Release Notes: Here's What's New in Your Ontic Platform
Release Date: August 6, 2022
Entity Lifecycle Management Enhancement
What it is: A visual and functional entity redesign to provide fields and functions to manage the entity threat journey more effectively.
Why it matters: Brings important information upfront to provide an operational structure to managing entities.
How to Enable: Contact your success manager to learn more and to have this enhancement feature enabled.
Entity Lifecycle Management
Static Horizontal Entity Navigation
Why It Matters: Shifting from the current vertical entity navigation to a horizontal navigation allows for expanded high level information to remain present. The horizontal layout also allows for dynamic display to hide information when scrolling farther down a page.
(Scrolling down the page shortens the height but retains the high level info remaining)
The new entity header also has added navigational flexibility
The icons at the top for assessments, connections, and investigations can be clicked to navigate to the specific asset type.
The information in the header can be configured in Layouts to expose the key information important to your organization in the header.
These applied sections in the header can be edited and updated just as they would in the details section.
The tabs in the header can also be configured to suit your organization’s preferences. Whichever tab is exposed first will be the landing page of an entity.
Why It Matters: Bringing the most information upfront. Instead of sifting through the various Entity tabs to locate the most relevant data, the highlights tab provides a summary of the current information and status of the entity.
The “About Section” remains front and center as the summary of why the entity is in Ontic. Primary Entity Information is visualized at the top and clearly defined.
Intelligence Lifecycle brings clarity to information collection process
Timeline sections provides an overview of the entity history and a separate view of the associated critical signals
Recent Locations provide a visual representation of the entity's movements over time.
Why It Matters: Central hub for actions that can be taken on an entity. Provides prompts for research that can be done on an entity without having to navigate in and out of research tools.
Location - Located on the right navigation and when actions are available the icon will be flashing red with a number for actions.
Take action on signals from entity watches. When signals are available from watches users select Verify Now. Users can then accept or reject the associated entity signals.
Prompts for Entity Research - Users will be notified when the entity has enough information to conduct a search from the available research tools. For example, users who have TLO research, a minimum set of data points can shortcut a user to a search on those data points.
I.e. The above Entity profile has the name and phone number entered. Ontic will suggest a person search based on those data points. The Ontic User can “Ignore” the prompt and clear the suggestion or a user can select “Research Now”. Selecting “Research Now” will open up the TLO search with the pre-populated fields to select “Search”.
Why It Matters: Central hub and holistic view of entity events. Clear view of the intelligence lifecycle (Research, Evaluate, & Watch), providing visibility to what has been completed on an entity and what needs to be conducted at the present of future.
Research - During research, analysts can confirm the status of research completion and provide remarks for others to know what has been done on an entity. Having research defined can also further organize team workflow responsibilities
Ontic will use logic to establish the status of each section within Intelligence Lifecycle - Research.
As research is conducted Ontic will use similar logic to establish the status of related sections.
Users have the ability to override the Ontic established choice for the respective section.
Having the status set for each section will also be exposed in Entity Workflow Intelligence Feeds.
To update the specific, select the “View Details” button at the bottom of the section to edit manually.
Evaluate - Users define the risk landscape of an entity.
By defining how long an entity is marked on a BOLO status, can automatically remove the entity from that status on the defined date.
Users should also define the “Next Evaluation Date” whis is to identify when an entity needs to be reviewed. Users now have a nexis data point to organize team workflow responsibilities. Examples of a review could be to check the BOLO status, Update Research Data points, or an annual review of an entity's risk assessment.
Watch - Identifies the Ontic services that are Always On and when the latest information has been received.
Watch Information in Intelligence Lifecycle will mark each type with a green check mark and a colored icon when the specific watch has been initiated.
The Watch information will also display the date when the last signal for that watch type was received.
Users should select “View Details” to see what data is included on the corresponding watch.
Within “View Details” of Watch, any rules that have been configured specifically for this entity will be surfaced at the bottom of the page.
Why It Matters: Further enhances organizational management of your entities. The capability also provides parity with the Investigations Module.
How It Works: In the upper right corner of each entity header there will be an “+ Assign Team” button where users or user teams can be assigned to the entity. Within the Details tab of the entity the assignee selection box is also exposed on the right side of the screen.
An operational structure to manage entities. This Entity Intelligence Lifecycle feed features filtering of entity profiles related to their stage in the intelligence lifecycle. Entity Workflows through the lens of Intelligence Feeds
Why It Matters: Empower teams to organize the work needed to maintain complete and accurate entity intelligence across the entity lifecycle.
How it works: There are two ways to leverage Entity Feeds. A standard preconfigured Entity Lifecycle Management Feed dashboard has been configured with the most common entity management workflows. This standard dashboard is exposed in the Entity dashboard to empower users to work more efficiently and effectively. Entities are presented in feeds representing New Threats, Assigned to User, Threat Level Increases, Pending Research, Evaluation Status, and Bolo Status.
