Release Notes: Here's What's New in Your Ontic Platform
Release Date: June 18, 2022
Principal Layout Support Enhancement
What it is: Ability to configure the view of principal information for the various roles within your organization.
Why it matters: An organization can have a variety of Principals (person, location, event, group, or business) to protect. In order to support the functions of your organization, different roles may require different access and views.
How it works: Navigate to Layouts by starting at the 9-box menu > Administration > Layouts. In Layouts, select “Principal Layout”. You can create a new template, or clone an existing principal layout. Within the layout builder you will create two stages, the first being how the principal fields are exposed when initially entering a principal. The second stage is the layout of fields that are exposed when viewing or working within principals.
Principal Field Unmasking Enhancement
What it is: Field visibility and permissioning to unmask and edit sensitive principal information.
Why it matters: In order to edit entered principal information, users must be able to unmask the entered data. This functionality will allow configuration for roles to have the permission to unmask data. If a role does not have permission the field is always masked.
How it works: By default all roles within Ontic show masked fields, with no ability to unmask or edit. To unmask, navigate to Roles by starting at the 9-box menu > Administration > Roles. Within Roles, select a designated role that shall be granted permission to unmask the principal information and then select the fields (standard and/or custom) that can be unmasked. Standard principal fields that can be unmasked, include: Email, Phone, SSN, Vehicle, and Credit Card. Upon creation of custom fields within principals, a field can be set to “Mask field value”.
Business Objects Updates Enhancement
What it is: We have added additional functionality to Business Object fields to bring them in line with the functionality of standard and custom fields. These enhancements include:
Business Object fields are now included in dashboard filters
Business Object field values are now searchable in Universal Search
Business Object fields are now supported in Principal layouts
Business Object fields now support computed fields
Why it matters: These enhancements will bring business object functionality more in line with the functionality of standard and custom fields and will enhance the user experience for business objects.
How it works:
To filter a dashboard by business object fields, navigate to the filters section of the dashboard and look for “Business Object”. From here you can expand the tab to view all the available fields and set your filters.
To search for a value from a business object field in the Universal Search bar, select the section you want to search (Investigation, Entity, etc) and begin typing the field name. This will show you the available business object fields you can search from.
From here, select the field you want to search and then type in the search parameter. This will show you all relevant results.
To create and add a business object to a principal layout, follow the steps outlined in the Business Objects section of these release notes. You will then be able to see the business objects fields in the creation section of principals and on the principal profile.
To create and add a computed field in a business object, first navigate to the Business Objects section under Administration. From here click Create Business Object and name the business object.
Create at least one field with the Value Type “Number” (see below note). Once you have set your fields that will be used in your mathematical expression, you can build your computed field. You can use these release notes to learn how to build a computed (monetary) field.
Note: To use computed fields within business objects, you must first have at least one field with the Value Type “Number” within that business object. You can only set computed fields on fields with the “Number” Value Type.
Real Time Events Rules Enhancement
What it is: We have added additional parameters to Real Time Events rules, including the ability to create rules based on proximity to principals.
Why it matters: The additional rules parameters will allow you to refine the Real Time Events signals you are getting alerted on, which will reduce noise and help you focus on the signals that truly matter.
How it works:
Navigate to Rules under the Administration section in Ontic and click “Create Rule”. Under the “When” section select “Real Time Events Signal Received”.
From here you can choose from “Within Miles” or “Within Geofence”. The Within Miles option will allow you to choose a radius around a Principal, a location, an Associated Principal, or a Location List. You will receive an alert for any alerts within that radius relative to the option you select. The Within Geofence option will allow you to select from existing Principal geofences. You will receive an alert for any signal within that geofence.
Once you have selected one of those options, you can continue filling in the other parameters to tailor your alerts to what you want to see.
Investigation Location Support Enhancement
What it is: We have added an Investigation layer to the Geo Risks map.
Why it matters: The new Investigation layer will allow you to view more HUMINT directly from the Geo Risks map.
How it works:
Add a location to your Investigation layouts using the “Location Details” field.
Any Investigation with this field filled out will show on your Geo Risks map. You can hide or show this layer from the Map Layers section on the left side of the map.
What it is: An enhancement of both user experience and assessment functionality.
Why it matters: Enables the user to reference aspects of the Ontic platform during the assessment process.
What it is: A unified assessment dashboard to house all assessments across all objects (Entity, Investigation, Signals).
Why it matters: This allows users to have a one stop shop to quickly access all the assessments they have completed in Ontic. Standard metrics are also available for client consumption.
