Time Threat Detection product - Real Time Events and Weather.
Real Time Events
Ontic’s Real Time Events data source provides expert-verified information so you can see events happening around your principals and important locations in real time. This helps ensure your team has relevant, contextual intelligence about events such as protests, bomb threats, robberies, arrests, damaging weather, cyber attacks, and travel disruptions.
For a full list of event types included in the data source, please contact your Success Manager.
Ontic’s Weather data allows you to display real time weather alerts in the Ontic platform. This weather data includes but is not limited to hurricanes, tornadoes, fires, blizzards, damaging winds, and damaging rain.
Ontic’s RSS data allows you to build Real Time News feeds based on websites that are important to you. Any website with RSS capabilities can be pulled into Ontic. Any of the data that is geotagged will be shown on the map.
Using Geo Risks
To navigate to Geo Risks, click on the 9-Box menu in the top left corner, hover over Detect, and select Geo Risks.
You will now see a map centered over the United States that is populated with your principals and any signals in Ontic that have a geolocation associated with them.
Navigating the Map
To move around the map, click and hold on the map while dragging your mouse. To zoom in on the map, you can zoom as you would on a standard map using your trackpad or mouse, or you can use the + and - magnifying glasses in the bottom right corner of the map. The next time you load the map, it will load in the location you were most recently centered on.
Viewing the Legend
You can view the legend section at the bottom right of the map.
This will show the icon legend for all signals on the map. You can scroll through the popup to see more.
Other filter options will show in this section when certain data layers are turned on. If you ever need to know what an icon or a color represents, visit the legend area to view the corresponding legend.
Filtering the Map
The layers of signals on the map can be filtered depending on your preferences. The layers you choose to see on the dashboard will be reset if you leave or refresh the page. To save your layers you can create a new dashboard. For instructions on how to create a new Dashboard, scroll to the next section - “Building Maps Dashboards”.
Managing Map Layers
To manage the layers that you see on the map, click on the icon with the map pin in the top left of the map.
To toggle all the signals on and off you can use the toggle next to “Show”. Click the eye icon to hide or show individual signal types. If the eye does not have a line across it, that signal type will show on the map. If the eye has a line across it, that signal type will be hidden from the map.
Additionally, within each signal type you can further filter the signal to only show the specific signals that you want to see. To do this, click on the arrow next to the eye icon on any of the signals and apply any relevant filters.
OSINT Topics and RSS signals have the option to “Show signals with non-precise location”. Toggling this on will allow you to see signals that have a location associated with them but the location is not specific enough to plot traditionally on the map. These could be signals with just a state or country associated.
Managing Map Settings
To manage the map settings that persist when leaving the page, click on the gear icon on the left side of the map.
From here you can choose whether you want to view the map with or without data clusters. The map is defaulted to show without data clusters. Using the map with data clusters will allow you to see hotspots of signals so you can easily focus your attention on areas with high signal counts.
From here you can also turn on Radar, Clouds, and Severe Weather Warnings. Radar will show a standard weather radar that shows rain, snow, and sleet. Clouds will show the level of cloud coverage around the globe. Severe Weather Warnings will highlight portions of the map where a Severe Weather Warning has been issued via NWS and NOAA.
To view more details about a Severe Weather Warning, click any of the colored tiles. This will show the details of the warning in the right pane.
The map defaults to the last 48 hours to show you the most relevant information upfront. To change the time frame, click on the time frame next to “Showing for” at the top right of the map.
From here you can choose from the predefined time filters or you can use the Custom Time option at the bottom of the list to set your own custom date period. Note: If you use the Custom Time option, make sure to click Apply before exiting the time editor window to save the time frame.
Signal Feed on the Map
On the right side of the map you will see a feed view of all the signals currently showing on the map. The feed in the pane will show all signal types in order of the most recent. To the right of that feed you will see the signals grouped by signal type and ordered by most recent.