The standard dashboard is exposed in Intelligence Feeds as well. A Feed dashboard can be established to view Entities filtered for your organization's workflow.
Entity Intelligence Feed
In addition to the Standard Entity Feed View. Users will be able to establish their own customized Intelligence Feed Dashboards to leverage operational workflows to maximize the efficiency of maintaining the Entity Intelligence Lifecycle.
How it works: “Entity Feeds” are accessible by navigating from the 9-Box Menu > Detect > Feeds. From within Feeds an existing feed dashboard would need to be edited or create a new dashboard. A standard Lifecycle Intelligence feed dashboard is exposed to replicate the feed view of Entity Dashboard. These pre-configured feeds allow the user to hit the ground running. The Entity Feeds have numerous filters which include bolo statuses, relevant entity activity, evaluation date, re-evaluation date, evaluated by, and research statuses. Relevancy Filters, has over 25 filter types across security updates, entities needing action, automation, threat activities, agent actions, and assignments.
Editing an existing feed - In the upper right corner, select the 3-dot edit menu. Select “Add New Feed”
Create a new dashboard - From feeds select the 3-line hamburger icon for the list of the created intelligence feed dashboards. Scroll to the end of the list to “Add New Dashboard”.
From either of these points the available Feeds menu will be displayed. Select “Entity Feeds”. Selecting Entity Feeds will open the window to configure the feed. The feed can be configured via multiple filters related to status of work to be done on an entity or the relevancy of the information of entity signals.
Entity Creation - Enhancement
Entity creation has been expanded from just PII information into a quick 3-step process. Step 1 is to capture the details of an entity. Step 2 provides the crucial step for users to apply the necessary security details and reason for inclusion in Ontic. Step 3 is for additional details such as associated principal, tags, or other custom fields / business objects.
Expand functionality to configure the layout of entity details from creation, the new entity design, increased control on entity fields, and the entity card layouts.
Entity Creation Layout
Functionality to configure the layout and the fields to have included at the time entity creation. The new entity creation process includes three steps to capture the relevant entity details, as well as the necessary information related to why the entity is being added to include relevant security directives, and any additional details such as affiliated principals.
Why It Matters: Ability to add custom fields and business objects to the intake process and across the platform whether it is Entity, Observation, or Investigation layouts. Layouts also add formatting to allow for multiple columns within a row of data to maximize space efficiency.
How it works: Layouts are accessible by navigating from the 9-Box Menu > Administration > Layouts. From Layouts, the existing layout can be adjusted by selecting edit from the far right of the rows of created layouts. To create a new layout select “Create New Template”
What Can be Configured: Layouts for Entity, Observations, and Investigation with additional layout formats within each. Different layouts are possible within Entity (person entity, person profile, business, group/event)
Entity Layout configurations have five sections of configuration which include, Entity Creation, Header Tabs, Entity Highlights, Entity Details, and Entity Card Layout.
Entity Creation Layouts, the 3-step entity creation screen to add an entity manually to Ontic.
This 3-step process allows clients to adjust the intake process for different Ontic user roles and entity types. A guard may input far less information than an investigator. Fields applicable for a person entity might not be applicable for a business or group entity.
Each row of information can be configured to have 1-3 fields per row.
In addition to the standard entity fields, users can add in custom fields to the entity creation process. If additional fields should be captured on entities, users also have the ability to create them.
Scroll to the bottom, select “Add Row”.
Click on “Add Field” to add in a custom field
Select a field from the available fields, and “Add Selected Field”. Any field can only be exposed once in the entity creation flow, so if the field you would like to add is not visible, you may need to delete it from earlier in the flow.
If a user needs to add a field, one can “Create a New” field for entities.
Exposing required fields. Custom fields can be marked as required to complete. Many organizations have non-standard fields that are necessary to capture the accurate information upon creation.
Users will need to add those fields to the Entity Creation flow (see previous step).
Make sure that these required fields are exposed at the top of the fields.
Click on the six dot icon to move the necessary required fields to the top of the layout. Then when a user is adding an entity to Ontic they cannot proceed to the next step in the flow without completing the required field.
Header Layout, provides for configuration of the Entity information and the related tabs exposed through all of the entity information pages.
Configuration includes two components; the specific entity information, and entity information tabs.
Entity specific information is defaulted to Threat, Reason For Inclusion (RFI), Associated Principals, and Tags.
Positioning can be changed.
Any of these four can be deleted and replaced with another applicable entity field. The header can only contain 4 entity specific fields.
Entity Information Tabs are defaulted to Highlights, Entity Details, Public Records, Connections, Relationships, Files, Notes, Timeline, Research, Insights and Wavr21 (for those clients who have enabled Wavr21).