What it is: The ability to minimize and maximize assessments while conducting them on both an entity and an investigation.
Why it matters: This will allow users to easily toggle between gathering data in Ontic to complete the assessment while minimizing the amount of clicks to return to it.
How it works: When completing an assessment, click the minimize icon in the top left hand corner of the screen to shrink the window down to the bottom of your screen.
Assessment Widgets - Tasks:
What it is: The ability to create tasks from within an assessment flow and visualize all tasks within an in form widget.
Why it matters: This enables the user to delegate the work that is associated with an assessment on an ad hoc basis.
How it works:
When building the assessment form, select the + Content Widget option from the right hand menu.
The Content Widget menu will then display the option to select Tasks. This will embed the task widget to the form.
When completing an assessment, selecting the Add Task button on the widget will enable the user to create and assign a new task from within the ongoing assessment.
Assessment Widgets - Public Records:
What it is: The ability to embed and view public record information related to the entity from within the assessment.
Why it matters: This enables referencing public records information without navigating away from the assessment, as well as including the information within the assessment export.
How it works: When building the assessment form, select the + Content Widget option from the right hand menu.
The Content Widget menu will then display the option to select Public Records. This will embed the widget to the form.
When completing the assessment, the widget will display all currently pulled public records. By clicking on a record, the full record details can be viewed.
Assessment Widgets - Metrics:
What it is: The ability to embed Metrics into the assessment form.
Why it matters: Backing up narrative with data will help prove the case of the assessment. By leveraging the Ontic platform’s database, supporting metrics can provide further evidence of the assessment results.
How it works: When building the assessment form, select the + Content Widget option from the right hand menu.
The Content Widget menu will then display the option to select Metrics. This will embed the widget to the form.
After selecting Metrics, select the Add Metrics Widget button and determine which type of metric is needed in the following menu.
Metrics Widgets can be added as stand alone items or appended to specific questions to provide insight. To add a metric widget to a specific question, select the three dots in the bottom right of the question and choose Add Supporting Metrics.
The selected metric will then be appended to the question.
Investigation & Entity Widgets Enhancement
What it is: The ability to add widgets to the entity details or investigation overview section.
Provides visibility into all completed and ongoing assessments on the entity
Provides visibility into all approved, pending, and archived public records on the entity details page.
Provides visibility into all completed and ongoing assessments on the investigation
Provides visibility into all completed and ongoing tasks on the investigation
Why it matters: Brings areas of the platform with important information up front to limit the amount of clicks needed to discover new data.
How it works: All widgets must be added to the layout of the entity/investigation prior to displaying. This maintains full control over which roles of users can and cannot see the widgets.
Using the Navigation, hover over Administration and select Layouts
Select an existing or create a new layout on an entity or investigation
The widgets will be toggled off by default for existing layouts and on for any newly created layout. Use the Gear Icon in the upper right corner to hide or unhide the widget.
Save the layout and apply it to a Role.
Beta - Entity Lifecycle Management Enhancement
What it is: A visual and functional entity redesign to provide fields and functions to manage the entity threat journey more effectively.
Why it matters: Brings important information upfront to provide an operational structure to managing entities.
How to Enable: Contact your success manager to learn more and to have this enhancement feature enabled.
Entity Lifecycle Management
Static Horizontal Entity Navigation
Why It Matters: Shifting from the current vertical entity navigation to a horizontal navigation allows for expanded high level information to remain present. The horizontal layout also allows for dynamic display to hide information when scrolling farther down a page.
(Scrolling down the page shortens the height but retains the high level info remaining)
Why It Matters: Bringing the most information upfront. Instead of sifting through the various Entity tabs to locate the most relevant data, the highlights tab provides a summary of the current information and status of the entity.
The “About Section” remains front and center as the summary of why the entity is in Ontic. Primary Entity Information is visualized at the top and clearly defined.
Intelligence Lifecycle brings clarity to information collection process
Timeline sections provides an overview of the entity history and a separate view of the associated critical signals
Recent Locations provide a visual representation of the entity's movements over time.
Why It Matters: Central hub for actions that can be taken on an entity. Provides prompts for research that can be done on an entity without having to navigate in and out of research tools.
Location - Located on the left navigation and when actions are available the icon will be flashing red with a number for actions.
Take action on signals from entity watches. When signals are available from watches users select Verify Now. Users can then accept or reject the associated entity signals.
Prompts for Entity Research - Users will be notified when the entity has enough information to conduct a search from the available research tools. For example, users who have TLO research, a minimum set of data points can shortcut a user to a search on those data points.