If you do not want to see this feed view, click the tab with the arrow to collapse the pane. If it is collapsed and you want to see the feed view, click the tab with the arrow to expand the pane.
The Geo Risks product offering also has a separate feed view to see all the signals on the map in a feed view. To view your map dashboard as feeds, click the 3 columns icon at the top right of the map.
You will now see the same signals from the map as feeds grouped by signal type.
Building Maps Dashboards
The default map dashboard is the Standard dashboard.
To build a new dashboard, click on the 3 lines at the top left of the map. Then click on Add a New Dashboard.
You will now see a Create Dashboard screen. From here you can name your dashboard and choose which signals you want to show on the map. After selecting the signals you want, click Next to move on.
Note: Entity and Weather signals will show on the map by default, so they are not included in the signal selection.
After selecting which signals you want to show on the map, you will be able to further refine the signals via the filters. You can apply filters as you would for other parts of the platform. You can edit these filters later as well. To save the filters, click Save.
You will now see your new Geo Risks map dashboard. To edit the filters on the dashboard, click the 3 dots at the top right of the map and select Edit Dashboard.
You can rearrange the order of your dashboards from the dashboard menu. The top menu will be your default dashboard.
With geofences, you can create and save custom geofences to view signals only within those boundaries. From any Geo Risks dashboard you can create and save polygon geofences anywhere on the map. The geofences can be toggled on or off. Geofences can also be applied to principal addresses from the Principal section.
Building Geofences on the Map
To build geofences on the map, click on the polygon shape on the left side of the page and click Create.
This will open drawing mode. From here you will be able to draw a custom border around the area you care about.
You can click the trash icon at the top left to redraw your geofence. When you are finished drawing your geofence, you can either click Exit Draw Mode or click on the 3 sided shape next to the trash can. You will then be prompted to name and save your geofence and it will show in the geofence section you started in.
Building Geofences from the Principal Profile
To build custom geofences for individual principals, navigate to your principal’s profile page (9-box > Manage > Principals) and select Address from the menu on the left.
From here you can either edit an existing address or create a new address. The following steps will be the same for either option. To edit an address click the 3 dots on the right side of the address bar. To add a new address click Add Address.
Below the map in the address popup you will see a Geofence section. This will allow you to set 3 standard geofences for each of your principals. The Inner Layer is defaulted to a 0.5 mile radius, the Intermediate Layer is defaulted to a 1 mile radius, and the Outer Layer is defaulted to a 10 mile radius.
To set the geofences for each of the 3 layers, click the edit icon. From here you will be able to either select a standard circle radius or draw a custom shape. You can also rename your geofence to align with your needs.
Using Geofences Built on the Map
To view signals only within the border you set, click the location pin icon in the Geofence section on the right side of the map.
This will automatically take you to the area of the geofence and show you the signals within the border in the right pane. If you want to view signals on the whole map, click the location pin icon again to deselect the geofence. You can also select multiple geofences at once to see signals in multiple specific areas at once.
Viewing Principal Signals
The Principal section of Georisks has been updated. From the top left Principal dropdown within the Geo Risk dashboard you can select a principal or a combination of principals. You can also select specific addresses associated with a principal. Selecting a principal will edit the map to display only the signals in a specific proximity to the principal.
Using Principal Geofences
When selecting a principal from the principal dropdown the map will zoom in on the default geofence for the principal. You will have the ability to select which geofence you’d like to activate.
Users can send individual signals or your currency map view directly from the map to users within and outside of the Ontic platform.
To send a signal to someone, click on the 3 dots at the bottom right corner of the signal and select Notify.
To send the entire map view to someone, click the 3 dots at the top right corner of the dashboard and select Notify.
This will take you to the Signal Risk Report page, where you can edit and send the report.
To edit the report or begin the process of sending it, click Edit Report. From here you can use the Add Widget or the + to add different sections to the report. This allows you to customize the report and add additional context before sending it out. Under the clipboard on the left side you can add a cover page, a table of contents, a report header, and/or a report footer.
