Release Notes: Real Time Threat Detection

Release Date: March 26, 2022

Summary:

Real Time Threat Detection Components

  • Geo Risks (Enhancements)

  • Feeds

  • New Data Sources

Using Geo Risks

  • Overview

  • Navigating the Map

  • Filtering the Map

  • Signal Feed on the Map

  • Feed View

Building Maps Dashboards

Geofencing (New)

Notify (New)

Real Time Threat Detection Components

Geo Risks

The Geo Risks component of Real Time Threat Detection enables teams to quickly gain situational awareness by plotting all signals with a geolocation on a map. 



Feeds

The Feeds component of Real Time Threat Detection will be familiar to current Ontic users as it is a key feature of the Ontic platform. Ontic’s feeds allows you to view all the data on the map in a feed view so you can quickly see signals grouped by most recent or by signal type.




New Data Sources

Ontic is introducing three new data sources with our Real Time Threat Detection product - Real Time Events, and Weather, and RSS.

Real Time Events

Ontic’s Real Time Events data source provides expert-verified information so you can see events happening around your principals and important locations in real time. This helps ensure your team has relevant, contextual intelligence about events such as protests, bomb threats, robberies, arrests, damaging weather, cyber attacks, and travel disruptions.


For a full list of event types included in the data source, please contact your Success Manager.

Weather

Ontic’s Weather data allows you to display real time weather alerts in the Ontic platform. This weather data includes but is not limited to hurricanes, tornadoes, fires, blizzards, damaging winds, and damaging rain.


RSS

Ontic’s RSS data allows you to build Real Time News feeds based on websites that are important to you. Any website with RSS capabilities can be pulled into Ontic. Any of the data that is geotagged will be shown on the map.

Using Geo Risks


Overview

To navigate to Geo Risks, click on the 9-Box menu in the top left corner, hover over Detect, and select Geo Risks.


You will now see a map centered over the United States that is populated with your principals and any signals in Ontic that have a geolocation associated with them.


Navigating the Map

To move around the map, click and hold on the map while dragging your mouse. To zoom in on the map, you can zoom as you would on a standard map using your trackpad or mouse, or you can use the + and - magnifying glasses in the bottom right corner of the map. The next time you load the map, it will load in the location you were most recently centered on.

Viewing the Legend

You can view the legend section at the bottom right of the map.



This will show the icon legend for all signals on the map. You can scroll through the popup to see more.


Other filter options will show in this section when certain data layers are turned on. If you ever need to know what an icon or a color represents, visit the legend area to view the corresponding legend.


Filtering the Map

The layers of signals on the map can be filtered depending on your preferences. The layers you choose to see on the dashboard will be reset if you leave or refresh the page. To save your layers you can create a new dashboard. For instructions on how to create a new Dashboard, scroll to the next section - “Building Maps Dashboards”.

Managing Map Layers

To manage the layers that you see on the map, click on the icon with the map pin in the top left of the map.



To toggle all the signals on and off you can use the toggle next to “Show”. Click the eye icon to hide or show individual signal types. If the eye does not have a line across it, that signal type will show on the map. If the eye has a line across it, that signal type will be hidden from the map.


Additionally, within each signal type you can further filter the signal to only show the specific signals that you want to see. To do this, click on the arrow next to the eye icon on any of the signals and apply any relevant filters.



OSINT Topics and RSS signals have the option to “Show signals with non-precise location”. Toggling this on will allow you to see signals that have a location associated with them but the location is not specific enough to plot traditionally on the map. These could be signals with just a state or country associated.



Managing Map Settings

To manage the map settings that persist when leaving the page, click on the gear icon on the left side of the map.



From here you can choose whether you want to view the map with or without data clusters. The map is defaulted to show without data clusters. Using the map with data clusters will allow you to see hotspots of signals so you can easily focus your attention on areas with high signal counts.



From here you can also turn on Radar, Clouds, and Severe Weather Warnings. Radar will show a standard weather radar that shows rain, snow, and sleet. Clouds will show the level of cloud coverage around the globe. Severe Weather Warnings will highlight portions of the map where a Severe Weather Warning has been issued via NWS and NOAA.




To view more details about a Severe Weather Warning, click any of the colored tiles. This will show the details of the warning in the right pane.


      


Filtering Time

The map defaults to the last 48 hours to show you the most relevant information upfront. To change the time frame, click on the time frame next to “Showing for” at the top right of the map.


From here you can choose from the predefined time filters or you can use the Custom Time option at the bottom of the list to set your own custom date period. Note: If you use the Custom Time option, make sure to click Apply before exiting the time editor window to save the time frame.



Signal Feed on the Map

On the right side of the map you will see a feed view of all the signals currently showing on the map. The feed in the pane will show all signal types in order of the most recent. To the right of that feed you will see the signals grouped by signal type and ordered by most recent.


If you do not want to see this feed view, click the tab with the arrow to collapse the pane. If it is collapsed and you want to see the feed view, click the tab with the arrow to expand the pane.