Ie. The above Entity profile has the name and phone number entered. Ontic will suggest a person search based on those data points. The Ontic User can “Ignore” the prompt and clear the suggestion or a user can select “Research Now”. Selecting “Research Now” will open up the TLO search with the pre-populated fields to select “Search”.
Why It Matters: Central hub and holistic view of entity events. Clear view of the intelligence lifecycle (Research, Evaluate, & Watch), providing visibility to what has been completed on an entity and what needs to be conducted at the present of future.
Research - During research, analysts can confirm the status of research completion and provide remarks for others to know what has been done on an entity. Having research defined can also further organize team workflow responsibilities
Ontic will use logic to establish the status of each section within Intelligence Lifecycle - Research.
As research is conducted Ontic will use similar logic to establish the status of related sections.
Users have the ability to override the Ontic established choice for the respective section.
Having the status set for each section will also be exposed in Entity Workflow Intelligence Feeds.
To update the specific, select the “View Details” button at the bottom of the section to edit manually.
Evaluate - Users define the risk landscape of an entity.
By defining how long an entity is marked on a BOLO status, can automatically remove the entity from that status on the defined date.
Users should also define the “Next Evaluation Date” whis is to identify when an entity needs to be reviewed. Users now have a nexis data point to organize team workflow responsibilities. Examples of a review could be to check the BOLO status, Update Research Data points, or an annual review of an entity's risk assessment.
Watch - Identifies the Ontic services that are Always On and when the latest information has been received.
Watch Information in Intelligence Lifecycle will mark each type with a green check mark and a colored icon when the specific watch has been initiated.
The Watch information will also display the date when the last signal for that watch type was received.
Users should select “View Details” to see what data is included on the corresponding watch.
Within “View Details” of Watch, any rules that have been configured specifically for this entity will be surfaced at the bottom of the page.
Entity Workflow Intelligence Feed
An operational structure to manage entities. This intelligence feed features filtering of entity profiles related to their stage in the intelligence lifecycle. Filter entities by bolo statuses, relevant entity activity, evaluation date, re-evaluation date, evaluated by, and research statuses. Relevancy Filters, has over 25 filter types across security updates, entities needing action, automation, threat activities, agent actions, and assignments.
Why It Matters: Empower teams to organize the work needed to maintain complete and accurate entity intelligence across the entity lifecycle.
How it works: “Entity Feeds” are accessible by navigating from the 9-Box Menu > Detect > Feeds. From within Feeds an existing feed dashboard would need to be edited or create a new dashboard.
Editing an existing feed - In the upper right corner, select the 3-dot edit menu. Select “Add New Feed”
Create a new dashboard - From feeds select the 3-line hamburger icon for the list of the created intelligence feed dashboards. Scroll to the end of the list to “Add New Dashboard”.
From either of these points the available Feeds menu will be displayed. Select “Entity Feeds”. Selecting Entity Feeds will open the window to configure the feed. The feed can be configured via multiple filters related to status of work to be done on an entity or the relevancy of the information of entity signals.
Entity Creation - Enhancement
Entity creation has been expanded from just PII information into a quick 3-step process. Step 1 is to capture the details of an entity. Step 2 provides the crucial step for users to apply the necessary security details and reason for inclusion in Ontic. Step 3 is for additional details such as associated principal, tags, or other custom fields / business objects.
Expand functionality to configure the layout of entity details from creation, the new entity design, increased control on entity fields, and the entity card layouts.
Entity Creation Layout
Functionality to configure the layout and the fields to have included at the time entity creation. The new entity creation process includes three steps to capture the relevant entity details, as well as the necessary information related to why the entity is being added to include relevant security directives, and any additional details such as affiliated principals.
Why It Matters: Ability to add custom fields and business objects to the intake process and across the platform whether it is Entity, Observation, or Investigation layouts. Layouts also add formatting to allow for multiple columns within a row of data to maximize space efficiency.
How it works: Layouts are accessible by navigating from the 9-Box Menu > Administration > Layouts. From Layouts, the existing layout can be adjusted by selecting edit from the far right of the rows of created layouts. To create a new layout select “Create New Template”
What Can be Configured: Layouts for Entity, Observations, and Investigation with additional layout formats within each. Different layouts are possible within Entity (person entity, person profile, business, group/event)
Entity Layout configurations have five sections of configuration which include, Entity Creation, Header Tabs, Entity Highlights, Entity Details, and Entity Card Layout.
Entity Creation Layouts, the 3-step entity creation screen to add an entity manually to Ontic.