You can use the Preview button to preview what the report will look like when it is sent. To send the report, first click Publish to save the final version. You will then be able to click Share. Once you see the Share Report popup, you can share it with users of Ontic or recipients outside of the platform.
To share with Ontic users, select their names from the Search Users list.
To share with recipients outside of Ontic, click Add User and enter their name and email address. You can add additional recipients by clicking the blue plus sign. Then click Add & Continue to finish setting up your sharing settings.
Once you have added all your desired recipients, click Continue to see additional sharing settings.
Set Link Expiry Date will allow you to deactivate the report link that is sent to the users after a specified time. Link Access will allow you to turn off the ability to copy text from or print the report. Recipient location allows you to set the viewing location for the report to only certain countries. Only users within the set countries will be able to view the report.
Once you click Share, it will send to all your recipients and it will generate a sharable link. This link is viewable by anyone with an Ontic login and anyone that has been added as an external user in Ontic (i.e. If you have sent them a signal via the Notify feature).
9-Box Menu Updates Enhancement
What it is: New 9-box navigation menu organization featuring headings that align to the threat management journey.
Why it matters: In addition to simplified usability, the new organization supports security teams throughout the threat management journey, and sets the foundation for a continued innovation.
Business Objects Enhancement
What it is: A way to standardize groups of fields within Ontic for use across multiple sections of the platform such as Entities, Observations, Investigations.
Why it matters: Sets the foundation for a more connected platform with seamless flow of information between objects. Having a dynamic set of data fields that can be grouped together for use across the platform lets users tailor the platform for their needs.
How it works: There are multiple entry points to set up Business Object field(s) that will save the new field(s) in the Business Object Library. To ensure the best course of action, users must determine if the fields will be used across multiple sections of Ontic (ie. Entity, Observations, Investigations). The business object can be built within the Business Objects configuration section. In addition, a Business Object field(s) can be created as you are building a custom field within a section, like Entity, to streamline the process of setting up the immediate need and have the field accessible for other sections of Ontic.
To navigate to “Business Objects” start at the 9-box menu > Administration > Business Objects. Once in Business Objects select “Create Business Object”.
Select “Create Business Object”. Establish a Name for the Business Object Field(s), provide a description, and select “Add Field”. You can add numerous fields within a Business Object as desired. The organization and layout of the fields can be edited throughout the process and can be edited at a later time.
The process of adding a field is very similar to Custom Field creation. A name is required and a description can be provided. Select the type of input for the field (Short Answer, Paragraph, Multiple Choice, Checkbox, etc.). The next selection is value type which is determined by the input selection - for example, Multiple choice fields could be text, numbers, email, or a url. Additional field configurations can be selected such as if the field completion is required, or if displaying this field is dependent on another field within this business object.
To rearrange the fields or rows, select the 6-Box icon on the row or field to move the field or rearrange the rows. The configuration icons within fields are to edit the field content or delete the field. The configuration icons within the rows configure the column selection.
To navigate to Custom Fields, start at the 9-box menu > Administration > Fields. Prior to clicking “Add Field”, determine what area of Ontic the set of fields will be visible in (Entity, Investigation, Signal/Observation, User, or Principal). The set of fields can be applied to other sections of the platform. Select one of the areas such as Entity and then select “Add Field”.
Once “Add Field” has been selected, to create a Business Object the Input Type would have to be a Single or Multiple Business Object, with the Value Type being “Create new Business Object”.
Once Business Object Fields are created, they can be applied within individual sections of Ontic or across all sections.
Metrics in Assessments Enhancement
What it is: The ability to auto-populate widgets from existing metrics dashboards into assessment forms for reference while conducting an assessment.
Why it matters: This enhancement allows users to leverage data within the platform to make informed decisions in an assessment. The widgets will update in real time so they will always show the most up to date information in the assessment flow.
How it works: Navigate to Assessment form creation by starting at the 9-box menu > Administration > Forms. Click “Create Form” at the top right corner of your screen. When you add a question to the form, you will have the option to include supporting metrics widgets by clicking the three vertical dots on the right side of the “Required” toggle.