Positioning of the tabs can be changed
Tabs can be hidden
The tab in the first position will be the default tab that will be exposed when an entity is opened.
No additional tabs can be added.
Highlights Layouts, the new information up front page for entities. Configuration of the Entity Highlights Page is limited to moving the position of the section and/or hiding sections.
Entity Details Layout - Entity details where all data associated with an entity is maintained.
Entity Card Layout - The entity card displayed in Entity Dashboards. These cards will not be displayed in signals, “Feed Card Templates”, will control what is visible in Intelligence Feeds (Feed Card Templates are discussed further in these notes).
Observation Creation - Initial fields for manual entry of an observation
Observation Overview - Visualization of fields in an observation
Investigation Creation Form Layout - Fields for manual creation of an investigation.
Investigation Overview Layout - Contents of investigation details (Does not support addition of fields at this time)
Investigation Conclusion Layout - Summary and associated fields in the conclusion of an investigation
Layout Configuration Options
Layout creation includes the ability to move, rearrange, delete, and add fields, including business objects.
Field Re-arrangement - Fields can be adjusted by moving the field with the selection of the six dot box on the field and drag and drop where the field’s new position should be.
Field Deletion - Fields can be deleted by selecting the configure icon within the field box to select “Remove”.
Multi-Column - Each row on the creation layout pages can be a single column or up to 3 columns. Some of the fields only require minimal details or are suited to have the information side by side. To configure the number of columns used for each row, select the configure icon on the far right of the row outside of the field. Then select 1, 2, or 3 columns.
Field Additions - At the bottom of the layout page, there is the option to “Add Row”. The row additions can include both standard fields, custom fields, a custom business object fields
Fields can be selected from previously established custom fields or business objects that can be selected from the pop-out window. If the appropriate custom field or business object has not yet been created, users have the option to create one at that time.
Fields can be added to the 3-step creation or the entity details page.
Entity Feed Card Templates
The entity card with basic details exposed in dashboards and intelligence feeds can now be customized and viewed in dashboards and feeds. The entity card with certain information can be exposed in Intelligence Feeds and a differing view in dashboards.
Why It Matters: With Entity Feeds an additional level of context about the entity will be valuable compared to the workflow of that particular feed. Space as a premium allows users to specify if all or just portions of the basic entity information needs to be exposed in an Intelligence Feed.
Setting Up Feed Card Templates
There are two ways to create a “Feed Card Template”.
While creating or editing an “Entity Feed” within the Intelligence Feeds dashboard. To the right in the feed preview, there is a blue outlined box with the addition “+” symbol. Click on the addition “+” symbol to create a Feed Card.
Navigate to “Feed Card Template” start at the 9-box menu > Administration > Feed Card Template. Once in the Feed Card Template, select “Create New Template” in the upper right corner.
The card template will have to have a name which will be how it is identified when creating a feed. An Entity category (Person, Business, Group/Event) will also need to be selected. If a category is not selected the default is a Person Entity.
The configuration of the template is done in two layers, a whole section can be removed from the view (Header, Overview, Details, Footer). Similarly individual components of those sections can be removed from the view. See below representations of a full card view, minimized, and least amount of detail:
Additional information from custom fields and business fields can be added into the card via the Details section and Fields. The maximum number of rows is 4 which would be a maximum of 8 fields. An example of 4 rows of data is displayed below:
Applying Card Templates To Feeds
Upon completion of setting up Entity Card Templates. Navigate to Feeds, start at the 9-box menu > Detect > Feeds
Entity Cards can only be applied to “Entity Feeds”. Other Intelligence Feeds with entity signals do not yet support Entity Cards.
When an “Entity Feed” is created the entity card template can be selected at the time of creation or during edit of the feed.
Entity Details Widgets Enhancement
What it is: The ability to add widgets to the entity details or investigation overview section.
Provides visibility into all completed and ongoing assessments on the entity
Provides visibility into all approved, pending, and archived public records on the entity details page.
Provides visibility into the associated entities that are connected to the primary entity, pending, and archived public records on the entity details page.
Provides visibility into the associated investigations that the entity is connected to.
Why it matters: Brings areas of the platform with important information up front to limit the amount of clicks needed to discover new data.
How it works: All widgets must be added to the layout of the entity/investigation prior to displaying. This maintains full control over which roles of users can and cannot see the widgets.
Using the Navigation, hover over Administration and select Layouts
Select an existing or create a new layout on an entity or investigation
The widgets will be toggled off by default for existing layouts and on for any newly created layout. Use the Gear Icon in the upper right corner to hide or unhide the widget.
The widgets of Assessments and Connections can be added multiple times to display different configurations of the associated data. Ie. a role may require a view of Assessments that are open for an entity and also expose an additional widget of the closed assessments.
Save the layout and apply it to a Role.