This 3-step process allows clients to adjust the intake process for different Ontic user roles and entity types. A guard may input far less information than an investigator. Fields applicable for a person entity might not be applicable for a business or group entity.
Header Layout, provides for configuration of the Entity information and the related tabs exposed through all of the entity information pages.
Configuration includes two components; the specific entity information, and entity information tabs.
Entity specific information is defaulted to Threat, Reason For Inclusion (RFI), Associated Principals, and Tags.
Positioning can be changed.
Any of these four can be deleted and replaced with another applicable entity field. The header can only contain 4 entity specific fields.
Entity Information Tabs are defaulted to Highlights, Entity Details, Public Records, Connections, Relationships, Files, Notes, Timeline, Research, Insights and Wavr21 (for those clients who have enabled Wavr21).
Positioning of the tabs can be changed
Tabs can be hidden
The tab in the first position will be the default tab that will be exposed when an entity is opened.
No additional tabs can be added.
Highlights Layouts, the new information up front page for entities. Configuration of the Entity Highlights Page is limited to moving the position of the section and/or hiding sections.
Entity Details Layout - Entity details where all data associated with an entity is maintained.
Entity Card Layout - The entity card displayed in Entity Dashboards. These cards will not be displayed in signals, “Feed Card Templates”, will control what is visible in Intelligence Feeds (Feed Card Templates are discussed further in these notes).
Observation Creation - Initial fields for manual entry of an observation
Observation Overview - Visualization of fields in an observation
Investigation Creation Form Layout - Fields for manual creation of an investigation.
Investigation Overview Layout - Contents of investigation details (Does not support addition of fields at this time)
Investigation Conclusion Layout - Summary and associated fields in the conclusion of an investigation
Layout Configuration Options
Layout creation includes the ability to move, rearrange, delete, and add fields, including business objects.
Field Re-arrangement - Fields can be adjusted by moving the field with the selection of the six dot box on the field and drag and drop where the field’s new position should be.
Field Deletion - Fields can be deleted by selecting the configure icon within the field box to select “Remove”.
Multi-Column - Each row on the creation layout pages can be a single column or up to 3 columns. Some of the fields only require minimal details or are suited to have the information side by side. To configure the number of columns used for each row, select the configure icon on the far right of the row outside of the field. Then select 1, 2, or 3 columns.
Field Additions - At the bottom of the layout page, there is the option to “Add Row”. The row additions can include both standard fields, custom fields, a custom business object fields
Fields can be selected from previously established custom fields or business objects that can be selected from the pop-out window. If the appropriate custom field or business object has not yet been created, users have the option to create one at that time.
Fields can be added to the 3-step creation or the entity details page.
Entity Feed Card Templates
The entity card with basic details exposed in dashboards and intelligence feeds can now be customized and viewed in dashboards and feeds. The entity card with certain information can be exposed in Intelligence Feeds and a differing view in dashboards.
Why It Matters: With Entity Feeds an additional level of context about the entity will be valuable compared to the workflow of that particular feed. Space as a premium allows users to specify if all or just portions of the basic entity information needs to be exposed in an Intelligence Geed.
Setting Up Feed Card Templates
There are two ways to create a “Feed Card Template”.
While creating or editing an “Entity Feed” within the Intelligence Feeds dashboard. To the right in the feed preview, there is a blue outlined box with the addition “+” symbol. Click on the addition “+” symbol to create a Feed Card.
Navigate to “Feed Card Template” start at the 9-box menu > Administration > Feed Card Template. Once in the Feed Card Template, select “Create New Template” in the upper right corner.
The card template will have to have a name which will be how it is identified when creating a feed. An Entity category (Person, Business, Group/Event) will also need to be selected. If a category is not selected the default is a Person Entity.
The configuration of the template is done in two layers, a whole section can be removed from the view (Header, Overview, Details, Footer). Similarly individual components of those sections can be removed from the view. See below representations of a full card view, minimized, and least amount of detail:
Additional information from custom fields and business fields can be added into the card via the Details section and Fields. The maximum number of rows is 4 which would be a maximum of 8 fields. An example of 4 rows of data is displayed below:
Applying Card Templates To Feeds
Upon completion of setting up Entity Card Templates. Navigate to Feeds, start at the 9-box menu > Detect > Feeds
Entity Cards can only be applied to “Entity Feeds”. Other Intelligence Feeds with entity signals do not yet support Entity Cards.
When an “Entity Feed” is created the entity card template can be selected at the time of creation or during edit of the feed.