From here, select “Add Supporting Metrics” and then choose which dashboard you want to pull your widgets from. Please note, the widgets need to already exist in a standard or custom metrics dashboard to be included in the assessment flow. To create new metrics widgets please go to the 9-box > Metrics.
Once you select your widgets for that question in the form, click save.
Rules User Interface & Metrics Enhancement
What it is: A new UI for the Rule Builder, that intuitively guides the user through the process of building a rule. These updates also include new metrics around “Rule Usage,” available for each individual rule as well as in the rule list view.
Why it matters: Making rules easier to build opens the door to more opportunities to leverage automation within the Ontic platform to support client workflows. Rule usage statistics allow admin users to understand whether a rule is working, see how often it is being fired, and audit the full context of each of the objects impacted by the rule, all from a simple dashboard.
How it works: To access the Rule Builder, navigate to the 9-box menu, Administration > Rules. This will bring you to your Rules Dashboard. From this view, you can filter by rule type, sort the rules based on when they were last updated, or their status , and see how many times each rule has been triggered in your environment.
To add a new rule, click “Create Rule” at the top right side of your screen. Next, you will be prompted to give your rule a title and description, and to specify which workspaces this rule should function in. To build the rule, start by selecting an “event” to kick off the automation.
Once you select your “event” - or the “when” - to trigger the rule, you will be given a selection of possible conditions and actions - or “ifs” and “thens” - to specify the rule even further.
Once you have built out your rule, click “Activate” to turn it on. You can always pause or delete rules later on. Careful! If you don’t click “Save Draft” or “Activate,” your work won’t be saved when you refresh or click away from this page.
To see how a rule is performing, whether it is useful to your organization, and whether or not notifications are being read - check out “Rule Usage.” From the rule dashboard (Administration > Rules) click on the three vertical dots on the far right of the rule you want to learn more about. Then select, “Rule Usage.”
This view will not only show you how many times the rule has been triggered, but also the number of notifications that have been sent as a result, as well as how many of those notifications have been read vs unread. To see specifically which users have read or not read the notification that was triggered from the rule, click on the blue “Alerts” text in the Rule History timeline.
Social Profile List in Twitter Search Enhancement
What it is: The ability to select a Social Profile list for the source of a Twitter Search feed
Why it matters: You may have a list of influencers who are not entities but often post on social media about your organization’s industry, executives, etc. Leveraging social profile lists in feeds lets you update lists in one place and have those updates automatically reflected across feeds in the platform.
Example: A client may have a list of anti-billionaire activists who themselves may not be a threat to the principal, but whose tweets could spark threatening sentiment among their followers. For that reason, you may want to stay up to date on those accounts.
How it works: When adding a new Twitter Search Feed to one of your Feed Dashboards under Administration > Detect > Feeds, you now have the option to select a Social Profile List to populate the feed.
To create a Social Profile List, go to the 9-box menu, select Administration > Lists. Select Social Profile from the top menu bar, and then press “Create List.”
From here, you can add social handles manually, based on an entity attribute, or upload profile information from an excel document. Once you click Save, this list will be available for you to populate your Twitter Search feeds.
Value Formatting for Computed Fields Enhancement
What it is: The ability to specify formatting for number fields. Formatting includes designating whether the number is a monetary value, defining a currency that will display in the field, as well as the number of decimal places the number should show.
Why it matters: The ability to specify formatting for number fields. Formatting includes designating whether the number is a monetary value, defining a currency that will display in the field, as well as the number of decimal places the number should show.
How it works: From the custom field creation screen, when “Number” is selected as the field value type, the option to “Configure Formatting” will pop up next to the field.
Clicking on the Configure Formatting button will give you the option to select Currency as a format, and select the specific currency you want the number to display in. You will also have the option to pick the number of decimal places you want the number field to default to.