Feed View

The Geo Risks product offering also has a separate feed view to see all the signals on the map in a feed view. To view your map dashboard as feeds, click the 3 columns icon at the top right of the map.

You will now see the same signals from the map as feeds grouped by signal type.

Building Maps Dashboards

The default map dashboard is the Standard dashboard.


To build a new dashboard, click on the 3 lines at the top left of the map. Then click on Add a New Dashboard.


You will now see a Create Dashboard screen. From here you can name your dashboard and choose which signals you want to show on the map. After selecting the signals you want, click Next to move on.


Note: Entity and Weather signals will show on the map by default, so they are not included in the signal selection.


After selecting which signals you want to show on the map, you will be able to further refine the signals via the filters. You can apply filters as you would for other parts of the platform. You can edit these filters later as well. To save the filters, click Save.



You will now see your new Geo Risks map dashboard. To edit the filters on the dashboard, click the 3 dots at the top right of the map and select Edit Dashboard.


You can rearrange the order of your dashboards from the dashboard menu. The top menu will be your default dashboard.

Geofencing

With geofences, you can create and save custom geofences to view signals only within those boundaries. From any Geo Risks dashboard you can create and save polygon geofences anywhere on the map. The geofences can be toggled on or off. Geofences can also be applied to principal addresses from the Principal section.


Building Geofences on the Map

To build geofences on the map, click on the polygon shape on the left side of the page and click Create.


 


This will open drawing mode. From here you will be able to draw a custom border around the area you care about.



You can click the trash icon at the top left to redraw your geofence. When you are finished    drawing your geofence, you can either click Exit Draw Mode or click on the 3 sided shape next to the trash can. You will then be prompted to name and save your geofence and it will show in the geofence section you started in.


Building Geofences from the Principal Profile

To build custom geofences for individual principals, navigate to your principal’s profile page (9-box > Manage > Principals) and select Address from the menu on the left.



From here you can either edit an existing address or create a new address. The following steps will be the same for either option. To edit an address click the 3 dots on the right side of the address bar. To add a new address click Add Address.


Below the map in the address popup you will see a Geofence section. This will allow you to set 3 standard geofences for each of your principals. The Inner Layer is defaulted to a 0.5 mile radius, the Intermediate Layer is defaulted to a 1 mile radius, and the Outer Layer is defaulted to a 10 mile radius.



To set the geofences for each of the 3 layers, click the edit icon. From here you will be able to either select a standard circle radius or draw a custom shape. You can also rename your geofence to align with your needs.


Using Geofences Built on the Map

To view signals only within the border you set, click the location pin icon in the Geofence section on the right side of the map.


 


This will automatically take you to the area of the geofence and show you the signals within the border in the right pane. If you want to view signals on the whole map, click the location pin icon again to deselect the geofence. You can also select multiple geofences at once to see signals in multiple specific areas at once. 




Viewing Principal Signals

The Principal section of Georisks has been updated. From the top left Principal dropdown within the Geo Risk dashboard you can select a principal or a combination of principals. You can also select specific addresses associated with a principal. Selecting a principal will edit the map to display only the signals in a specific proximity to the principal. 



Using Principal Geofences

When selecting a principal from the principal dropdown the map will zoom in on the default geofence for the principal. You will have the ability to select which geofence you’d like to activate. 


Notify

Users can send individual signals or your currency map view directly from the map to users within and outside of the Ontic platform.


To send a signal to someone, click on the 3 dots at the bottom right corner of the signal and select Notify.


To send the entire map view to someone, click the 3 dots at the top right corner of the dashboard and select Notify.



This will open a Notify popup, where you can enter recipients, edit the message that will be sent, edit the report, and apply report restrictions.



To edit the message, use the text editor functionality in the “Notify Message” section.


To view the attached report, hover over the top right corner of the Generated Report and click the eye icon.


To edit the attached report, click the edit icon in the top right corner of the Generated Report.


From here you can click on sections to edit them and use the Add Widget or the + to add different sections to the report. This allows you to customize the report and add additional context before sending it out. 



You can use the Preview button to preview what the report will look like when it is sent or click Done to get back to the Notify popup to send it.


To share with Ontic users, select their names from the Enter Recipients dropdown list.


To share with recipients outside of Ontic, click Quickly Add and enter their name and email address. You can add additional recipients by clicking the blue plus sign. Then click Save.



To add restrictions to the shared link, scroll to the bottom and click Add under Apply Report Restrictions.


Set Link Expiry Date will allow you to deactivate the report link that is sent to the users after a specified time. Link Access will allow you to turn off the ability to copy text from or print the report. Recipient location allows you to set the viewing location for the report to only certain countries. Only users within the set countries will be able to view the report. Once you have finished setting these restrictions, click Save.

 


Once you click Notify, it will send to all your recipients and it will generate a sharable link. This link is viewable by anyone with an Ontic login and anyone that has been added as an external user in Ontic (i.e. If you have sent them a signal via the Notify feature). Users can follow the instructions in the email to access the link that was sent to them.