Principal First View Enhancement
What it is: Enhanced Principal Profile Similar to entity profile and better integrated with the rest of the platform - no longer just for admin purposes. Updates include:
Guided Principal creation process through 5 clear steps
Principal Dashboard (customizable dashboards featuring advanced filtering capabilities)
Tabs within the profile include:
Entities (any entities tagged with the principal)
Collaboration opportunities (chat, planner, tasks)
Why it matters: Principal first view provides users with a comprehensive, dynamic view of Ontic data in the context of a given Principal. These enhancements set the foundation to move from an entity centric approach to a principal centric program.
How it works:
Guided Principal creation process through 5 clear steps:
To add a new principal, click on the blue “Add” button at the top right side of your screen and select “Principal.” This will take you through a 5 step process to create a new principal. Fill in the information you have available during the creation process but rest assured that information can be edited at a later time, and more information can be added at any time directly from the principal’s profile.
Just like the Entity Dashboard, the principal dashboard can be found by navigating from the 9-box to Manage > Principals. From this view, you can create as many custom dashboards as you need to by clicking the hamburger icon at the top left of the screen and selecting the attributes that you want to define your dashboard. You can also leverage quick filters by clicking the filter icon at the left side of the dashboard. Note that any filters applied in this way will reset when the page is refreshed. To set filters that will persist, click the three vertical dots at the top right side of your dashboard and select “Edit dashboard.” Any changes you make from that view will be there anytime you return to that dashboard.
Enhanced Principal Profile:
All of your principal details from the creation flow, as well as any principals you have created in the past, will be available in the new principal profile format. The new profile view includes the following tabs:
Details: This includes all basic information about the principal, as well as any principal custom fields you have created.
Files: This section includes all files that have been uploaded to the principal’s profile for quick reference.
Entities: This view automatically includes a quick overview of all entities tagged with that principal.
Notes: This tab allows you to add notes related to the Principal.
Monitoring: This tab will only be visible if you use Real Time Threat Detection in your workspace.
Sub-Principals: A sub-principal location or person exists in relation to a principal and requires less intelligence gathering and reporting details than a primary principal. Intelligence uncovered about a sub-principal is always associated with the primary principal to expand the view of the threat landscape.
LexisNexis New Integration
What it is: Ontic’s integration with LexisNexis (Risk Solutions)
Why it matters: With this integration, you can integrate your LexisNexis account into Ontic to perform records searches within the platform. The LexisNexis integration exists within Ontic’s Research offering.
If you are a current user of LexisNexis and want to integrate your instance directly with Ontic, please contact your Success Manager.
Salesforce New Integration
What it is: Ontic’s bi-directional integration with a client’s Salesforce instance.
Why it matters: Having systems that are connected is important in ensuring a unified approach to safety and security. By integrating Salesforce and Ontic, organizations will benefit from proactive communication and shared visibility while maintaining a cohesive view of the threat landscape.
Ontic can map any Salesforce object (contacts, leads, cases, etc.) to objects in Ontic such as Entities, Observations and Investigations.
If you are a current Salesforce user and want to integrate your instance directly with Ontic, please contact your Success Manager.
Google Forms New Integration
What it is: The ability to map external Google Form submissions to Observations or Investigations in Ontic.
Why it matters: Security teams receive incident reports from employees, consumers and other sources without a login to Ontic to submit observations.
If you are using Google forms to submit incident reports, you can now automatically create Observations in Ontic when a team member submits an incident report. You can then easily take action and perform additional research on these incidents.
If you are interested in a Google Forms integration please contact your Success Manager.
JIRA New Integration
What it is: Ontic’s bi-directional integration with a client’s JIRA instance.
Why it matters: If you are using JIRA for case management or incident management, you can automatically ingest those cases or incidents into Ontic as Observations or Investigations. This will eliminate the need to manually enter information and allow teams to easily take action and perform any necessary research. The integration can also update information in JIRA based on actions taken in Ontic.
If you are interested in a JIRA integration please contact your Success Manager.